Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 16 Nov 2003 15:31:45 -0800 (PST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/sys/kern kern_mac.c src/sys/security/mac mac_internal.h mac_net.c src/sys/security/mac_biba mac_biba.c src/sys/security/mac_lomac mac_lomac.c src/sys/security/mac_mls mac_mls.c src/sys/security/mac_stub mac_stub.c ...
Message-ID:  <200311162331.hAGNVjoW029093@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
rwatson     2003/11/16 15:31:45 PST

  FreeBSD src repository

  Modified files:
    sys/kern             kern_mac.c 
    sys/security/mac     mac_internal.h mac_net.c 
    sys/security/mac_biba mac_biba.c 
    sys/security/mac_lomac mac_lomac.c 
    sys/security/mac_mls mac_mls.c 
    sys/security/mac_stub mac_stub.c 
    sys/security/mac_test mac_test.c 
    sys/sys              mac_policy.h 
  Log:
  Implement sockets support for __mac_get_fd() and __mac_set_fd()
  system calls, and prefer these calls over getsockopt()/setsockopt()
  for ABI reasons.  When addressing UNIX domain sockets, these calls
  retrieve and modify the socket label, not the label of the
  rendezvous vnode.
  
  - Create mac_copy_socket_label() entry point based on
    mac_copy_pipe_label() entry point, intended to copy the socket
    label into temporary storage that doesn't require a socket lock
    to be held (currently Giant).
  
  - Implement mac_copy_socket_label() for various policies.
  
  - Expose socket label allocation, free, internalize, externalize
    entry points as non-static from mac_net.c.
  
  - Use mac_socket_label_set() in __mac_set_fd().
  
  MAC-aware applications may now use mac_get_fd(), mac_set_fd(), and
  mac_get_peer() to retrieve and set various socket labels without
  directly invoking the getsockopt() interface.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, Network Associates Laboratories
  
  Revision  Changes    Path
  1.107     +30 -0     src/sys/kern/kern_mac.c
  1.109     +6 -0      src/sys/security/mac/mac_internal.h
  1.109     +11 -7     src/sys/security/mac/mac_net.c
  1.68      +1 -0      src/sys/security/mac_biba/mac_biba.c
  1.22      +1 -0      src/sys/security/mac_lomac/mac_lomac.c
  1.55      +1 -0      src/sys/security/mac_mls/mac_mls.c
  1.34      +1 -0      src/sys/security/mac_stub/mac_stub.c
  1.36      +9 -0      src/sys/security/mac_test/mac_test.c
  1.44      +2 -0      src/sys/sys/mac_policy.h

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311162331.hAGNVjoW029093>