PERFORCE change 20007 for review
Robert Watson
rwatson at freebsd.org
Thu Oct 24 01:33:33 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=20007
Change 20007 by rwatson at rwatson_tislabs on 2002/10/23 18:33:07
Loop back recent MAC commits from the main FreeBSD tree to
the TrustedBSD base tree: ls, ps flags.
Affected files ...
.. //depot/projects/trustedbsd/base/bin/ls/Makefile#6 integrate
.. //depot/projects/trustedbsd/base/bin/ls/lomac.c#8 delete
.. //depot/projects/trustedbsd/base/bin/ls/lomac.h#4 delete
.. //depot/projects/trustedbsd/base/bin/ls/ls.1#12 integrate
.. //depot/projects/trustedbsd/base/bin/ls/ls.c#12 integrate
.. //depot/projects/trustedbsd/base/bin/ls/ls.h#6 integrate
.. //depot/projects/trustedbsd/base/bin/ls/print.c#11 integrate
.. //depot/projects/trustedbsd/base/bin/ps/Makefile#7 integrate
.. //depot/projects/trustedbsd/base/bin/ps/extern.h#8 integrate
.. //depot/projects/trustedbsd/base/bin/ps/keyword.c#11 integrate
.. //depot/projects/trustedbsd/base/bin/ps/lomac.c#7 delete
.. //depot/projects/trustedbsd/base/bin/ps/lomac.h#4 delete
.. //depot/projects/trustedbsd/base/bin/ps/print.c#10 integrate
.. //depot/projects/trustedbsd/base/bin/ps/ps.1#11 integrate
.. //depot/projects/trustedbsd/base/bin/ps/ps.c#12 integrate
.. //depot/projects/trustedbsd/base/lib/libc/posix1e/posix1e.3#4 integrate
.. //depot/projects/trustedbsd/base/libexec/ftpd/Makefile#7 integrate
.. //depot/projects/trustedbsd/base/sys/modules/Makefile#31 integrate
.. //depot/projects/trustedbsd/base/sys/security/mac_partition/mac_partition.c#1 branch
.. //depot/projects/trustedbsd/base/sys/security/mac_partition/mac_partition.h#1 branch
Differences ...
==== //depot/projects/trustedbsd/base/bin/ls/Makefile#6 (text+ko) ====
@@ -1,8 +1,8 @@
# @(#)Makefile 8.1 (Berkeley) 6/2/93
-# $FreeBSD: src/bin/ls/Makefile,v 1.23 2002/02/04 03:06:50 kris Exp $
+# $FreeBSD: src/bin/ls/Makefile,v 1.24 2002/10/24 00:07:30 rwatson Exp $
PROG= ls
-SRCS= cmp.c lomac.c ls.c print.c util.c
+SRCS= cmp.c ls.c print.c util.c
NO_WERROR=1
WFORMAT=0
DPADD= ${LIBM}
==== //depot/projects/trustedbsd/base/bin/ls/ls.1#12 (text+ko) ====
@@ -33,7 +33,7 @@
.\" SUCH DAMAGE.
.\"
.\" @(#)ls.1 8.7 (Berkeley) 7/29/94
-.\" $FreeBSD: src/bin/ls/ls.1,v 1.69 2002/08/21 17:32:34 trhodes Exp $
+.\" $FreeBSD: src/bin/ls/ls.1,v 1.70 2002/10/24 00:07:30 rwatson Exp $
.\"
.Dd May 19, 2002
.Dt LS 1
@@ -146,7 +146,7 @@
.It Fl W
Display whiteouts when scanning directories.
.It Fl Z
-Display each file's LOMAC level.
+Display each file's MAC label.
.It Fl a
Include directory entries whose names begin with a
dot
@@ -303,7 +303,7 @@
is displayed for each file:
file mode,
number of links, owner name, group name,
-LOMAC level,
+MAC label,
number of bytes in the file, abbreviated
month, day-of-month file was last modified,
hour file last modified, minute file last
@@ -618,11 +618,6 @@
files in order to be compatible with the
.St -p1003.2
specification.
-.Sh FILES
-.Bl -tag -width ".Pa /dev/lomac" -compact
-.It Pa /dev/lomac
-interface used to query the
-.Xr lomac 4
KLD
.El
.Sh SEE ALSO
@@ -630,7 +625,6 @@
.Xr chmod 1 ,
.Xr sort 1 ,
.Xr xterm 1 ,
-.Xr lomac 4 ,
.Xr termcap 5 ,
.Xr symlink 7 ,
.Xr sticky 8
==== //depot/projects/trustedbsd/base/bin/ls/ls.c#12 (text+ko) ====
@@ -46,11 +46,12 @@
#endif /* not lint */
#endif
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/bin/ls/ls.c,v 1.67 2002/10/18 10:59:45 tjr Exp $");
+__FBSDID("$FreeBSD: src/bin/ls/ls.c,v 1.68 2002/10/24 00:07:30 rwatson Exp $");
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
+#include <sys/mac.h>
#include <dirent.h>
#include <err.h>
@@ -71,7 +72,6 @@
#include "ls.h"
#include "extern.h"
-#include "lomac.h"
/*
* Upward approximation of the maximum number of characters needed to
@@ -80,7 +80,7 @@
*/
#define STRBUF_SIZEOF(t) (1 + CHAR_BIT * sizeof(t) / 3 + 1)
-static void display(FTSENT *, FTSENT *);
+static void display(FTSENT *, FTSENT *, int);
static u_quad_t makenines(u_long);
static int mastercmp(const FTSENT * const *, const FTSENT * const *);
static void traverse(int, char **, int);
@@ -118,7 +118,7 @@
static int f_timesort; /* sort by time vice name */
int f_type; /* add type character for non-regular files */
static int f_whiteout; /* show whiteout entries */
- int f_lomac; /* show LOMAC attributes */
+ int f_label; /* show MAC label */
#ifdef COLORLS
int f_color; /* add type in color for non-regular files */
@@ -300,7 +300,7 @@
f_octal_escape = 0;
break;
case 'Z':
- f_lomac = 1;
+ f_label = 1;
break;
default:
case '?':
@@ -440,7 +440,7 @@
fts_open(argv, options, f_nosort ? NULL : mastercmp)) == NULL)
err(1, "fts_open");
- display(NULL, fts_children(ftsp, 0));
+ display(NULL, fts_children(ftsp, 0), options);
if (f_listdir)
return;
@@ -480,7 +480,7 @@
output = 1;
}
chp = fts_children(ftsp, ch_options);
- display(p, chp);
+ display(p, chp, options);
if (!f_recursive && chp != NULL)
(void)fts_set(ftsp, p, FTS_SKIP);
@@ -498,14 +498,15 @@
* points to the parent directory of the display list.
*/
static void
-display(FTSENT *p, FTSENT *list)
+display(FTSENT *p, FTSENT *list, int options)
{
struct stat *sp;
DISPLAY d;
FTSENT *cur;
NAMES *np;
off_t maxsize;
- u_long btotal, lattrlen, maxblock, maxinode, maxlen, maxnlink, maxlattr;
+ u_long btotal, labelstrlen, maxblock, maxinode, maxlen, maxnlink;
+ u_long maxlabelstr;
int bcfile, maxflags;
gid_t maxgroup;
uid_t maxuser;
@@ -513,7 +514,7 @@
char *initmax;
int entries, needstats;
const char *user, *group;
- char *flags, *lattr = NULL;
+ char *flags, *labelstr = NULL;
char buf[STRBUF_SIZEOF(u_quad_t) + 1];
char ngroup[STRBUF_SIZEOF(uid_t) + 1];
char nuser[STRBUF_SIZEOF(gid_t) + 1];
@@ -533,7 +534,7 @@
btotal = 0;
initmax = getenv("LS_COLWIDTHS");
/* Fields match -lios order. New ones should be added at the end. */
- maxlattr = maxblock = maxinode = maxlen = maxnlink =
+ maxlabelstr = maxblock = maxinode = maxlen = maxnlink =
maxuser = maxgroup = maxflags = maxsize = 0;
if (initmax != NULL && *initmax != '\0') {
char *initmax2, *jinitmax;
@@ -563,7 +564,7 @@
ninitmax = sscanf(jinitmax,
" %lu : %lu : %lu : %i : %i : %i : %llu : %lu : %lu ",
&maxinode, &maxblock, &maxnlink, &maxuser,
- &maxgroup, &maxflags, &maxsize, &maxlen, &maxlattr);
+ &maxgroup, &maxflags, &maxsize, &maxlen, &maxlabelstr);
f_notabs = 1;
switch (ninitmax) {
case 0:
@@ -591,7 +592,7 @@
maxlen = 0;
/* FALLTHROUGH */
case 8:
- maxlattr = 0;
+ maxlabelstr = 0;
/* FALLTHROUGH */
#ifdef COLORLS
if (!f_color)
@@ -606,8 +607,6 @@
maxnlink = makenines(maxnlink);
maxsize = makenines(maxsize);
}
- if (f_lomac)
- lomac_start();
bcfile = 0;
flags = NULL;
for (cur = list, entries = 0; cur; cur = cur->fts_link) {
@@ -684,16 +683,51 @@
maxflags = flen;
} else
flen = 0;
- lattr = NULL;
- if (f_lomac) {
- lattr = get_lattr(cur);
- lattrlen = strlen(lattr);
- if (lattrlen > maxlattr)
- maxlattr = lattrlen;
+ labelstr = NULL;
+ if (f_label) {
+ mac_t label;
+ int error;
+
+ error = mac_prepare_file_label(&label);
+ if (error == -1) {
+ fprintf(stderr, "%s: %s\n",
+ cur->fts_name,
+ strerror(errno));
+ goto label_out;
+ }
+
+ if (options & FTS_LOGICAL)
+ error = mac_get_file(
+ cur->fts_path, label);
+ else
+ error = mac_get_link(
+ cur->fts_name, label);
+ if (error == -1) {
+ perror(cur->fts_name);
+ mac_free(label);
+ goto label_out;
+ }
+
+ error = mac_to_text(label,
+ &labelstr);
+ if (error == -1) {
+ fprintf(stderr, "%s: %s\n",
+ cur->fts_name,
+ strerror(errno));
+ mac_free(label);
+ goto label_out;
+ }
+ mac_free(label);
+label_out:
+ if (labelstr == NULL)
+ labelstr = strdup("");
+ labelstrlen = strlen(labelstr);
+ if (labelstrlen > maxlabelstr)
+ maxlabelstr = labelstrlen;
} else
- lattrlen = 0;
+ labelstrlen = 0;
- if ((np = malloc(sizeof(NAMES) + lattrlen +
+ if ((np = malloc(sizeof(NAMES) + labelstrlen +
ulen + glen + flen + 4)) == NULL)
err(1, "malloc");
@@ -711,11 +745,11 @@
(void)strcpy(np->flags, flags);
free(flags);
}
- if (f_lomac) {
- np->lattr = &np->data[ulen + glen + 2
+ if (f_label) {
+ np->label = &np->data[ulen + glen + 2
+ (f_flags ? flen + 1 : 0)];
- (void)strcpy(np->lattr, lattr);
- free(lattr);
+ (void)strcpy(np->label, labelstr);
+ free(labelstr);
}
cur->fts_pointer = np;
}
@@ -735,7 +769,7 @@
(void)snprintf(buf, sizeof(buf), "%lu", maxblock);
d.s_block = strlen(buf);
d.s_flags = maxflags;
- d.s_lattr = maxlattr;
+ d.s_label = maxlabelstr;
d.s_group = maxgroup;
(void)snprintf(buf, sizeof(buf), "%lu", maxinode);
d.s_inode = strlen(buf);
@@ -751,8 +785,6 @@
if (f_longform)
for (cur = list; cur; cur = cur->fts_link)
free(cur->fts_pointer);
- if (f_lomac)
- lomac_stop();
}
/*
==== //depot/projects/trustedbsd/base/bin/ls/ls.h#6 (text+ko) ====
@@ -35,7 +35,7 @@
* SUCH DAMAGE.
*
* from: @(#)ls.h 8.1 (Berkeley) 5/31/93
- * $FreeBSD: src/bin/ls/ls.h,v 1.18 2002/05/19 02:51:36 tjr Exp $
+ * $FreeBSD: src/bin/ls/ls.h,v 1.19 2002/10/24 00:07:30 rwatson Exp $
*/
#define NO_PRINT 1
@@ -45,7 +45,7 @@
extern int f_accesstime; /* use time of last access */
extern int f_flags; /* show flags associated with a file */
extern int f_humanval; /* show human-readable file sizes */
-extern int f_lomac; /* show LOMAC attributes */
+extern int f_label; /* show MAC label */
extern int f_inode; /* print inode */
extern int f_longform; /* long listing format */
extern int f_octal; /* print unprintables in octal */
@@ -70,7 +70,7 @@
int maxlen;
u_int s_block;
u_int s_flags;
- u_int s_lattr;
+ u_int s_label;
u_int s_group;
u_int s_inode;
u_int s_nlink;
@@ -82,6 +82,6 @@
char *user;
char *group;
char *flags;
- char *lattr;
+ char *label;
char data[1];
} NAMES;
==== //depot/projects/trustedbsd/base/bin/ls/print.c#11 (text+ko) ====
@@ -40,7 +40,7 @@
#endif /* not lint */
#endif
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/bin/ls/print.c,v 1.60 2002/10/23 10:20:01 markm Exp $");
+__FBSDID("$FreeBSD: src/bin/ls/print.c,v 1.61 2002/10/24 00:07:30 rwatson Exp $");
#include <sys/param.h>
#include <sys/stat.h>
@@ -182,8 +182,8 @@
np->group);
if (f_flags)
(void)printf("%-*s ", dp->s_flags, np->flags);
- if (f_lomac)
- (void)printf("%-*s ", dp->s_lattr, np->lattr);
+ if (f_label)
+ (void)printf("%-*s ", dp->s_label, np->label);
if (S_ISCHR(sp->st_mode) || S_ISBLK(sp->st_mode))
if (minor(sp->st_rdev) > 255 || minor(sp->st_rdev) < 0)
(void)printf("%3d, 0x%08x ",
==== //depot/projects/trustedbsd/base/bin/ps/Makefile#7 (text+ko) ====
@@ -1,8 +1,8 @@
-# $FreeBSD: src/bin/ps/Makefile,v 1.21 2002/07/08 15:48:39 jmallett Exp $
+# $FreeBSD: src/bin/ps/Makefile,v 1.22 2002/10/24 00:00:57 rwatson Exp $
# @(#)Makefile 8.1 (Berkeley) 6/2/93
PROG= ps
-SRCS= fmt.c keyword.c nlist.c print.c ps.c lomac.c
+SRCS= fmt.c keyword.c nlist.c print.c ps.c
#
# To support "lazy" ps for non root/wheel users
# add -DLAZY_PS to the cflags. This helps
==== //depot/projects/trustedbsd/base/bin/ps/extern.h#8 (text+ko) ====
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)extern.h 8.3 (Berkeley) 4/2/94
- * $FreeBSD: src/bin/ps/extern.h,v 1.27 2002/10/02 20:32:50 jhb Exp $
+ * $FreeBSD: src/bin/ps/extern.h,v 1.28 2002/10/24 00:00:57 rwatson Exp $
*/
struct kinfo;
@@ -54,7 +54,7 @@
const char *fmt_argv(char **, char *, size_t);
double getpcpu(const KINFO *);
void kvar(KINFO *, VARENT *);
-void lattr(KINFO *, VARENT *);
+void label(KINFO *, VARENT *);
void logname(KINFO *, VARENT *);
void longtname(KINFO *, VARENT *);
void lstarted(KINFO *, VARENT *);
@@ -71,6 +71,7 @@
void rgroupname(KINFO *, VARENT *);
void runame(KINFO *, VARENT *);
void rvar(KINFO *, VARENT *);
+int s_label(KINFO *);
int s_rgroupname(KINFO *);
int s_runame(KINFO *);
int s_uname(KINFO *);
==== //depot/projects/trustedbsd/base/bin/ps/keyword.c#11 (text+ko) ====
@@ -37,7 +37,7 @@
#endif /* not lint */
#endif
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/bin/ps/keyword.c,v 1.57 2002/10/02 20:32:50 jhb Exp $");
+__FBSDID("$FreeBSD: src/bin/ps/keyword.c,v 1.58 2002/10/24 00:00:57 rwatson Exp $");
#include <sys/param.h>
#include <sys/time.h>
@@ -95,13 +95,14 @@
0},
{"ktrace", "KTRACE", NULL, 0, kvar, NULL, 8, KOFF(ki_traceflag), INT,
"x", 0},
+ {"label", "LABEL", NULL, LJUST|DSIZ, label, s_label, SHRT_MAX, 0, CHAR,
+ NULL, 0},
{"lim", "LIM", NULL, 0, maxrss, NULL, 5, 0, CHAR, NULL, 0},
{"login", "LOGIN", NULL, LJUST, logname, NULL, MAXLOGNAME-1, 0, CHAR,
NULL, 0},
{"logname", "", "login", 0, NULL, NULL, 0, 0, CHAR, NULL, 0},
{"lstart", "STARTED", NULL, LJUST|USER, lstarted, NULL, 28, 0, CHAR,
NULL, 0},
- {"lvl", "LVL", NULL, LJUST, lattr, NULL, 3, 0, CHAR, NULL, 0},
{"majflt", "MAJFLT", NULL, USER, rvar, NULL, 4, ROFF(ru_majflt),
LONG, "ld", 0},
{"minflt", "MINFLT", NULL, USER, rvar, NULL, 4, ROFF(ru_minflt),
==== //depot/projects/trustedbsd/base/bin/ps/print.c#10 (text+ko) ====
@@ -37,7 +37,7 @@
#endif /* not lint */
#endif
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/bin/ps/print.c,v 1.74 2002/10/02 20:32:50 jhb Exp $");
+__FBSDID("$FreeBSD: src/bin/ps/print.c,v 1.75 2002/10/24 00:00:57 rwatson Exp $");
#include <sys/param.h>
#include <sys/time.h>
@@ -45,6 +45,7 @@
#include <sys/proc.h>
#include <sys/stat.h>
+#include <sys/mac.h>
#include <sys/user.h>
#include <sys/sysctl.h>
@@ -62,7 +63,6 @@
#include <unistd.h>
#include <vis.h>
-#include "lomac.h"
#include "ps.h"
#define ps_pgtok(a) (((a) * getpagesize()) / 1024)
@@ -726,10 +726,53 @@
}
void
-lattr(KINFO *k, VARENT *ve)
+label(KINFO *k, VARENT *ve)
{
+ char *string;
+ mac_t label;
+ int error;
VAR *v;
v = ve->var;
- (void)printf("%-*d", v->width, get_lattr(k->ki_p->ki_pid));
+ string = NULL;
+
+ if (mac_prepare_process_label(&label) == -1) {
+ perror("mac_prepare_process_label");
+ goto out;
+ }
+
+ error = mac_get_pid(k->ki_p->ki_pid, label);
+ if (error == 0) {
+ if (mac_to_text(label, &string) == -1)
+ string = NULL;
+ }
+ mac_free(label);
+
+out:
+ if (string != NULL) {
+ (void)printf("%-*s", v->width, string);
+ free(string);
+ } else
+ (void)printf("%-*s", v->width, "");
+ return;
+}
+
+int
+s_label(KINFO *k)
+{
+ char *string = NULL;
+ mac_t label;
+ int error, size = 0;
+
+ if (mac_prepare_process_label(&label) == -1) {
+ perror("mac_prepare_process_label");
+ return (0);
+ }
+ error = mac_get_pid(k->ki_p->ki_pid, label);
+ if (error == 0 && mac_to_text(label, &string) == 0) {
+ size = strlen(string);
+ free(string);
+ }
+ mac_free(label);
+ return (size);
}
==== //depot/projects/trustedbsd/base/bin/ps/ps.1#11 (text+ko) ====
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" @(#)ps.1 8.3 (Berkeley) 4/18/94
-.\" $FreeBSD: src/bin/ps/ps.1,v 1.58 2002/10/02 20:32:50 jhb Exp $
+.\" $FreeBSD: src/bin/ps/ps.1,v 1.59 2002/10/24 00:00:57 rwatson Exp $
.\"
.Dd April 18, 1994
.Dt PS 1
@@ -184,7 +184,7 @@
.It Fl x
Display information about processes without controlling terminals.
.It Fl Z
-Add lvl to the list of keywords for which
+Add label to the list of keywords for which
.Nm
will display information.
.El
@@ -224,14 +224,14 @@
.It Dv "P_OWEUPC" Ta No "0x20000 Owe process an addupc() call at next ast"
.It Dv "P_SWAPPING" Ta No "0x40000 Process is being swapped"
.El
+.It label
+The MAC label of the process.
.It lim
The soft limit on memory used, specified via a call to
.Xr setrlimit 2 .
.It lstart
The exact time the command started, using the ``%c'' format described in
.Xr strftime 3 .
-.It lvl
-The LOMAC level of the process.
.It lockname
The name of the lock that the process is currently blocked on.
If the name is invalid or unknown, then
@@ -390,14 +390,14 @@
job control count
.It ktrace
tracing flags
+.It label
+MAC label
.It lim
memoryuse limit
.It logname
login name of user who started the process
.It lstart
time started
-.It lvl
-LOMAC level
.It majflt
total page faults
.It minflt
==== //depot/projects/trustedbsd/base/bin/ps/ps.c#12 (text+ko) ====
@@ -43,7 +43,7 @@
#endif /* not lint */
#endif
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/bin/ps/ps.c,v 1.58 2002/09/03 05:44:00 jmallett Exp $");
+__FBSDID("$FreeBSD: src/bin/ps/ps.c,v 1.59 2002/10/24 00:00:57 rwatson Exp $");
#include <sys/param.h>
#include <sys/user.h>
@@ -64,7 +64,6 @@
#include <string.h>
#include <unistd.h>
-#include "lomac.h"
#include "ps.h"
#define SEP ", \t" /* username separators */
@@ -108,7 +107,7 @@
static char o2[] = "tt,state,time,command";
static char ufmt[] = "user,pid,%cpu,%mem,vsz,rss,tt,state,start,time,command";
static char vfmt[] = "pid,state,time,sl,re,pagein,vsz,rss,lim,tsiz,%cpu,%mem,command";
-static char Zfmt[] = "lvl";
+static char Zfmt[] = "label";
static kvm_t *kd;
@@ -410,7 +409,6 @@
}
}
free(uids);
- lomac_stop();
exit(eval);
}
@@ -653,7 +651,7 @@
{
(void)fprintf(stderr, "%s\n%s\n%s\n",
- "usage: ps [-aChjlmrSTuvwx] [-O|o fmt] [-p pid] [-t tty] [-U user]",
+ "usage: ps [-aChjlmrSTuvwxZ] [-O|o fmt] [-p pid] [-t tty] [-U user]",
" [-M core] [-N system]",
" ps [-L]");
exit(1);
==== //depot/projects/trustedbsd/base/lib/libc/posix1e/posix1e.3#4 (text+ko) ====
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD: src/lib/libc/posix1e/posix1e.3,v 1.22 2002/10/22 01:52:53 rwatson Exp $
+.\" $FreeBSD: src/lib/libc/posix1e/posix1e.3,v 1.24 2002/10/23 23:56:15 chris Exp $
.\"
.Dd January 17, 2000
.Dt POSIX1E 3
@@ -41,14 +41,15 @@
.In sys/mac.h
.Sh DESCRIPTION
The IEEE POSIX.1e specification never left draft form, but the interfaces
-it describes are now widely used despite inherent limitations. Currently,
-only a few of the interfaces and features are implemented in
+it describes are now widely used despite inherent limitations.
+Currently, only a few of the interfaces and features are implemented in
.Fx ,
although efforts are underway to complete the integration at this time.
.Pp
POSIX.1e describes five security extensions to the base POSIX.1 API:
Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access
-Control, and Information Flow Labels. Of these, the ACL interfaces are
+Control, and Information Flow Labels.
+Of these, the ACL interfaces are
currently included with
.Fx ,
Auditing, Capabilities, and Mandatory
@@ -57,7 +58,8 @@
.Pp
POSIX.1e defines both syntax and semantics for these features, but fairly
substantial changes are required to implement these features in the
-operating system. As shipped,
+operating system.
+As shipped,
.Fx 4.0
permits file systems to export
Access Control Lists via the VFS, and provides a library for userland
@@ -69,7 +71,8 @@
.Fx
currently provides documentation and APIs for fine-grained capability
support, but implementation is currently not included in the base
-system. Documentation of these API calls is provided in
+system.
+Documentation of these API calls is provided in
.Xr cap 3 .
.Pp
Additional patches supporting POSIX.1e features are provided by the
@@ -82,15 +85,17 @@
development at this time.
.Sh ENVIRONMENT
POSIX.1e assigns security labels to all objects, extending the security
-functionality described in POSIX.1. These additional labels provide
+functionality described in POSIX.1.
+These additional labels provide
fine-grained discretionary access control, fine-grained capabilities,
-and labels necessary for mandatory access control. POSIX.2c describes
-a set of userland utilities for manipulating these labels. These userland
+and labels necessary for mandatory access control.
+POSIX.2c describes
+a set of userland utilities for manipulating these labels.
+These userland
utilities are not bundled with
.Fx 4.0
so as to discourage their
use in the short term.
-.Sh FILES
.Sh SEE ALSO
.Xr acl 3 ,
.Xr cap 3 ,
@@ -100,9 +105,11 @@
.Xr extattr 9 ,
.Xr mac 9
.Sh STANDARDS
-POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
-of the draft continues on the cross-platform POSIX.1e implementation
-mailing list. To join this list, see the
+POSIX.1e is described in IEEE POSIX.1e draft 17.
+Discussion of the draft continues
+on the cross-platform POSIX.1e implementation
+mailing list.
+To join this list, see the
.Fx
POSIX.1e implementation
page for more information.
==== //depot/projects/trustedbsd/base/libexec/ftpd/Makefile#7 (text+ko) ====
@@ -1,5 +1,5 @@
# @(#)Makefile 8.2 (Berkeley) 4/4/94
-# $FreeBSD: src/libexec/ftpd/Makefile,v 1.50 2002/06/28 10:36:14 markm Exp $
+# $FreeBSD: src/libexec/ftpd/Makefile,v 1.51 2002/10/24 00:07:30 rwatson Exp $
PROG= ftpd
MAN= ftpd.8
@@ -20,7 +20,7 @@
LSDIR= ../../bin/ls
.PATH: ${.CURDIR}/${LSDIR}
-SRCS+= ls.c cmp.c lomac.c print.c util.c
+SRCS+= ls.c cmp.c print.c util.c
CFLAGS+=-Dmain=ls_main -I${.CURDIR}/${LSDIR}
DPADD+= ${LIBM}
LDADD+= -lm
==== //depot/projects/trustedbsd/base/sys/modules/Makefile#31 (text+ko) ====
@@ -1,4 +1,4 @@
-# $FreeBSD: src/sys/modules/Makefile,v 1.273 2002/10/23 15:53:09 jhb Exp $
+# $FreeBSD: src/sys/modules/Makefile,v 1.274 2002/10/23 23:36:26 rwatson Exp $
.if exists(${.CURDIR}/../opencrypto) && !defined(NOCRYPT)
_crypto= crypto
@@ -68,6 +68,7 @@
mac_ifoff \
mac_mls \
mac_none \
+ mac_partition \
mac_seeotheruids \
mac_test \
mcd \
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list