From owner-cvs-src@FreeBSD.ORG  Mon Apr 18 13:36:58 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8589016A4CE; Mon, 18 Apr 2005 13:36:58 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6205943D45; Mon, 18 Apr 2005 13:36:58 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j3IDawTd096685;
	Mon, 18 Apr 2005 13:36:58 GMT
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from rwatson@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j3IDawqn096684;
	Mon, 18 Apr 2005 13:36:58 GMT
	(envelope-from rwatson)
Message-Id: <200504181336.j3IDawqn096684@repoman.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Mon, 18 Apr 2005 13:36:58 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/kern kern_exit.c kern_prot.c
 src/sys/security/mac mac_process.c src/sys/security/mac_stub
 mac_stub.c src/sys/security/mac_test mac_test.c src/sys/sys mac.h
 mac_policy.h proc.h
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Apr 2005 13:36:58 -0000

rwatson     2005-04-18 13:36:58 UTC

  FreeBSD src repository

  Modified files:
    sys/kern             kern_exit.c kern_prot.c 
    sys/security/mac     mac_process.c 
    sys/security/mac_stub mac_stub.c 
    sys/security/mac_test mac_test.c 
    sys/sys              mac.h mac_policy.h proc.h 
  Log:
  Introduce p_canwait() and MAC Framework and MAC Policy entry points
  mac_check_proc_wait(), which control the ability to wait4() specific
  processes.  This permits MAC policies to limit information flow from
  children that have changed label, although has to be handled carefully
  due to common programming expectations regarding the behavior of
  wait4().  The cr_seeotheruids() check in p_canwait() is #if 0'd for
  this reason.
  
  The mac_stub and mac_test policies are updated to reflect these new
  entry points.
  
  Sponsored by:   SPAWAR, SPARTA
  Obtained from:  TrustedBSD Project
  
  Revision  Changes    Path
  1.258     +4 -0      src/sys/kern/kern_exit.c
  1.200     +31 -0     src/sys/kern/kern_prot.c
  1.108     +15 -0     src/sys/security/mac/mac_process.c
  1.48      +8 -0      src/sys/security/mac_stub/mac_stub.c
  1.57      +11 -0     src/sys/security/mac_test/mac_test.c
  1.63      +1 -0      src/sys/sys/mac.h
  1.62      +2 -0      src/sys/sys/mac_policy.h
  1.425     +1 -0      src/sys/sys/proc.h