From owner-dev-commits-src-main@freebsd.org Sat Feb 27 16:52:01 2021 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5B15454C94B; Sat, 27 Feb 2021 16:52:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Dnsxs29Tlz3MQ8; Sat, 27 Feb 2021 16:52:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3D55521387; Sat, 27 Feb 2021 16:52:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 11RGq1ct064518; Sat, 27 Feb 2021 16:52:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 11RGq1YX064517; Sat, 27 Feb 2021 16:52:01 GMT (envelope-from git) Date: Sat, 27 Feb 2021 16:52:01 GMT Message-Id: <202102271652.11RGq1YX064517@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Robert Watson Subject: git: 7bfd84444e6f - main - Provide a man page for VOP_SETLABEL(9). MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rwatson X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7bfd84444e6ff182abac2e08d6efcd2dc9ddc944 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Feb 2021 16:52:01 -0000 The branch main has been updated by rwatson: URL: https://cgit.FreeBSD.org/src/commit/?id=7bfd84444e6ff182abac2e08d6efcd2dc9ddc944 commit 7bfd84444e6ff182abac2e08d6efcd2dc9ddc944 Author: Robert Watson AuthorDate: 2021-02-27 16:51:00 +0000 Commit: Robert Watson CommitDate: 2021-02-27 16:51:13 +0000 Provide a man page for VOP_SETLABEL(9). MFC after: 3 days --- share/man/man9/VOP_SETLABEL.9 | 128 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) diff --git a/share/man/man9/VOP_SETLABEL.9 b/share/man/man9/VOP_SETLABEL.9 new file mode 100644 index 000000000000..8b7e54e515cc --- /dev/null +++ b/share/man/man9/VOP_SETLABEL.9 @@ -0,0 +1,128 @@ +.\"- +.\" Copyright (c) 2021 Robert N. M. Watson +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd February 27, 2021 +.Dt VOP_SETLABEL 9 +.Os +.Sh NAME +.Nm VOP_SETLABEL +.Nd persistently store an updated MAC label on a vnode +.Sh SYNOPSIS +.In sys/param.h +.In sys/vnode.h +.In security/mac.h +.Ft int +.Fn VOP_SETLABEL "struct vnode *vp" "label *label" +.Sh DESCRIPTION +This vnode call is made by +.Xr mac 9 +file relabeling operation has been authorized, and the filesystem must now be +updated. +.Ss Single-Label vs. Multi-Label Filesystems +Filesystems that do not implement per-file labels -- known as single-label +filesystems -- can simply leave the +.Xr vnode 9 +operation undefined. +These filesystems must not set the +.Dv MNT_MULTLABEL +flag in their +.Vt struct mount . +.Pp +Filesystems that do implement per-vnode label storage -- known as multi-label +filesystems -- will set the +.Dv MNT_MULTILABEL +flag in their +.Vt struct mount . +The UFS filesystem uses a superblock flag to persisently configure whether a +specific filesystem implements a label for each +.Xr vnode 9 , +and then keys various behaviors on whether that flag is set. +.Ss Extended Attributes +If the filesystem implements extended attributes, then the MAC Framework's +.Fn vop_stdsetlabel_ea +function can be used, and maps operations into a series of +.Xr VOP_OPENEXTATTR 9 , +.Xr VOP_WRITEEXTATTR 9 , +and +.Xr VOP_CLOSEEXTATTR 9 . +.Pp +Filesystems will also need to call +.Fn mac_vnode_create_extattr +when a new filesystem object is created, so that suitable extended attributes +can be written out, and +.Fn mac_vnode_associate_extattr +when a +.Xr vnode 9 +is associated with a filesystem object for the first time. +These utility functions use +.Xr VOP_OPENEXTATTR 9 , +.Xr VOP_READEXTATTR 9 , +.Xr VOP_WRITEEXTATTR 9 , +and +.Xr VOP_CLOSEEXTATTR 9 +as required. +.Pp +.Ss Locking and Crash Safety +In all cases, it is important that exclusive +.Xr vnode 9 +locks be held to prevent concurrent access when a MAC label may not yet be +initialized. +It is also important that operations are ordered so that a system crash does +not leave a file improperly labeled. +For example, the extended attribute for a newly created file must be written +to disk before the file is linked by its parent directory, so that there is +no opportunity for a crash to lead to an unlabeled file. +.Sh LOCKS +The vnode will be locked on entry and should remain locked on return. +.Sh RETURN VALUES +If the MAC label is successfully set, then zero is returned. +Otherwise, an appropriate error code is returned. +.Sh ERRORS +.Bl -tag -width Er +.It Bq Er EOPNOTSUPP +The file system does not support +.Fn VOP_SETLABEL . +.It Bq Er ENOSPC +The file system is out of space. +.It Bq Er EROFS +The file system is read-only. +.El +.Pp +Depending on the underlying implementation of +.Fn VOP_SETLABEL , +other errors may also be possible. +.Sh SEE ALSO +.Xr VOP_CLOSEEXTATTR 9 , +.Xr VOP_OPENEXTATTR 9 , +.Xr VOP_READEXTATTR 9 , +.Xr VOP_WRITEXTATTR 9 , +.Xr mac 9 , +.Xr mount 9 , +.Xr vnode 9 , +.Sh AUTHORS +This manual page was written by +.An Robert Watson .