cvs commit: src/sys/kern kern_exit.c kern_prot.c src/sys/security/mac mac_process.c src/sys/security/mac_stub mac_stub.c src/sys/security/mac_test mac_test.c src/sys/sys mac.h mac_policy.h proc.h

Robert Watson rwatson at FreeBSD.org
Mon Apr 18 06:36:58 PDT 2005


rwatson     2005-04-18 13:36:58 UTC

  FreeBSD src repository

  Modified files:
    sys/kern             kern_exit.c kern_prot.c 
    sys/security/mac     mac_process.c 
    sys/security/mac_stub mac_stub.c 
    sys/security/mac_test mac_test.c 
    sys/sys              mac.h mac_policy.h proc.h 
  Log:
  Introduce p_canwait() and MAC Framework and MAC Policy entry points
  mac_check_proc_wait(), which control the ability to wait4() specific
  processes.  This permits MAC policies to limit information flow from
  children that have changed label, although has to be handled carefully
  due to common programming expectations regarding the behavior of
  wait4().  The cr_seeotheruids() check in p_canwait() is #if 0'd for
  this reason.
  
  The mac_stub and mac_test policies are updated to reflect these new
  entry points.
  
  Sponsored by:   SPAWAR, SPARTA
  Obtained from:  TrustedBSD Project
  
  Revision  Changes    Path
  1.258     +4 -0      src/sys/kern/kern_exit.c
  1.200     +31 -0     src/sys/kern/kern_prot.c
  1.108     +15 -0     src/sys/security/mac/mac_process.c
  1.48      +8 -0      src/sys/security/mac_stub/mac_stub.c
  1.57      +11 -0     src/sys/security/mac_test/mac_test.c
  1.63      +1 -0      src/sys/sys/mac.h
  1.62      +2 -0      src/sys/sys/mac_policy.h
  1.425     +1 -0      src/sys/sys/proc.h


More information about the cvs-src mailing list