cvs commit: src/sys/sys mac_policy.h src/sys/security/mac mac_net.c src/sys/security/mac_biba mac_biba.c src/sys/security/mac_lomac mac_lomac.c src/sys/security/mac_mls mac_mls.c src/sys/security/mac_stub mac_stub.c ...

Robert Watson rwatson at FreeBSD.org
Wed Jun 23 20:34:46 PDT 2004


rwatson     2004-06-24 03:34:46 UTC

  FreeBSD src repository

  Modified files:
    sys/sys              mac_policy.h 
    sys/security/mac     mac_net.c 
    sys/security/mac_biba mac_biba.c 
    sys/security/mac_lomac mac_lomac.c 
    sys/security/mac_mls mac_mls.c 
    sys/security/mac_stub mac_stub.c 
    sys/security/mac_test mac_test.c 
  Log:
  Introduce a temporary mutex, mac_ifnet_mtx, to lock MAC labels on
  network interfaces.  This global mutex will protect all ifnet labels.
  Acquire the mutex across various MAC activities on interfaces, such
  as security checks, propagating interface labels to mbufs generated
  from the interface, retrieving and setting the interface label.
  
  Introduce mpo_copy_ifnet_label MAC policy entry point to copy the
  value of an interface label from one label to another.  Use this
  to avoid performing a label externalize while holding mac_ifnet_mtx;
  copy the label to a temporary ifnet label and then externalize that.
  
  Implement mpo_copy_ifnet_label for various MAC policies that
  implement interface labeling using generic label copying routines.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, McAfee Research
  
  Revision  Changes    Path
  1.116     +38 -0     src/sys/security/mac/mac_net.c
  1.78      +1 -0      src/sys/security/mac_biba/mac_biba.c
  1.31      +1 -0      src/sys/security/mac_lomac/mac_lomac.c
  1.64      +1 -0      src/sys/security/mac_mls/mac_mls.c
  1.42      +1 -0      src/sys/security/mac_stub/mac_stub.c
  1.47      +9 -0      src/sys/security/mac_test/mac_test.c
  1.55      +2 -0      src/sys/sys/mac_policy.h


More information about the cvs-src mailing list