From owner-cvs-all Tue Jul 30 15: 8:20 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0FBF37B400; Tue, 30 Jul 2002 15:08:12 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9740E43E42; Tue, 30 Jul 2002 15:08:12 -0700 (PDT) (envelope-from rwatson@FreeBSD.org) Received: from freefall.freebsd.org (rwatson@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6UM8CJU083305; Tue, 30 Jul 2002 15:08:12 -0700 (PDT) (envelope-from rwatson@freefall.freebsd.org) Received: (from rwatson@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6UM8Cth083304; Tue, 30 Jul 2002 15:08:12 -0700 (PDT) Message-Id: <200207302208.g6UM8Cth083304@freefall.freebsd.org> From: Robert Watson Date: Tue, 30 Jul 2002 15:08:12 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/sys vnode.h X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG rwatson 2002/07/30 15:08:12 PDT Modified files: sys/sys vnode.h Log: Begin committing support for Mandatory Access Control and extensible kernel access control. The MAC framework permits loadable kernel modules to link to the kernel at compile-time, boot-time, or run-time, and augment the system security policy. This commit includes the initial kernel implementation, although the interface with the userland components of the oeprating system is still under work, and not all kernel subsystems are supported. Later in this commit sequence, documentation of which kernel subsystems will not work correctly with a kernel compiled with MAC support will be added. Label vnodes, permitting security information to maintained at the granularity of the individual file, directory (et al). This data is protected by the vnode lock and may be read only when holding a shared lock, or modified only when holding an exclusive lock. Label information may be considered either the primary copy, or a cached copy. Individual file systems or kernel services may use the VCACHEDLABEL flag for accounting purposes to determine which it is. New VOPs will be introduced to refresh this label on demand, or to set the label value. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs Revision Changes Path 1.196 +2 -0 src/sys/sys/vnode.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message