Date: Wed, 8 Jan 2003 04:41:42 -0800 (PST) From: Chris Costello <chris@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 23407 for review Message-ID: <200301081241.h08Cfg4P070100@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=23407 Change 23407 by chris@chris_holly on 2003/01/08 04:41:01 Add check_kld_{load,unload,stat} and check_kenv_{set,get,unset,dump} Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#19 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#19 (text+ko) ==== @@ -2791,6 +2791,251 @@ failure: <errorcode>EACCES</errorcode> for label mismatches, <errorcode>EPERM</errorcode> for lack of privilege.</para> </sect3> + + <sect3 id="mac-mpo-check-kenv-dump"> + <title><function>&mac.mpo;_check_kenv_dump</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_kenv_dump</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject should be allowed to + retrieve the kernel environment (see &man.kenv.2;).</para> + </sect3> + + <sect3 id="mac-mpo-check-kenv-get"> + <title><function>&mac.mpo;_check_kenv_get</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_kenv_get</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>char *<parameter>name</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>name</parameter></entry> + <entry>Kernel environment variable name</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject should be allowed to + retrieve the value of the specified kernel environment + variable.</para> + </sect3> + + <sect3 id="mac-mpo-check-kenv-set"> + <title><function>&mac.mpo;_check_kenv_set</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_kenv_set</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>char *<parameter>name</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>name</parameter></entry> + <entry>Kernel environment variable name</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject should be allowed to set + the specified kernel environment variable.</para> + </sect3> + + <sect3 id="mac-mpo-check-kenv-unset"> + <title><function>&mac.mpo;_check_kenv_unset</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_kenv_unset</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>char *<parameter>name</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>name</parameter></entry> + <entry>Kernel environment variable name</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject should be allowed to unset + the specified kernel environment variable.</para> + </sect3> + + <sect3 id="mac-mpo-check-kld-load"> + <title><function>&mac.mpo;_check_kld_load</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_kld_load</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct vnode + *<parameter>vp</parameter></paramdef> + <paramdef>struct label + *<parameter>vlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>vp</parameter></entry> + <entry>Kernel module vnode</entry> + </row> + + <row> + <entry><parameter>vlabel</parameter></entry> + <entry>Label associated with + <parameter>vp</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject should be allowed to load + the specified module file.</para> + </sect3> + + <sect3 id="mac-mpo-check-kld-stat"> + <title><function>&mac.mpo;_check_kld_stat</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_kld_stat</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject should be allowed to + retrieve a list of loaded kernel module files and associated + statistics.</para> + </sect3> + + <sect3 id="mac-mpo-check-kld-unload"> + <title><function>&mac.mpo;_check_kld_unload</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_kld_unload</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject should be allowed to + unload a kernel module.</para> + </sect3> <sect3 id="mac-mpo-cred-check-socket-bind"> <title><function>&mac.mpo;_check_socket_bind</function></title> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301081241.h08Cfg4P070100>