Date: Wed, 18 Sep 2002 16:53:12 -0700 (PDT) From: Chris Costello <chris@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 17681 for review Message-ID: <200209182353.g8INrCwv014736@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17681 Change 17681 by chris@chris_holly on 2002/09/18 16:52:58 Begin to move things around and make minor corrections as prescribed by Garrett Wollman. This is actually a weeks-old change and will be followed up by correctly organizing this document. Here are a few points that should be made about this document: o all relabel entry points are scattered, not under the right heading o there were a few other grammar errors that have yet to be corrected o every single entry point requires at least 26 lines of metadata o Data is formatted in a suboptimal layout due to DocBook limitations o on the current version, we're looking at hastily-written summaries o catching-up needs to be done; this document is out of date o Best thing to do after that is to mostly re-write each description o over the next few weeks, I'll be carrying out those changes o over the next few months, I'll decide whether or not I would like to keep this document in the DocBook format, or possibly move it out Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#16 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#16 (text+ko) ==== @@ -688,60 +688,6 @@ the root file system is mounted, after &mac.mpo;_create_mount;.</para> </sect4> - - <sect4 id="mac-mpo-vnode-relabel"> - <title><function>&mac.mpo;_vnode_relabel</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_vnode_relabel</function></funcdef> - - <paramdef>struct ucred - *<parameter>cred</parameter></paramdef> - <paramdef>struct vnode - *<parameter>vp</parameter></paramdef> - <paramdef>struct label - *<parameter>vnodelabel</parameter></paramdef> - <paramdef>struct label - *<parameter>newlabel</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>cred</parameter></entry> - <entry>Subject credential</entry> - </row> - - <row> - <entry><parameter>vp</parameter></entry> - <entry>vnode to relabel</entry> - </row> - - <row> - <entry><parameter>vnodelabel</parameter></entry> - <entry>Existing policy label for - <parameter>vp</parameter></entry> - </row> - - <row> - <entry><parameter>newlabel</parameter></entry> - <entry>New, possibly partial label to replace - <parameter>vnodelabel</parameter></entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Update the label on the passed vnode given the passed - update vnode label and the passed subject credential.</para> - </sect4> - <sect4 id="mac-mpo-stdcreatevnode-ea"> <title><function>&mac.mpo;_stdcreatevnode_ea</function></title> @@ -1233,7 +1179,7 @@ or prior to &man.accept.2;, depending on the protocol.</para> </sect4> - <sect4 id="mac-mpo-relabel-socekt"> + <sect4 id="mac-mpo-relabel-socket"> <title><function>&mac.mpo;_socket_relabel</function></title> <funcsynopsis> @@ -2397,7 +2343,7 @@ </informaltable> <para>Create the subject credential of process 1, the parent - of all kernel processes.</para> + of all user processes.</para> </sect4> <sect4 id="mac-mpo-cred-relabel"> @@ -2449,7 +2395,7 @@ entry point will include one or more authorizing credentials, information (possibly including a label) for any other objects involved in the operation. An access control entry point may - return 0 to permit the operation, and an &man.errno.2; error + return 0 to permit the operation, or an &man.errno.2; error value. The results of invoking the entry point across various registered policy modules will be composed as follows: if all modules permit the operation to succeed, success will be @@ -4733,6 +4679,59 @@ calls are not permitted to fail (failure should be reported earlier in the relabel check).</para> + <sect3 id="mac-mpo-vnode-relabel"> + <title><function>&mac.mpo;_vnode_relabel</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_vnode_relabel</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct vnode + *<parameter>vp</parameter></paramdef> + <paramdef>struct label + *<parameter>vnodelabel</parameter></paramdef> + <paramdef>struct label + *<parameter>newlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>vp</parameter></entry> + <entry>vnode to relabel</entry> + </row> + + <row> + <entry><parameter>vnodelabel</parameter></entry> + <entry>Existing policy label for + <parameter>vp</parameter></entry> + </row> + + <row> + <entry><parameter>newlabel</parameter></entry> + <entry>New, possibly partial label to replace + <parameter>vnodelabel</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Update the label on the passed vnode given the passed + update vnode label and the passed subject credential.</para> + </sect3> + <sect3 id="mac-mpo-init-bpfdesc"> <title><function>&mac.mpo;_init_bpfdesc</function></title> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209182353.g8INrCwv014736>