Date: Mon, 15 Jul 2002 09:09:51 -0700 (PDT) From: Chris Costello <chris@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14278 for review Message-ID: <200207151609.g6FG9peO055886@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14278 Change 14278 by chris@chris_holly on 2002/07/15 09:09:01 o Move the copyright over to the left one so it doesn't exceed 80 columns. o Turn the sample category and function into an actual MAC Policy Operation description. The introduction to the Access Control Checks section will be written after I figure out what information becomes redundant in each subsection. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#2 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#2 (text+ko) ==== @@ -1,41 +1,41 @@ <!-- - Copyright (c) 2002 Networks Associates Technology, Inc. - All rights reserved. - - This software was developed for the FreeBSD Project by Chris - Costello at Safeport Network Services and NAI Labs, the Security - Research Division of Network Associates, Inc. under DARPA/SPAWAR - contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS - research program. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. The names of the authors may not be used to endorse or promote - products derived from this software without specific prior written - permission. - - THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - - $FreeBSD$ + Copyright (c) 2002 Networks Associates Technology, Inc. + All rights reserved. + + This software was developed for the FreeBSD Project by Chris + Costello at Safeport Network Services and NAI Labs, the Security + Research Division of Network Associates, Inc. under DARPA/SPAWAR + contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS + research program. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The names of the authors may not be used to endorse or promote + products derived from this software without specific prior written + permission. + + THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + + $FreeBSD$ --> -<!-- DOCTYPE chapter PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" --> +<!-- DOCTYPE chapter PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN"--> <chapter id="mac"> <chapterinfo> @@ -78,13 +78,12 @@ which supply policy modules with relevant data on a subject and the operation it is attempting to perform on an object.</para> - <sect2 id="mac-mpo-mac-object-action"> - <title>Category</title> + <sect2 id="mac-access-control-checks"> + <title>Access Control Checks</title> - <para>General information regarding this family of mac policy - ops.</para> + <para>...</para> - <sect3> + <sect3 id="mac-mpo-cred-check-debug-proc"> <title><function>mac_<replaceable>policy</replaceable>_cred_check_debug_proc</function></title> <funcsynopsis> @@ -125,7 +124,18 @@ </tgroup> </table> - <para>Such and such ...</para> + <para>This policy operation is intended to determine whether a + specified subject process should be debugging a specified + object process. Generally a policy module implementing this + operation would compare the subject label + (<varname>cred->cr_label</varname>) to the object label + (<varname>proc->p_ucred->cr_label</varname>) and return + <literal>0</literal> if the subject is allowed to debug the + object, or <errorcode>EACCES</errorcode> if it + cannot.</para> + + <note><para>Why does BIBA return 'No such process' if the + process is of lower integrity?</para></note> </sect3> </sect2> </sect1> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207151609.g6FG9peO055886>