PERFORCE change 23094 for review
Chris Costello
chris at freebsd.org
Fri Jan 3 08:49:56 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=23094
Change 23094 by chris at chris_holly on 2003/01/03 00:49:22
Beginning to get the updates to the MPO doc online. Still needs
plenty of work but this stuff needs to be committed. A good chunk
of the new additions to the entry point list has been added, with
more to come. However, I am still not finished. Just as in this
commit, the next few commits will include new additions as well as
revisions to existing entry points.
A few upcoming major changes:
o We're going to rely more on entities for otherwise repetitive
markup. For example, in this commit I add an entity representing
the parameters for the internalize and externalize prototypes, one
for the <informaltable> listing, and one for the paragraph, since
they all essentially do the same thing. The next wave of this
'entitization' will address reused parameters, e.g.
"<paramdef>struct label *<parameter>label</parameter></paramdef>"
will become &mac.struct.label.label;.
o Reorganization. Once all the individual entry points are up to
date, all the various sections will be reexamined. (I know many
entry points are not in the right place at all.)
o An index or contents. Still need to figure out how to do this
properly, because this is just one big file with no links into
various parts of it, which makes it kinda hard to use.
Affected files ...
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac.ent#4 edit
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#18 edit
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml#9 edit
.. //depot/projects/trustedbsd/doc/share/sgml/man-refs.ent#10 edit
Differences ...
==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac.ent#4 (text+ko) ====
@@ -12,3 +12,109 @@
</row>
</thead>
'>
+
+<!ENTITY mac.externalize.paramdefs '
+ <paramdef>struct label *<parameter>label</parameter></paramdef>
+ <paramdef>char *<parameter>element_name</parameter></paramdef>
+ <paramdef>char *<parameter>element_data</parameter></paramdef>
+ <paramdef>size_t <parameter>size</parameter></paramdef>
+ <paramdef>size_t <parameter>*len</parameter></paramdef>
+ <paramdef>int <parameter>*claimed</parameter></paramdef>
+'>
+
+<!ENTITY mac.externalize.tbody '
+ <tbody>
+ <row>
+ <entry><parameter>label</parameter></entry>
+ <entry>Label to be externalized</entry>
+ </row>
+
+ <row>
+ <entry><parameter>element_name</parameter>
+ <entry>Name of the policy whose label should be externalized</entry>
+ </row>
+
+ <row>
+ <entry><parameter>element_data</parameter>
+ <entry>Buffer; to be filled in with text representation of label</entry>
+ </row>
+
+ <row>
+ <entry><parameter>size</parameter></entry>
+ <entry>Size of <parameter>element_data</parameter></entry>
+ </row>
+
+ <row>
+ <entry><parameter>len</parameter></entry>
+ <entry>To be filled in with the length of the string representing the
+ label data.</entry>
+ </row>
+
+ <row>
+ <entry><parameter>claimed</parameter></entry>
+ <entry>Should be incremented when <parameter>element_data</parameter>
+ can be filled in.</entry>
+ </row>
+ </tbody>
+'>
+
+<!ENTITY mac.externalize.para "
+ <para>Produce an externalized label based on the label structure passed.
+ An externalized label consists of a text representation of the label
+ contents that can be used with userland applications and read by the
+ user. Currently, all policies' <function>externalize</function> entry
+ points will be called, so the implementation should check the contents
+ of <parameter>element_name</parameter> before attempting to fill in
+ <parameter>element_data</parameter>. If
+ <parameter>element_name</parameter> does not match the name of your
+ policy, simply return <returnvalue>0</returnvalue>. Only return nonzero
+ if an error occurs while externalizing the label data. Once the policy
+ fills in <parameter>element_data</parameter>, <varname>*claimed</varname>
+ should be incremented.</para>
+">
+
+<!ENTITY mac.internalize.paramdefs '
+ <paramdef>struct label *<parameter>label</parameter></paramdef>
+ <paramdef>char *<parameter>element_name</parameter></paramdef>
+ <paramdef>char *<parameter>element_data</parameter></paramdef>
+ <paramdef>int *<parameter>claimed</parameter></paramdef>
+'>
+
+<!ENTITY mac.internalize.tbody '
+ <tbody>
+ <row>
+ <entry><parameter>label</parameter></entry>
+ <entry>Label to be filled in</entry>
+ </row>
+
+ <row>
+ <entry><parameter>element_name</parameter></entry>
+ <entry>Name of the policy whose label should be internalized</entry>
+ </row>
+
+ <row>
+ <entry><parameter>element_data</parameter></entry>
+ <entry>Text data to be internalized</entry>
+ </row>
+
+ <row>
+ <entry><parameter>claimed</parameter></entry>
+ <entry>Should be incremented when data can be successfully
+ internalized.</entry>
+ </row>
+ </tbody>
+'>
+
+<!ENTITY mac.internalize.para "
+ <para>Produce an internal label structure based on externalized label data
+ in text format. Currently, all policies' <function>internalize</function>
+ entry points are called when internalization is requested, so the
+ implementation should compare the contents of
+ <parameter>element_name</parameter> to its own name in order to be sure
+ it should be internalizing the data in <parameter>element_data</parameter>.
+ Just as in the <function>externalize</function> entry points, the entry
+ point should return <returnvalue>0</returnvalue> if
+ <parameter>element_name</parameter> does not match its own name, or when
+ data can successfully be internalized, in which case
+ <varname>*claimed</varname> should be incremented.</para>
+">
==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#18 (text+ko) ====
@@ -60,7 +60,7 @@
</authorgroup>
</chapterinfo>
- <title>Writing MAC Policies</title>
+ <title>The TrustedBSD MAC Framework</title>
<sect1 id="mac-synopsis">
<title>Synopsis</title>
@@ -166,37 +166,33 @@
policy, provides a reference to the MAC entry point vector,
provides load-time flags determining how the policy framework
should handle the policy, and optionally requests the
- allocation of label state by the framework:</para>
-
- <programlisting>static struct mac_policy_op_entry &mac.mpo;_ops[] =
-{
- { MAC_DESTROY,
- (macop_t)mac_none_destroy },
- { MAC_INIT,
- (macop_t)mac_none_init },
- { MAC_INIT_BPFDESC,
- (macop_t)mac_none_init_bpfdesc },
+ allocation of label state by the framework.</para>
+
+ <programlisting>static struct mac_policy_ops mac_<replaceable>policy</replaceable>_ops =
+{
+ .mpo_destroy = mac_<replaceable>policy</replaceable>_destroy,
+ .mpo_init = mac_<replaceable>policy</replaceable>_init,
+ .mpo_init_bpfdesc_label = mac_<replaceable>policy</replaceable>_init_bpfdesc_label,
+ .mpo_init_cred_label = mac_<replaceable>policy</replaceable>_init_label,
/* ... */
- { MAC_CHECK_VNODE_STAT,
- (macop_t)mac_none_check_vnode_stat },
- { MAC_CHECK_VNODE_WRITE,
- (macop_t)mac_none_check_vnode_write },
- { MAC_OP_LAST, NULL }
+ .mpo_check_vnode_setutimes = mac_<replaceable>policy</replaceable>_check_vnode_setutimes,
+ .mpo_check_vnode_stat = mac_<replaceable>policy</replaceable>_check_vnode_stat,
+ .mpo_check_vnode_write = mac_<replaceable>policy</replaceable>_check_vnode_write,
};</programlisting>
<para>The MAC policy entry point vector,
- <varname>mac_none_ops</varname> in this example, associates
+ <varname>mac_<replaceable>policy</replaceable>_ops</varname> in this example, associates
functions defined in the module with specific entry points. A
complete listing of available entry points and their
prototypes may be found in the MAC entry point reference
section. Of specific interest during module registration are
- the <symbol>MAC_DESTROY</symbol> and <symbol>MAC_INIT</symbol>
- entry points. <symbol>MAC_INIT</symbol> will be invoked once a
+ the <symbol>.mpo_destroy</symbol> and <symbol>.mpo_init</symbol>
+ entry points. <symbol>.mpo_init</symbol> will be invoked once a
policy is successfully registered with the module framework
but prior to any other entry points becoming active. This
permits the policy to perform any policy-specific allocation
and initialization, such as initialization of any data or
- locks. <symbol>MAC_DESTROY</symbol> will be invoked when a
+ locks. <symbol>.mpo_destroy</symbol> will be invoked when a
policy module is unloaded to permit releasing of any allocated
memory and destruction of locks. Currently, these two entry
points are invoked with the MAC policy list mutex held to
@@ -304,6 +300,8 @@
<para>Policy load event. The policy list mutex is held, so
caution should be applied.</para>
</sect3>
+
+
</sect2>
<sect2 id="mac-label-events">
@@ -379,6 +377,115 @@
<sect3 id="mac-fs-label-event-ops">
<title>File System Object Labeling Event Operations</title>
+
+ <sect4 id="mac-mpo-associate-vnode-devfs">
+ <title><function>&mac.mpo;_associate_vnode_devfs</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>void
+ <function>&mac.mpo;_associate_vnode_devfs</function></funcdef>
+
+ <paramdef>struct mount
+ *<parameter>mp</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>fslabel</parameter></paramdef>
+ <paramdef>struct devfs_dirent
+ *<parameter>de</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>delabel</parameter></paramdef>
+ <paramdef>struct vnode
+ *<parameter>vp</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>vlabel</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>mp</parameter></entry>
+ <entry>Devfs mount point</entry>
+ </row>
+
+ <row>
+ <entry><parameter>fslabel</parameter></entry>
+ <entry>Devfs file system label
+ (<varname>mp->mnt_fslabel</varname>)</entry>
+ </row>
+
+ <row>
+ <entry><parameter>de</parameter></entry>
+ <entry>Devfs directory entry</entry>
+ </row>
+
+ <row>
+ <entry><parameter>delabel</parameter></entry>
+ <entry>Policy label associated with
+ <parameter>de</parameter></entry>
+ </row>
+
+ <row>
+ <entry><parameter>vp</parameter></entry>
+ <entry>vnode associated with
+ <parameter>de</parameter></entry>
+ </row>
+
+ <row>
+ <entry><parameter>vlabel</parameter></entry>
+ <entry>Policy label associated with
+ <parameter>vp</parameter></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Fill in the label (<parameter>vlabel</parameter>) for
+ a newly created devfs vnode based on the devfs directory
+ entry passed in <parameter>de</parameter> and its
+ label.</para>
+ </sect4>
+
+ <sect4 id="mac-mpo-copy-vnode-label">
+ <title><function>&mac.mpo;_copy_vnode_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>void
+ <function>&mac.mpo;_copy_vnode_label</function></funcdef>
+
+ <paramdef>struct label
+ *<parameter>src</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>dest</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>src</parameter></entry>
+ <entry>Source label</entry>
+ </row>
+
+ <row>
+ <entry><parameter>dest</parameter></entry>
+ <entry>Destination label</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Copy the label information in
+ <parameter>src</parameter> into
+ <parameter>dest</parameter>.</para>
+ </sect4>
<sect4 id="mac-mpo-create-devfs-device">
<title><function>&mac.mpo;_create_devfs_device</function></title>
@@ -688,55 +795,53 @@
the root file system is mounted, after
&mac.mpo;_create_mount;.</para>
</sect4>
- <sect4 id="mac-mpo-stdcreatevnode-ea">
- <title><function>&mac.mpo;_stdcreatevnode_ea</function></title>
-
+
+ <sect4 id="mac-mpo-externalize-vnode-label">
+ <title><function>&mac.mpo;_externalize_vnode_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_externalize_vnode_label</function></funcdef>
+
+ &mac.externalize.paramdefs;
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ &mac.externalize.tbody;
+ </tgroup>
+ </informaltable>
+
+ &mac.externalize.para;
+ </sect4>
+
+ <sect4 id="mac-mpo-internalize-vnode-label">
+ <title><function>&mac.mpo;_internalize_vnode_label</function></title>
+
<funcsynopsis>
<funcprototype>
<funcdef>int
- <function>&mac.mpo;_stdcreatevnode_ea</function></funcdef>
-
- <paramdef>struct vnode
- *<parameter>vp</parameter></paramdef>
- <paramdef>struct label
- *<parameter>vnodelabel</parameter></paramdef>
+ <function>&mac.mpo;_internalize_vnode_label</function></funcdef>
+
+ &mac.internalize.paramdefs;
</funcprototype>
</funcsynopsis>
-
+
<informaltable>
<tgroup cols="3">
&mac.thead;
-
- <tbody>
- <row>
- <entry><parameter>vp</parameter></entry>
- <entry>vnode to commit</entry>
- <entry>Locked on entry, locked on exit</entry>
- </row>
-
- <row>
- <entry><parameter>vnodelabel</parameter></entry>
- <entry>Label associated with
- <parameter>vp</parameter></entry>
- </row>
- </tbody>
+
+ &mac.internalize.tbody;
</tgroup>
</informaltable>
-
- <!-- XXX extattr.9 probably needs updating... -->
- <para>This entry point is called when a vnode is to be
- committed to disk via the extended attribute service (see
- &man.extattr.9;). If committing to the disk is successful,
- a value of <returnvalue>0</returnvalue> should be returned;
- otherwise, an appropriate error code should be
- returned.</para>
-
- <note><para>The current implementation as of July 24, 2002
- commits the data to disk from within the architecture.
- The implementation will be updated to be closer to the
- above documentation as development progresses.</para></note>
+
+ &mac.internalize.para;
</sect4>
-
+
<sect4 id="mac-mpo-update-devfsdirent">
<title><function>&mac.mpo;_update_devfsdirent</function></title>
<funcsynopsis>
@@ -1021,6 +1126,44 @@
<sect3 id="mac-ipc-label-ops">
<title>IPC Object Labeling Event Operations</title>
+
+ <sect4 id="mac-mpo-copy-pipe-label">
+ <title><function>&mac.mpo;_copy_pipe_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>void
+ <function>&mac.mpo;_copy_pipe_label</function></funcdef>
+
+ <paramdef>struct label
+ *<parameter>src</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>dest</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>src</parameter></entry>
+ <entry>Source label</entry>
+ </row>
+
+ <row>
+ <entry><parameter>dest</parameter></entry>
+ <entry>Destination label</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Copy the label information in
+ <parameter>src</parameter> into
+ <parameter>dest</parameter>.</para>
+ </sect4>
<sect4 id="mac-mpo-create-mbuf-from-socket">
<title><function>&mac.mpo;_create_mbuf_from_socket</function></title>
@@ -1123,63 +1266,169 @@
subject credential. This call is made when a socket is
created.</para>
</sect4>
-
- <sect4>
- <title><function>&mac.mpo;_create_socket_from_socket</function></title>
-
+
+ <sect4 id="mac-mpo-externalize-ifnet-label">
+ <title><function>&mac.mpo;_externalize_ifnet_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_externalize_ifnet_label</function></funcdef>
+
+ &mac.externalize.paramdefs;
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ &mac.externalize.tbody;
+ </tgroup>
+ </informaltable>
+
+ &mac.externalize.para;
+ </sect4>
+
+ <sect4 id="mac-mpo-externalize-pipe-label">
+ <title><function>&mac.mpo;_externalize_pipe_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_externalize_pipe_label</function></funcdef>
+
+ &mac.externalize.paramdefs;
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ &mac.externalize.tbody;
+ </tgroup>
+ </informaltable>
+
+ &mac.externalize.para;
+ </sect4>
+
+ <sect4 id="mac-mpo-externalize-socket-label">
+ <title><function>&mac.mpo;_externalize_socket_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_externalize_socket_label</function></funcdef>
+
+ &mac.externalize.paramdefs;
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ &mac.externalize.tbody;
+ </tgroup>
+ </informaltable>
+
+ &mac.externalize.para;
+ </sect4>
+
+ <sect4 id="mac-mpo-externalize-socket-peer-label">
+ <title><function>&mac.mpo;_externalize_socket_peer_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_externalize_socket_peer_label</function></funcdef>
+
+ &mac.externalize.paramdefs;
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ &mac.externalize.tbody;
+ </tgroup>
+ </informaltable>
+
+ &mac.externalize.para;
+ </sect4>
+
+ <sect4 id="mac-mpo-internalize-ifnet-label">
+ <title><function>&mac.mpo;_internalize_ifnet_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_internalize_ifnet_label</function></funcdef>
+
+ &mac.internalize.paramdefs;
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ &mac.internalize.tbody;
+ </tgroup>
+ </informaltable>
+
+ &mac.internalize.para;
+ </sect4>
+
+ <sect4 id="mac-mpo-internalize-pipe-label">
+ <title><function>&mac.mpo;_internalize_pipe_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_internalize_pipe_label</function></funcdef>
+
+ &mac.internalize.paramdefs;
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ &mac.internalize.tbody;
+ </tgroup>
+ </informaltable>
+
+ &mac.internalize.para;
+ </sect4>
+
+ <sect4 id="mac-mpo-internalize-socket-label">
+ <title><function>&mac.mpo;_internalize_socket_label</function></title>
+
<funcsynopsis>
<funcprototype>
- <funcdef>void
- <function>&mac.mpo;_create_socket_from_socket</function></funcdef>
-
- <paramdef>struct socket
- *<parameter>oldsocket</parameter></paramdef>
- <paramdef>struct label
- *<parameter>oldsocketlabel</parameter></paramdef>
- <paramdef>struct socket
- *<parameter>newsocket</parameter></paramdef>
- <paramdef>struct label
- *<parameter>newsocketlabel</parameter></paramdef>
+ <funcdef>int
+ <function>&mac.mpo;_internalize_socket_label</function></funcdef>
+
+ &mac.internalize.paramdefs;
</funcprototype>
</funcsynopsis>
-
+
<informaltable>
<tgroup cols="3">
&mac.thead;
-
- <tbody>
- <row>
- <entry><parameter>oldsocket</parameter></entry>
- <entry>Object; parent socket; created from
- &man.listen.2;</entry>
- </row>
-
- <row>
- <entry><parameter>oldsocketlabel</parameter></entry>
- <entry>Label for
- <parameter>oldsocket</parameter></entry>
- </row>
-
- <row>
- <entry><parameter>newsocket</parameter></entry>
- <entry>Object; child socket; incoming connection</entry>
- </row>
-
- <row>
- <entry><parameter>newsocketlabel</parameter></entry>
- <entry>Label to be filled in for
- <parameter>newsocket</parameter></entry>
- </row>
- </tbody>
+
+ &mac.internalize.tbody;
</tgroup>
</informaltable>
-
- <para>Set the label on a newly created stream socket from the
- passed listen socket. This call may occur during &man.accept.2;,
- or prior to &man.accept.2;, depending on the protocol.</para>
+
+ &mac.internalize.para;
</sect4>
-
- <sect4 id="mac-mpo-relabel-socket">
+
+ <sect4 id="mac-mpo-socket-relabel">
<title><function>&mac.mpo;_socket_relabel</function></title>
<funcsynopsis>
@@ -2155,10 +2404,9 @@
</tgroup>
</informaltable>
- <!-- XXX manref -->
<para>Set the label of a newly created subject credential from
the passed subject credential. This call will be made when
- crcopy(9) is invoked on a newly created <type>struct
+ &man.crcopy.9; is invoked on a newly created <type>struct
ucred</type>. This call should not be confused with a
process forking or creation event.</para>
</sect4>
@@ -2383,6 +2631,52 @@
<para>Update the label on a subject credential from the passed
update label.</para>
</sect4>
+
+ <sect4 id="mac-mpo-externalize-cred-label">
+ <title><function>&mac.mpo;_externalize_cred_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_externalize_cred_label</function></funcdef>
+
+ &mac.externalize.paramdefs;
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ &mac.externalize.tbody;
+ </tgroup>
+ </informaltable>
+
+ &mac.externalize.para;
+ </sect4>
+
+ <sect4 id="mac-mpo-internalize-cred-label">
+ <title><function>&mac.mpo;_internalize_cred_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_internalize_cred_label</function></funcdef>
+
+ &mac.internalize.paramdefs;
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ &mac.internalize.tbody;
+ </tgroup>
+ </informaltable>
+
+ &mac.internalize.para;
+ </sect4>
</sect3>
</sect2>
@@ -4733,12 +5027,12 @@
</sect3>
<sect3 id="mac-mpo-init-bpfdesc">
- <title><function>&mac.mpo;_init_bpfdesc</function></title>
+ <title><function>&mac.mpo;_init_bpfdesc_label</function></title>
<funcsynopsis>
<funcprototype>
<funcdef>void
- <function>&mac.mpo;_init_bpfdesc</function></funcdef>
+ <function>&mac.mpo;_init_bpfdesc_label</function></funcdef>
<paramdef>struct bpf_d
*<parameter>bpf_d</parameter></paramdef>
@@ -4770,12 +5064,12 @@
</sect3>
<sect3 id="mac-mpo-init-devfsdirent">
- <title><function>&mac.mpo;_init_devfsdirent</function></title>
+ <title><function>&mac.mpo;_init_devfsdirent_label</function></title>
<funcsynopsis>
<funcprototype>
<funcdef>void
- <function>&mac.mpo;_init_devfsdirent</function></funcdef>
+ <function>&mac.mpo;_init_devfsdirent_label</function></funcdef>
<paramdef>struct devfs_dirent
*<parameter>devfs_dirent</parameter></paramdef>
@@ -4807,12 +5101,12 @@
</sect3>
<sect3 id="mac-mpo-init-ifnet">
- <title><function>&mac.mpo;_init_ifnet</function></title>
+ <title><function>&mac.mpo;_init_ifnet_label</function></title>
<funcsynopsis>
<funcprototype>
<funcdef>void
- <function>&mac.mpo;_init_ifnet</function></funcdef>
+ <function>&mac.mpo;_init_ifnet_label</function></funcdef>
<paramdef>struct ifnet
*<parameter>ifnet</parameter></paramdef>
@@ -4844,12 +5138,12 @@
</sect3>
<sect3 id="mac-mpo-init-ipq">
- <title><function>&mac.mpo;_init_ipq</function></title>
+ <title><function>&mac.mpo;_init_ipq_label</function></title>
<funcsynopsis>
<funcprototype>
<funcdef>void
- <function>&mac.mpo;_init_ipq</function></funcdef>
+ <function>&mac.mpo;_init_ipq_label</function></funcdef>
<paramdef>struct ipq
*<parameter>ipq</parameter></paramdef>
@@ -4879,14 +5173,14 @@
<para>Initialize the label on a newly instantiated IP fragment
reassembly queue.</para>
</sect3>
-
+
<sect3 id="mac-mpo-init-mbuf">
- <title><function>&mac.mpo;_init_mbuf</function></title>
+ <title><function>&mac.mpo;_init_mbuf_label</function></title>
<funcsynopsis>
<funcprototype>
<funcdef>void
- <function>&mac.mpo;_init_mbuf</function></funcdef>
+ <function>&mac.mpo;_init_mbuf_label</function></funcdef>
<paramdef>struct mbuf
*<parameter>mbuf</parameter></paramdef>
@@ -4908,7 +5202,7 @@
<row>
<entry><parameter>how</parameter></entry>
- <entry>Blocking/non-blocking &man.malloc.9; see
+ <entry>Blocking/non-blocking &man.malloc.9;; see
below</entry>
</row>
@@ -4933,12 +5227,12 @@
</sect3>
<sect3 id="mac-mpo-init-mount">
- <title><function>&mac.mpo;_init_mount</function></title>
+ <title><function>&mac.mpo;_init_mount_label</function></title>
<funcsynopsis>
<funcprototype>
<funcdef>void
- <function>&mac.mpo;_init_mount</function></funcdef>
+ <function>&mac.mpo;_init_mount_label</function></funcdef>
<paramdef>struct mount
*<parameter>mount</parameter></paramdef>
@@ -4978,21 +5272,76 @@
<para>Initialize the labels on a newly instantiated mount
point.</para>
</sect3>
+
+ <sect3 id="mac-mpo-init-mount-fs-label">
+ <title><function>&mac.mpo;_init_mount_fs_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>void
+ <function>&mac.mpo;_init_mount_fs_label</function></funcdef>
+
+ <paramdef>struct label
+ *<parameter>label</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>label</parameter></entry>
+ <entry>Label to be initialized</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Initialize the label on a newly mounted file
+ system.</para>
+ </sect3>
+
+ <sect3 id="mac-mpo-init-pipe-label">
+ <title><function>&mac.mpo;_init_pipe_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>void
+ <function>&mac.mpo;_init_pipe_label</function></funcdef>
+
+ <paramdef>struct
+ label*<parameter>label</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>label</parameter></entry>
+ <entry>Label to be filled in</entry>
+ </row>
+ </tbody>
+ </informaltable>
+
+ <para>Initialize a label for a newly instantiated pipe.</para>
+ </sect3>
<sect3 id="mac-mpo-init-socket">
- <title><function>&mac.mpo;_init_socket</function></title>
+ <title><function>&mac.mpo;_init_socket_label</function></title>
<funcsynopsis>
<funcprototype>
<funcdef>void
- <function>&mac.mpo;_init_socket</function></funcdef>
+ <function>&mac.mpo;_init_socket_label</function></funcdef>
- <paramdef>struct socket
- *<parameter>socket</parameter></paramdef>
<paramdef>struct label
*<parameter>label</parameter></paramdef>
- <paramdef>struct label
- *<parameter>peerlabel</parameter></paramdef>
+ <paramdef>int <parameter>flag</parameter></paramdef>
</funcprototype>
</funcsynopsis>
@@ -5002,37 +5351,66 @@
<tbody>
<row>
- <entry><parameter>socket</parameter></entry>
- <entry>Object; socket</entry>
+ <entry><parameter>label</parameter></entry>
+ <entry>New label to initialize</entry>
</row>
<row>
+ <entry><parameter>flag</parameter></entry>
+ <entry>&man.malloc.9; flags</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Initialize a label for a newly instantiated
+ socket.</para>
+ </sect3>
+
+ <sect3 id="mac-mpo-init-socket-peer-label">
+ <title><function>&mac.mpo;_init_socket_peer_label</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>void
+ <function>&mac.mpo;_init_socket_peer_label</function></funcdef>
+
+ <paramdef>struct label
+ *<parameter>label</parameter></paramdef>
+ <paramdef>int <parameter>flag</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
<entry><parameter>label</parameter></entry>
- <entry>New label to apply to the socket</entry>
+ <entry>New label to initialize</entry>
</row>
-
+
<row>
- <entry><parameter>peerlabel</parameter></entry>
- <entry>New label to apply to the socket's peer</entry>
+ <entry><parameter>flag</parameter></entry>
+ <entry>&man.malloc.9; flags</entry>
</row>
</tbody>
</tgroup>
</informaltable>
-
- <para>Initialize the labels on a newly instantiated
+
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list