From owner-cvs-all Tue Oct 22 7:28:20 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A44837B401; Tue, 22 Oct 2002 07:28:19 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C16CF43E6E; Tue, 22 Oct 2002 07:28:18 -0700 (PDT) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9MERimV001307; Tue, 22 Oct 2002 07:27:44 -0700 (PDT) (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9MERibt001306; Tue, 22 Oct 2002 07:27:44 -0700 (PDT) Message-Id: <200210221427.g9MERibt001306@repoman.freebsd.org> From: Robert Watson Date: Tue, 22 Oct 2002 07:27:44 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/sys mac.h mac_policy.h X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG rwatson 2002/10/22 07:27:44 PDT Modified files: sys/sys mac.h mac_policy.h Log: Revised APIs for user process label management; the existing APIs relied on all label parsing occuring in userland, and knowledge of the loaded policies in the user libraries. This revision of the API pushes that parsing into the kernel, avoiding the need for shared library support of policies in userland, permitting statically linked binaries (such as ls, ps, and ifconfig) to use MAC labels. In these API revisions, high level parsing of the MAC label is done in the MAC Framework, and interpretation of label elements is delegated to the MAC policy modules. This permits modules to export zero or more label elements to user space if desired, and support them in the manner they want and with the semantics they want. This is believed to be the final revision of this interface: from the perspective of user applications, the API has actually not changed, although the ABI has. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Revision Changes Path 1.16 +61 -89 src/sys/sys/mac.h 1.17 +49 -10 src/sys/sys/mac_policy.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message