From owner-cvs-all  Tue Jul 30 15:15:18 2002
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3B23737B400; Tue, 30 Jul 2002 15:15:10 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id E828543E42; Tue, 30 Jul 2002 15:15:09 -0700 (PDT)
	(envelope-from rwatson@FreeBSD.org)
Received: from freefall.freebsd.org (rwatson@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6UMF9JU084096;
	Tue, 30 Jul 2002 15:15:09 -0700 (PDT)
	(envelope-from rwatson@freefall.freebsd.org)
Received: (from rwatson@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6UMF9dd084095;
	Tue, 30 Jul 2002 15:15:09 -0700 (PDT)
Message-Id: <200207302215.g6UMF9dd084095@freefall.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Tue, 30 Jul 2002 15:15:09 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/sys/kern vnode_if.src
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

rwatson     2002/07/30 15:15:09 PDT

  Modified files:
    sys/kern             vnode_if.src 
  Log:
  Begin committing support for Mandatory Access Control and extensible
  kernel access control.  The MAC framework permits loadable kernel
  modules to link to the kernel at compile-time, boot-time, or run-time,
  and augment the system security policy.  This commit includes the
  initial kernel implementation, although the interface with the userland
  components of the operating system is still under work, and not all
  kernel subsystems are supported.  Later in this commit sequence,
  documentation of which kernel subsystems will not work correctly with
  a kernel compiled with MAC support will be added.
  
  Introduce two node vnode operations required to support MAC.  First,
  VOP_REFRESHLABEL(), which will be invoked by callers requiring that
  vp->v_label be sufficiently "fresh" for access control purposes.
  Second, VOP_SETLABEL(), which be invoked by callers requiring that
  the passed label contents be updated.  The file system is responsible
  for updating v_label if appropriate in coordination with the MAC
  framework, as well as committing to disk.  File systems that are
  not MAC-aware need not implement these VOPs, as the MAC framework
  will default to maintaining a single label for all vnodes based
  on the label on the file system mount point.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, NAI Labs
  
  Revision  Changes    Path
  1.54      +19 -0     src/sys/kern/vnode_if.src

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message