Date: Sun, 18 Aug 2002 13:24:32 -0700 (PDT) From: Chris Costello <chris@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 16219 for review Message-ID: <200208182024.g7IKOWJ7057182@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16219 Change 16219 by chris@chris_holly on 2002/08/18 13:24:00 Apply introductory text written by Robert Watson, and a few more sections written by same. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#13 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#13 (text+ko) ==== @@ -70,59 +70,180 @@ (Discreationary Access Control) policies of BSD Unix systems.</para> <para>This chapter introduces the MAC policy framework and - provides documentation for an sample MAC policy module.</para> + provides documentation for a sample MAC policy module.</para> </sect1> - <sect1 id="mac-architecture"> - <title>Architecture</title> - <para>XFIG: .. MAC architecture, the path of process -> syscall -> - MAC_PERFORM -> policy</para> + <sect1 id="mac-introduction"> + <title>Introduction</title> + + <para>The TrustedBSD MAC framework provides a mechanism to allow + the compile-time or run-time extension of the kernel access + control model. New system policies may be implemented as + kernel modules and linked to the kernel; if multiple policy + modules are present, their results will be composed. While the + framework is intended to support a variety of access control + models, its design was derived from the requirements of a set + of specific access control models required for the TrustedBSD + and CBOSS Projects. This includes support for fixed and + floating label Biba integrity policies, the MLS + confidentiality policy, the Type Enforcement rule-based access + control policy, and the ability to support layering of the NSA + FLASK framework above the TrustedBSD MAC framework. This + document describes the rough architecture of the framework, + with the understanding that this is a work-in-progress and may + change subtantially as requirements evolve.</para> + </sect1> + + <sect1 id="mac-kernel-arch"> + <title>Kernel Architecture</title> + + <para>The TrustedBSD MAC framework provides the opportunity for + policy modules to be augment system access control decisions. + Policies are permitted the opportunity to restrict the set of + rights available for processes at a variety of relevant points + in the kernel. In addition, they are provided the opportunity + to tag processes and various kernel objects with labels storing + access control information. Policy modules may register + interest in a subset of the total available events or objects, + and are not required to implement events or objects that are not + relevant to the policy. Multiple modules may be loaded at once, + and the results of the modules are composed as necessary to + build an over-all system policy. Policy modules may be + implemented such that they can be loaded on-demand at run-time, + or such that they may only be loaded early in the boot process. + This permits policies requiring pervasive labeling of all + objects to prevent improper use.</para> </sect1> - - <sect1 id="mac-locking"> - <title>Locking</title> - - <!-- XXX: Update this; copied from mac(9). --> - <para>Module writers must be aware of the locking semantics of - entry points that they implement: MAC API entry points will have - specific locking or reference counting semantics for each - argument, and modules must follow the locking and reference - counting protocol or risk a variety of failure modes, including - race conditions, imappropriate pointer dereferences, etc.</para> - - <para>MAC module writers must also be aware that MAC API entry - points will frequently be invoked from deep in a kernel stack, - and as such must be careful to avoid violating more global - locking requirements, such as global lock order requirements. - For example, it may be inappropriate to lock additional objects - not specifically maintained and ordered by the policy module, or - the policy module might violate a global ordering requirement - relating to those additional objects.</para> - - <para>Finally, MAC API module implementors must be careful to - avoid inappropriately calling back into the MAC framework: the - framework makes use of locking to prevent inconsistencies during - policy module attachment and detachment. MAC API modules should - avoid producing scenarios in which deadlocks or inconsistencies - might occur.</para> + + <sect1 id="mac-userland-arch"> + <title>Userland Architecture</title> + + <para>...</para> </sect1> - <sect1 id="mac-policy-ops"> - <title>Policy Operations</title> + <sect1 id="mac-entry-point"> + <title>Entry Point Framework</title> + + <para>Four classes of entry points are offered to policies + registered with the framework: entry points associated with + the registration and management of policies, entry points + denoting initialization, creation, destruction, and other life + cycle events for kernel objects, events assocated with access + control decisions that the policy module may influence, and + calls associated with the management of labels on objects. In + addition, a <function>mac_syscall()</function> entry point is + provided so that policies may extend the kernel interface + without registering new system calls.</para> + + <para>Policy module writers should be aware of the kernel + locking strategy, as well as what object locks are available + during which entry points. Writers should attempt to avoid + deadlock scenarios by avoiding grabbing non-leaf locks inside + of entry points, and also follow the locking protocol for + object access and modification. In particular, writers should + be aware that while necessary locks to access objects and + their labels are generally held, sufficient locks to modify an + object or its label may not be present for all entry points. + Locking information for arguments is documented in the MAC + framework entry point document.</para> + + <para>Policy entry points will pass a reference to the object + label along with the object itself. This permits labeled + policies to be unaware of the internals of the object yet + still make decisions based on the label. The exception to this + is the process credential, which is assumed to be understood + by policies as a first class security object in the kernel. + Policies that do not implement labels on kernel objects will + be passed NULL pointers for label arguments to entry + points.</para> + + <sect2 id="policy-module-registration"> + <title>Policy Module Registration</title> + + <para>Modules may be declared using the + <function>MAC_POLICY_SET()</function> macro, which names the + policy, provides a reference to the MAC entry point vector, + provides load-time flags determining how the policy framework + should handle the policy, and optionally requests the + allocation of label state by the framework:</para> + + <programlisting>static struct mac_policy_op_entry mac_none_ops[] = +{ + { MAC_DESTROY, + (macop_t)mac_none_destroy }, + { MAC_INIT, + (macop_t)mac_none_init }, + { MAC_INIT_BPFDESC, + (macop_t)mac_none_init_bpfdesc }, +/* ... */ + { MAC_CHECK_VNODE_STAT, + (macop_t)mac_none_check_vnode_stat }, + { MAC_CHECK_VNODE_WRITE, + (macop_t)mac_none_check_vnode_write }, + { MAC_OP_LAST, NULL } +};</programlisting> - <para>The MAC policy framework implements policy operation entry - points which supply policy modules with relevant data on a - subject and the operation it is attempting to perform on an - object.</para> - - <sect2 id="mac-module-ops"> - <title>Policy Module Operations</title> - - <para>The MAC policy framework includes the ability for policies - to be compiled as separate loadable kernel modules. The - following entry points are defined for module-related - events.</para> + <para>The MAC policy entry point vector, + <varname>mac_none_ops</varname> in this example, associates + functions defined in the module with specific entry points. A + complete listing of available entry points and their + prototypes may be found in the MAC entry point reference + section. Of specific interest during module registration are + the <symbol>MAC_DESTROY</symbol> and <symbol>MAC_INIT</symbol> + entry points. <symbol>MAC_INIT</symbol> will be invoked once a + policy is successfully registered with the module framework + but prior to any other entry points becoming active. This + permits the policy to perform any policy-specific allocation + and initialization, such as initialization of any data or + locks. <symbol>MAC_DESTROY</symbol> will be invoked when a + policy module is unloaded to permit releasing of any allocated + memory and destruction of locks. Currently, these two entry + points are invoked with the MAC policy list mutex held to + prevent any other entry points from being invoked: this will + be changed, but in the mean time, policies should be careful + about what kernel primitives they invoke so as to avoid lock + ordering or sleeping problems.</para> + + <para>The policy declaration's module name field exists so that + the module may be uniquely identified for the purposes of + module dependencies. An appropriate string should be selected. + The full string name of the policy is displayed to the user + via the kernel log during load and unload events, and also + exported when providing status information to userland + processes.</para> + + <para>The policy flags field permits the module to provide the + framework with information about its loader-related + capabilities. Currently, two flags are defined:</para> + + <variablelist> + <varlistentry> + <term>MPC_LOADTIME_FLAG_UNLOADOK</term> + + <listitem> + <para>This flag indicates that the policy module may be + unloaded. If this flag is not provided, then the policy + framework will reject requests to unload the module. + This flag might be used by modules that allocate label + state and are unable to free that state at + runtime.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>MPC_LOADTIME_FLAG_NOTLATE</term> + + <listitem><para>This flag indicates that the policy module + must be loaded and initialized early in the boot + process. If the flag is specified, attempts to register + the module following boot will be rejected. The flag + may be used by policies that require pervasive labeling + of all system objects, and cannot handle objects that + have not been properly initialized by the policy.</para> + </listitem> + </varlistentry> + </variablelist> <sect3 id="mac-mpo-init"> <title><function>&mac.mpo;_init</function</title> @@ -184,891 +305,82 @@ caution should be applied.</para> </sect3> </sect2> + + <sect2 id="mac-label-events"> + <title>Label Events</title> + + <para>This class of entry points is used by the MAC framework to + permit policies to maintain label information on kernel + objects. For each labeled kernel object of interest to a MAC + policy, entry points may be registered for relevant life cycle + events. All objects implement initialization, creation, and + destruction hooks. Some objects will also implement + relabeling, allowing user processes to change the labels on + objects. Some objects will also implement object-specific + events, such as label events associated with IP reassembly. A + typical labeled object will have the following life cycle of + entry points:</para> - <sect2 id="mac-label-operations"> - <title>Label Operations</title> + <programlisting>Label initialization o +(object-specific wait) \ +Label creation o + \ +Relabel events, o--<--. +Various object-specific, | | +Access control events ~-->--o + \ +Label destruction o</programlisting> + + <para>Label initialization permits policies to allocate memory + and set initial values for labels without context for the use + of the object. The label slot allocated to a policy will be + zero'd by default, so some policies may not need to perform + initialization.</para> + + <para>Label creation occurs when the kernel structure is + associated with an actual kernel object. For example, mbufs + may be allocated and remain unused in a pool until they are + required. mbuf allocation causes label initialization on the + mbuf to take place, but mbuf creation occurs when the mbuf is + associated with a datagram. Typically, context will be + provided for a creation event, including the circumstances of + the creation, and labels of other relevant objects in the + creation process. For example, when an mbuf is created from a + socket, the socket and its label will be presented to + registered policies in addition to the new mbuf and its label. + Memory allocation in creation events is discouraged, as it may + occur in performance sensitive ports of the kernel; in + addition, creation calls are not permitted to fail so a + failure to allocate memory cannot be reported.</para> + + <para>Object specific events do not generally fall into the + other broad classes of label events, but will generally + provide an opportunity to modify or update the label on an + object based on additional context. For example, the label on + an IP fragment reassembly queue may be updated during the + <symbol>MAC_UPDATE_IPQ</symbol> entry point as a result of the + acceptance of an additional mbuf to that queue.</para> + + <para>Access control events are discussed in detail in the + following section.</para> + + <para>Label destruction permits policies to release storage or + state associated with a label during its association with an + object so that the kernel data structures supporting the + object may be reused or released.</para> + + <para>In addition to labels associated with specific kernel + objects, an additional class of labels exists: temporary + labels. These labels are used to store update information + submitted by user processes. These labels are initialized and + destroyed as with other label types, but the creation event is + <symbol>MAC_INTERNALIZE</symbol>, which accepts a user label + to be converted to an in-kernel representation.</para> - <para>...</para> - - <sect3 id="mac-mpo-init-bpfdesc"> - <title><function>&mac.mpo;_init_bpfdesc</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_init_bpfdesc</function></funcdef> - - <paramdef>struct bpf_d - *<parameter>bpf_d</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>bpf_d</parameter></entry> - <entry>Object; bpf descriptor</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>New label to apply</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Initialize the label on a newly instantiated bpfdesc (BPF - descriptor)</para> - </sect3> - - <sect3 id="mac-mpo-init-devfsdirent"> - <title><function>&mac.mpo;_init_devfsdirent</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_init_devfsdirent</function></funcdef> - - <paramdef>struct devfs_dirent - *<parameter>devfs_dirent</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>devfs_dirent</parameter></entry> - <entry>Object; devfs directory entry</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>New label to apply</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Initialize the label on a newly instantiated devfs - entry.</para> - </sect3> - - <sect3 id="mac-mpo-init-ifnet"> - <title><function>&mac.mpo;_init_ifnet</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_init_ifnet</function></funcdef> - - <paramdef>struct ifnet - *<parameter>ifnet</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>ifnet</parameter></entry> - <entry>Object; network interface</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>New label to apply</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Initialize the label on a newly instantiated network - interface.</para> - </sect3> - - <sect3 id="mac-mpo-init-ipq"> - <title><function>&mac.mpo;_init_ipq</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_init_ipq</function></funcdef> - - <paramdef>struct ipq - *<parameter>ipq</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>ipq</parameter></entry> - <entry>Object; IP reassembly queue</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>New label to apply</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Initialize the label on a newly instantiated IP fragment - reassembly queue.</para> - </sect3> - - <sect3 id="mac-mpo-init-mbuf"> - <title><function>&mac.mpo;_init_mbuf</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_init_mbuf</function></funcdef> - - <paramdef>struct mbuf - *<parameter>mbuf</parameter></paramdef> - <paramdef>int <parameter>how</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>mbuf</parameter></entry> - <entry>Object; mbuf</entry> - </row> - - <row> - <entry><parameter>how</parameter></entry> - <entry>Blocking/non-blocking &man.malloc.9; see - below</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>Policy label to initialize</entry> - </tbody> - </tgroup> - </informaltable> - - <para>Initialize the label on a newly instantiated mbuf packet - header (<parameter>mbuf</parameter>). The - <parameter>how</parameter> field may be one of - <symbol>M_WAITOK</symbol> and <symbol>M_NOWAIT</symbol>, and - should be employed to avoid performing a blocking - &man.malloc.9; during this initialization call. Mbuf - allocation frequently occurs in performance sensitive - environments, and the implementation should be careful to - avoid blocking or long-lived operations. This entry point - is permitted to fail resulting in the failure to allocate - the mbuf header.</para> - </sect3> - - <sect3 id="mac-mpo-init-mount"> - <title><function>&mac.mpo;_init_mount</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_init_mount</function></funcdef> - - <paramdef>struct mount - *<parameter>mount</parameter></paramdef> - <paramdef>struct label - *<parameter>mntlabel</parameter></paramdef> - <paramdef>struct label - *<parameter>fslabel</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <!-- XXX: Wording on label descriptions. --> - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>mount</parameter></entry> - <entry>Object; file system mount point</entry> - </row> - - <row> - <entry><parameter>mntlabel</parameter></entry> - <entry>Policy label to be initialized for the mount - itself</entry> - </row> - - <row> - <entry><parameter>fslabel</parameter></entry> - <entry>Policy label to be initialized for the file - system</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Initialize the labels on a newly instantiated mount - point.</para> - </sect3> - - <sect3 id="mac-mpo-init-socket"> - <title><function>&mac.mpo;_init_socket</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_init_socket</function></funcdef> - - <paramdef>struct socket - *<parameter>socket</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - <paramdef>struct label - *<parameter>peerlabel</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>socket</parameter></entry> - <entry>Object; socket</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>New label to apply to the socket</entry> - </row> - - <row> - <entry><parameter>peerlabel</parameter></entry> - <entry>New label to apply to the socket's peer</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Initialize the labels on a newly instantiated - socket.</para> - </sect3> - - <sect3 id="mac-mpo-init-cred"> - <title><function>&mac.mpo;_init_cred</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_init_cred</function></funcdef> - - <paramdef>struct ucred - *<parameter>cred</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>cred</parameter></entry> - <entry>Subject; user credetial</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>New label</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Initialize the labels on a newly instantiated subject.</para> - </sect3> - - <sect3 id="mac-mpo-init-temp"> - <title><function>&mac.mpo;_init_temp</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_init_temp</function></funcdef> - - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>label</parameter></entry> - <entry>Temporary label</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Initialize a newly instantiated temporary label; - temporary labels are frequently used to hold label update - requests.</para> - </sect3> - - <sect3 id="mac-mpo-init-vnode"> - <title><function>&mac.mpo;_init_vnode</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_init_vnode</function></funcdef> - - <paramdef>struct vnode - *<parameter>vp</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>vp</parameter></entry> - <entry>Object; file system object</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>New label to initialize</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Initialize the label on a newly instantiated vnode.</para> - </sect3> - - <sect3 id="mac-mpo-destroy-bpfdesc"> - <title><function>&mac.mpo;_destroy_bpfdesc</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_destroy_bpfdesc</function></funcdef> - - <paramdef>struct bpf_d - *<parameter>bpf_d</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>bpf_d</parameter></entry> - <entry>Object; bpf descriptor</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>Label being destroyed</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Destroy the label on a BPF descriptor. In this entry - point, a policy module should free any internal storage - associated with <parameter>label</parameter> so that it may - be destroyed.</para> - </sect3> - - <sect3 id="mac-mpo-destroy-devfsdirent"> - <title><function>&mac.mpo;_destroy_devfsdirent</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_destroy_devfsdirent</function></funcdef> - - <paramdef>struct devfs_dirent - *<parameter>devfs_dirent</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>devfs_dirent</parameter></entry> - <entry>Object; devfs directory entry</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>Label being destroyed</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Destroy the label on a devfs entry. In this entry - point, a policy module should free any internal storage - asociated with <parameter>label</parameter> so that it may - be destroyed.</para> - </sect3> - - <sect3 id="mac-mpo-destroy-ifnet"> - <title><function>&mac.mpo;_destroy_ifnet</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_destroy_ifnet</function></funcdef> - - <paramdef>struct ifnet - *<parameter>ifnet</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>ifnet</parameter></entry> - <entry>Object; network interface</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>Label being destroyed</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Destroy the label on a removed interface. In this entry - point, a policy module should free any internal storage - associated with <parameter>label</parameter> so that it may - be destroyed.</para> - </sect3> - - <sect3 id="mac-mpo-destroy-ipq"> - <title><function>&mac.mpo;_destroy_ipq</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_destroy_ipq</function></funcdef> - - <paramdef>struct ipq - *<parameter>ipq</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>ipq</parameter></entry> - <entry>Object; IP reassembly queue</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>Label being destroyed</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Destroy the label on an IP fragment queue. In this - entry point, a policy module should free any internal - storage associated with <parameter>label</parameter> so that - it may be destroyed.</para> - </sect3> - - <sect3 id="mac-mpo-destroy-mbuf"> - <title><function>&mac.mpo;_destroy_mbuf</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_destroy_mbuf</function></funcdef> - - <paramdef>struct mbuf - *<parameter>mbuf</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>mbuf</parameter></entry> - <entry>Object; mbuf</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>Label being destroyed</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Destroy the label on an mbuf header. In this entry - point, a policy module should free any internal storage - associated with <parameter>label</parameter> so that it may - be destroyed.</para> - </sect3> - - <sect3 id="mac-mpo-destroy-mount"> - <title><function>&mac.mpo;_destroy_mount</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_destroy_mount</function></funcdef> - - <paramdef>struct mount - *<parameter>mp</parameter></paramdef> - <paramdef>struct label - *<parameter>mntlabel</parameter></paramdef> - <paramdef>struct label - *<parameter>fslabel</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>mp</parameter></entry> - <entry>Object; file system mount point</entry> - </row> - - <row> - <entry><parameter>mntlabel</parameter></entry> - <entry>Mount point label being destroyed</entry> - </row> - - <row> - <entry><parameter>fslabel</parameter></entry> - <entry>File system label being destroyed> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Destroy the labels on a mount point. In this entry - point, a policy module should free the internal storage - associated with <parameter>mntlabel</parameter> and - <parameter>fslabel</parameter> so that they may be - destroyed.</para> - </sect3> - - <sect3 id="mac-mpo-destroy-socket"> - <title><function>&mac.mpo;_destroy_socket</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_destroy_socket</function></funcdef> - - <paramdef>struct socket - *<parameter>socket</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - <paramdef>struct label - *<parameter>peerlabel</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>socket</parameter></entry> - <entry>Object; socket</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>Socket label being destroyed</entry> - </row> - - <row> - <entry><parameter>peerlabel</parameter></entry> - <entry>Socket peer label being destroyed</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Destroy the labels on a socket. In this entry point, a - policy module should free any internal storage associated - with <parameter>label</parameter> and - <parameter>peerlabel</parameter> so that they may be >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208182024.g7IKOWJ7057182>