PERFORCE change 14874 for review
Chris Costello
chris at freebsd.org
Thu Jul 25 00:25:14 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14874
Change 14874 by chris at chris_holly on 2002/07/24 17:24:59
o Update/augment descriptions with descriptions from Robert's
post to cboss-doc.
o Mark up remaining label operations except those for processes
(to be committed later this evening)
o Credit Robert in authors for his description paragraphs.
o Update mac.ent to include locking column and colspec's so that
entries can span multiple columns.
Affected files ...
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac.ent#3 edit
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#7 edit
Differences ...
==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac.ent#3 (text+ko) ====
@@ -1,9 +1,14 @@
<!ENTITY mac.mpo "mpo">
-<!ENTITY mac.thead "
+<!ENTITY mac.thead '
+ <colspec colname="first" colwidth="0">
+ <colspec colwidth="0">
+ <colspec colname="last" colwidth="0">
+
<thead>
<row>
<entry>Parameter</entry>
<entry>Description</entry>
+ <entry>Locking</entry>
</row>
</thead>
-">
+'>
==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#7 (text+ko) ====
@@ -41,11 +41,22 @@
<author>
<firstname>Chris</firstname>
<surname>Costello</surname>
+
<affiliation>
<orgname>TrustedBSD Project</orgname>
<address><email>chris at FreeBSD.org</email></address>
</affiliation>
</author>
+
+ <author>
+ <firstname>Robert</firstname>
+ <surname>Watson</surname>
+
+ <affiliation>
+ <orgname>TrustedBSD Project</orgname>
+ <address><email>rwatson at FreeBSD.org</email></address>
+ </affiliation>
+ </author>
</authorgroup>
</chapterinfo>
@@ -118,7 +129,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_init</function></funcdef>
<paramdef>struct mac_policy_conf
@@ -127,7 +138,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -139,14 +150,8 @@
</tgroup>
</informaltable>
- <para>This is the entry point called after the policy has been
- added to the list, but before the list is unlocked. At the
- point a module would typically initialize its own internal
- structures, print any copyright messages, etc.</para>
-
- <note><para>A <quote>module loaded</quote> message is already
- printed when a policy is loaded so any further messages of
- that nature are probably unnecessary.</para></note>
+ <para>Policy load event. The policy list mutex is held, so
+ caution should be applied.</para>
</sect3>
<sect3 id="mpo-destroy">
@@ -154,7 +159,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_destroy</function></funcdef>
<paramdef>struct mac_policy_conf
@@ -163,7 +168,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -175,9 +180,8 @@
</tgroup>
</informaltable>
- <para>This entry point is called when the module is being
- unloaded. At this point the policy would typically be
- freeing internal storage, etc.</para>
+ <para>Policy load event. The policy list mutex is held, so
+ caution should be applied.</para>
</sect3>
</sect2>
@@ -191,7 +195,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_init_bpfdesc</function></funcdef>
<paramdef>struct bpf_d
@@ -202,7 +206,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -219,7 +223,8 @@
</tgroup>
</informaltable>
- <para>...</para>
+ <para>Initialize the label on a newly instantiated bpfdesc (BPF
+ descriptor)</para>
</sect3>
<sect3 id="mac-mpo-init-devfsdirent">
@@ -227,7 +232,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_init_devfsdirent</function></funcdef>
<paramdef>struct devfs_dirent
@@ -238,7 +243,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -255,7 +260,8 @@
</tgroup>
</informaltable>
- <para>...</para>
+ <para>Initialize the label on a newly instantiated devfs
+ entry.</para>
</sect3>
<sect3 id="mac-mpo-init-ifnet">
@@ -263,7 +269,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_init_ifnet</function></funcdef>
<paramdef>struct ifnet
@@ -274,7 +280,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -291,7 +297,8 @@
</tgroup>
</informaltable>
- <para>...</para>
+ <para>Initialize the label on a newly instantiated network
+ interface.</para>
</sect3>
<sect3 id="mac-mpo-init-ipq">
@@ -299,7 +306,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_init_ipq</function></funcdef>
<paramdef>struct ipq
@@ -310,7 +317,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -326,6 +333,9 @@
</tbody>
</tgroup>
</informaltable>
+
+ <para>Initialize the label on a newly instantiated IP fragment
+ reassembly queue.</para>
</sect3>
<sect3 id="mac-mpo-init-mbuf">
@@ -333,18 +343,19 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_init_mbuf</function></funcdef>
<paramdef>struct mbuf
*<parameter>mbuf</parameter></paramdef>
+ <paramdef>int <parameter>how</parameter></paramdef>
<paramdef>struct label
*<parameter>label</parameter></paramdef>
</funcprototype>
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -354,13 +365,29 @@
</row>
<row>
+ <entry><parameter>how</parameter></entry>
+ <entry>Blocking/non-blocking &man.malloc.9; see
+ below</entry>
+ </row>
+
+ <row>
<entry><parameter>label</parameter></entry>
- <entry>New label to apply</entry>
+ <entry>Policy label to initialize</entry>
</tbody>
</tgroup>
</informaltable>
- <para>...</para>
+ <para>Initialize the label on a newly instantiated mbuf packet
+ header (<parameter>mbuf</parameter>). The
+ <parameter>how</parameter> field may be one of
+ <symbol>M_WAITOK</symbol> and <symbol>M_NOWAIT</symbol>, and
+ should be employed to avoid performing a blocking
+ &man.malloc.9; during this initialization call. Mbuf
+ allocation frequently occurs in performance sensitive
+ environments, and the implementation should be careful to
+ avoid blocking or long-lived operations. This entry point
+ is permitted to fail resulting in the failure to allocate
+ the mbuf header.</para>
</sect3>
<sect3 id="mac-mpo-init-mount">
@@ -368,7 +395,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_init_mount</function></funcdef>
<paramdef>struct mount
@@ -382,7 +409,7 @@
<!-- XXX: Wording on label descriptions. -->
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -393,18 +420,21 @@
<row>
<entry><parameter>mntlabel</parameter></entry>
- <entry>New file system mount point label</entry>
+ <entry>Policy label to be initialized for the mount
+ itself</entry>
</row>
<row>
<entry><parameter>fslabel</parameter></entry>
- <entry>New file system label</entry>
+ <entry>Policy label to be initialized for the file
+ system</entry>
</row>
</tbody>
</tgroup>
</informaltable>
- <para>...</para>
+ <para>Initialize the labels on a newly instantiated mount
+ point.</para>
</sect3>
<sect3 id="mac-mpo-init-socket">
@@ -412,7 +442,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_init_socket</function></funcdef>
<paramdef>struct socket
@@ -425,7 +455,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -447,7 +477,8 @@
</tgroup>
</informaltable>
- <para>...</para>
+ <para>Initialize the labels on a newly instantiated
+ socket.</para>
</sect3>
<sect3 id="mac-mpo-init-subject">
@@ -455,7 +486,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_init_subject</function></funcdef>
<paramdef>struct ucred
@@ -466,7 +497,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -483,10 +514,7 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should allocate and
- initialize any internal storage for a new label for a
- subject (user) credential. No label information should be
- filled out.</para>
+ <para>Initialize the labels on a newly instantiated subject.</para>
</sect3>
<sect3 id="mac-mpo-init-temp">
@@ -494,7 +522,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_init_temp</function></funcdef>
<paramdef>struct label
@@ -503,7 +531,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -515,9 +543,9 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should allocate
- storage for a label meant for temporary use. No label
- information should be filled out.</para>
+ <para>Initialize a newly instantiated temporary label;
+ temporary labels are frequently used to hold label update
+ requests.</para>
</sect3>
<sect3 id="mac-mpo-init-vnode">
@@ -525,7 +553,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_init_vnode</function></funcdef>
<paramdef>struct vnode
@@ -536,7 +564,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -553,9 +581,7 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should allocate and
- initialize any internal storage necessary for a new file
- system object label.</para>
+ <para>Initialize the label on a newly instantiated vnode.</para>
</sect3>
<sect3 id="mac-mpo-destroy-bpfdesc">
@@ -563,7 +589,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_destroy_bpfdesc</function></funcdef>
<paramdef>struct bpf_d
@@ -574,7 +600,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -591,10 +617,10 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should free any
- internal storage associated with
- <parameter>label</parameter> so that it may be
- destroyed.</para>
+ <para>Destroy the label on a BPF descriptor. In this entry
+ point, a policy module should free any internal storage
+ associated with <parameter>label</parameter> so that it may
+ be destroyed.</para>
</sect3>
<sect3 id="mac-mpo-destroy-devfsdirent">
@@ -602,7 +628,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_destroy_devfsdirent</function></funcdef>
<paramdef>struct devfs_dirent
@@ -613,7 +639,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -630,9 +656,10 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should free any
- internal storage asociated with <parameter>label</parameter>
- so that it may be destroyed.</para>
+ <para>Destroy the label on a devfs entry. In this entry
+ point, a policy module should free any internal storage
+ asociated with <parameter>label</parameter> so that it may
+ be destroyed.</para>
</sect3>
<sect3 id="mac-mpo-destroy-ifnet">
@@ -640,7 +667,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_destroy_ifnet</function></funcdef>
<paramdef>struct ifnet
@@ -651,7 +678,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -668,10 +695,10 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should free any
- internal storage associated with
- <parameter>label</parameter> so that it may be
- destroyed.</para>
+ <para>Destroy the label on a removed interface. In this entry
+ point, a policy module should free any internal storage
+ associated with <parameter>label</parameter> so that it may
+ be destroyed.</para>
</sect3>
<sect3 id="mac-mpo-destroy-ipq">
@@ -679,7 +706,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_destroy_ipq</function></funcdef>
<paramdef>struct ipq
@@ -690,7 +717,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -707,10 +734,10 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should free any
- internal storage associated with
- <parameter>label</parameter> so that it may be
- destroyed.</para>
+ <para>Destroy the label on an IP fragment queue. In this
+ entry point, a policy module should free any internal
+ storage associated with <parameter>label</parameter> so that
+ it may be destroyed.</para>
</sect3>
<sect3 id="mac-mpo-destroy-mbuf">
@@ -718,7 +745,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_destroy_mbuf</function></funcdef>
<paramdef>struct mbuf
@@ -729,7 +756,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -746,10 +773,10 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should free any
- internal storage associated with
- <parameter>label</parameter> so that it may be
- destroyed.</para>
+ <para>Destroy the label on an mbuf header. In this entry
+ point, a policy module should free any internal storage
+ associated with <parameter>label</parameter> so that it may
+ be destroyed.</para>
</sect3>
<sect3 id="mac-mpo-destroy-mount">
@@ -757,7 +784,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_destroy_mount</function></funcdef>
<paramdef>struct mount
@@ -770,7 +797,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -792,9 +819,9 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should free the
- internal storage associated with
- <parameter>mntlabel</parameter> and
+ <para>Destroy the labels on a mount point. In this entry
+ point, a policy module should free the internal storage
+ associated with <parameter>mntlabel</parameter> and
<parameter>fslabel</parameter> so that they may be
destroyed.</para>
</sect3>
@@ -804,7 +831,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_destroy_socket</function></funcdef>
<paramdef>struct socket
@@ -817,7 +844,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -839,9 +866,9 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should free any
- internal storage associated with
- <parameter>label</parameter> and
+ <para>Destroy the labels on a socket. In this entry point, a
+ policy module should free any internal storage associated
+ with <parameter>label</parameter> and
<parameter>peerlabel</parameter> so that they may be
destroyed.</para>
</sect3>
@@ -851,7 +878,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_destroy_subject</function></funcdef>
<paramdef>struct ucred
@@ -862,7 +889,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -879,9 +906,9 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should free any
- internal storage associated with
- <parameter>label</parameter> so that it may be
+ <para>Destroy the label on a credential. In this entry point,
+ a policy module should free any internal storage associated
+ with <parameter>label</parameter> so that it may be
destroyed.</para>
</sect3>
@@ -890,7 +917,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_destroy_temp</function></funcdef>
<paramdef>struct label
@@ -899,7 +926,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -911,10 +938,10 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should free any
- internal storage associated with the temporary label
- <parameter>label</parameter> so that it may be
- destroyed.</para>
+ <para>Destroy a temporary label. In this entry point, a
+ policy module should free any internal storage associated
+ with the temporary label <parameter>label</parameter> so
+ that it may be destroyed.</para>
</sect3>
<sect3 id="mac-mpo-destroy-vnode">
@@ -922,7 +949,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_destroy_vnode</function></funcdef>
<paramdef>struct vnode
@@ -933,7 +960,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -950,9 +977,9 @@
</tgroup>
</informaltable>
- <para>In this entry point, a policy module should free any
- internal storage associated with
- <parameter>label</parameter> so that it may be
+ <para>Destroy the label on a vnode. In this entry point, a
+ policy module should free any internal storage associated
+ with <parameter>label</parameter> so that it may be
destroyed.</para>
</sect3>
@@ -961,7 +988,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_externalize</function></funcdef>
<paramdef>struct label
@@ -972,7 +999,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -988,8 +1015,10 @@
</tbody>
</informaltable>
- <!-- XXX: Is Adam working on changing this mechanism? -->
- <para>...</para>
+ <para>Given an internalized subject or object label, fill out
+ an externalized label. This call is permitted to fail.
+ This call will be obsoleted by the new userland and extended
+ attribute interfaces for the MAC framework.</para>
</sect3>
<sect3 id="mac-mpo-internalize">
@@ -997,7 +1026,7 @@
<funcsynopsis>
<funcprototype>
- <funcdef>static void
+ <funcdef>void
<function>&mac.mpo;_internalize</function></funcdef>
<paramdef>struct label
@@ -1008,7 +1037,7 @@
</funcsynopsis>
<informaltable>
- <tgroup cols="2">
+ <tgroup cols="3">
&mac.thead;
<tbody>
@@ -1025,8 +1054,1814 @@
</tgroup>
</informaltable>
- <!-- XXX: Is Adam working on this interface? -->
- <para>...</para>
+ <para>Given an externalized subject or object label, likely
+ from userland, internalize the label. The entry point
+ implementation should handle incorrect or corrupted labels.
+ This call is permitted to fail. This call will be obsoleted
+ by the new userland and extended attribute interfaces for
+ the MAC framework.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="mac-fs-label-event-ops">
+ <title>File System Object Labeling Event Operations</title>
+
+ <para>...</para>
+
+ <sect3 id="mac-mpo-create-devfs-device">
+ <title><function>&mac.mpo;_create_devfs_device</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>void
+ <function>&mac.mpo;_create_devfs_device</function></funcdef>
+
+ <paramdef>dev_t <parameter>dev</parameter></paramdef>
+ <paramdef>struct devfs_dirent
+ *<parameter>devfs_dirent</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>label</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>dev</parameter></entry>
+ <entry>Device corresponding with
+ <parameter>devfs_dirent</parameter></entry>
+ </row>
+
+ <row>
+ <entry><parameter>devfs_dirent</parameter></entry>
+ <entry>Devfs directory entry to be labeled.</entry>
+ </row>
+
+ <row>
+ <entry><parameter>label</parameter></entry>
+ <entry>Label for <parameter>devfs_dirent</parameter>
+ to be filled in.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Fill out the label on a devfs_dirent being created for
+ the passed device. This call will be made when the device
+ file system is mounted, regenerated, or a new device is made
+ available.</para>
+ </sect3>
+
+ <sect3 id="mac-mpo-create-devfs-directory">
+ <title><function>&mac.mpo;_create_devfs_directory</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>void
+ <function>&mac.mpo;_create_devfs_directory</function></funcdef>
+
+ <paramdef>char *<parameter>dirname</parameter></paramdef>
+ <paramdef>int <parameter>dirnamelen</parameter></paramdef>
+ <paramdef>struct devfs_dirent
+ *<parameter>devfs_dirent</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>label</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>dirname</parameter></entry>
+ <entry>Name of directory being created</entry>
+ </row>
+
+ <row>
+ <entry><parameter>namelen</parameter></entry>
+ <entry>Length of string
+ <parameter>dirname</parameter></entry>
+ </row>
+
+ <row>
+ <entry><parameter>devfs_dirent</parameter></entry>
+ <entry>Devfs directory entry for directory being
+ created.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Fill out the label on a devfs_dirent being created for
+ the passed directory. This call will be made when the device
+ file system is mounted, regenerated, or a new device
+ requiring a specific directory hierarchy is made
+ available.</para>
+ </sect3>
+
+ <sect3 id="mac-mpo-create-devfs-vnode">
+ <title><function>&mac.mpo;_create_devfs_vnode</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>void
+ <function>&mac.mpo;_create_devfs_vnode</function></funcdef>
+
+ <paramdef>struct devfs_dirent
+ *<parameter>devfs_dirent</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>direntlabel</parameter></paramdef>
+ <paramdef>struct vnode
+ *<parameter>vp</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>vnodelabel</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>devfs_dirent</parameter></entry>
+ <entry>Object; devfs directory entry</entry>
+ </row>
+
+ <row>
+ <entry><parameter>direntlabel</parameter></entry>
+ <entry>Policy label for
+ <parameter>devfs_dirent</parameter></entry>
+ </row>
+
+ <row>
+ <entry><parameter>vp</parameter></entry>
+ <entry>Object; file system object being labeled</entry>
+ </row>
+
+ <row>
+ <entry><parameter>vnodelabel</parameter></entry>
+ <entry>Policy label to be filled in for
+ <parameter>vp</parameter></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Fill out the label on the vnode being created for the
+ passed devfs_dirent. This call will be made when a vnode is
+ required to represent the specified devfs_dirent in a
+ mounted devfs instance.</para>
+ </sect3>
+
+ <sect3 id="mac-mpo-create-vnode-from-vnode">
+ <title><function>&mac.mpo;_create_vnode_from_vnode</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list