PERFORCE change 23407 for review

Chris Costello chris at freebsd.org
Wed Jan 8 12:41:42 GMT 2003


http://perforce.freebsd.org/chv.cgi?CH=23407

Change 23407 by chris at chris_holly on 2003/01/08 04:41:01

	Add check_kld_{load,unload,stat} and check_kenv_{set,get,unset,dump}

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#19 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#19 (text+ko) ====

@@ -2791,6 +2791,251 @@
           failure: <errorcode>EACCES</errorcode> for label mismatches,
           <errorcode>EPERM</errorcode> for lack of privilege.</para>
       </sect3>
+
+      <sect3 id="mac-mpo-check-kenv-dump">
+        <title><function>&mac.mpo;_check_kenv_dump</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_kenv_dump</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to
+          retrieve the kernel environment (see &man.kenv.2;).</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-kenv-get">
+        <title><function>&mac.mpo;_check_kenv_get</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_kenv_get</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>char *<parameter>name</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>name</parameter></entry>
+                <entry>Kernel environment variable name</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to
+          retrieve the value of the specified kernel environment
+          variable.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-kenv-set">
+        <title><function>&mac.mpo;_check_kenv_set</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_kenv_set</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>char *<parameter>name</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>name</parameter></entry>
+                <entry>Kernel environment variable name</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to set
+          the specified kernel environment variable.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-kenv-unset">
+        <title><function>&mac.mpo;_check_kenv_unset</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_kenv_unset</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>char *<parameter>name</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+              
+              <row>
+                <entry><parameter>name</parameter></entry>
+                <entry>Kernel environment variable name</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to unset
+          the specified kernel environment variable.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-kld-load">
+        <title><function>&mac.mpo;_check_kld_load</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_kld_load</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>vp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>vlabel</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>vp</parameter></entry>
+                <entry>Kernel module vnode</entry>
+              </row>
+
+              <row>
+                <entry><parameter>vlabel</parameter></entry>
+                <entry>Label associated with
+                  <parameter>vp</parameter></entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to load
+          the specified module file.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-kld-stat">
+        <title><function>&mac.mpo;_check_kld_stat</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_kld_stat</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to
+          retrieve a list of loaded kernel module files and associated
+          statistics.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-kld-unload">
+        <title><function>&mac.mpo;_check_kld_unload</function></title>
+
+        <funcsynopsis>
+           <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_kld_unload</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to
+          unload a kernel module.</para>
+      </sect3>
       
       <sect3 id="mac-mpo-cred-check-socket-bind">
         <title><function>&mac.mpo;_check_socket_bind</function></title>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list