PERFORCE change 89430 for review
Christian S.J. Peron
csjp at FreeBSD.org
Mon Jan 9 19:54:40 GMT 2006
http://perforce.freebsd.org/chv.cgi?CH=89430
Change 89430 by csjp at csjp_xor on 2006/01/09 19:53:39
Add another MAC entry point: mac_associate_nfsd_label. This entry
point will be utilized by the NFS code to create proper subject
labels for the NFS related operations. For example, NFS operations
which result in a file being created will cause files to be
created with proper labels, if this entry point is defined by the
security policy.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_vfs.c#17 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#283 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#240 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_vfs.c#17 (text+ko) ====
@@ -1029,3 +1029,10 @@
return (0);
}
+
+void
+mac_associate_nfsd_label(struct ucred *cred)
+{
+
+ MAC_PERFORM(associate_nfsd_label, cred);
+}
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#283 (text+ko) ====
@@ -483,6 +483,7 @@
int mac_pipe_label_set(struct ucred *cred, struct pipepair *pp,
struct label *label);
void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred);
+void mac_associate_nfsd_label(struct ucred *cred);
/*
* Calls to help various file systems implement labeling functionality
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#240 (text+ko) ====
@@ -606,6 +606,7 @@
int (*mpo_check_vnode_write)(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp,
struct label *label);
+ void (*mpo_associate_nfsd_label)(struct ucred *cred);
};
/*
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list