From owner-cvs-all Tue Jul 30 15:22:42 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 890B537B401; Tue, 30 Jul 2002 15:22:36 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 09E4343E5E; Tue, 30 Jul 2002 15:22:36 -0700 (PDT) (envelope-from rwatson@FreeBSD.org) Received: from freefall.freebsd.org (rwatson@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6UMMZJU084770; Tue, 30 Jul 2002 15:22:35 -0700 (PDT) (envelope-from rwatson@freefall.freebsd.org) Received: (from rwatson@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6UMMZc0084769; Tue, 30 Jul 2002 15:22:35 -0700 (PDT) Message-Id: <200207302222.g6UMMZc0084769@freefall.freebsd.org> From: Robert Watson Date: Tue, 30 Jul 2002 15:22:35 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/sys mount.h X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG rwatson 2002/07/30 15:22:35 PDT Modified files: sys/sys mount.h Log: Begin committing support for Mandatory Access Control and extensible kernel access control. The MAC framework permits loadable kernel modules to link to the kernel at compile-time, boot-time, or run-time, and augment the system security policy. This commit includes the initial kernel implementation, although the interface with the userland components of the oeprating system is still under work, and not all kernel subsystems are supported. Later in this commit sequence, documentation of which kernel subsystems will not work correctly with a kernel compiled with MAC support will be added. Label file system mount points, permitting security information to be maintained at the granularity of the file system. Two labels are currently maintained: a security label for the mount itself, and a default label for objects in the file system (in particular, for file systems not supporting per-vnode labeling directly). Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs Revision Changes Path 1.133 +3 -0 src/sys/sys/mount.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message