From owner-cvs-all  Thu Aug  1  8:37:20 2002
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id AC34737B401; Thu,  1 Aug 2002 08:37:13 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 725D343E3B; Thu,  1 Aug 2002 08:37:13 -0700 (PDT)
	(envelope-from rwatson@FreeBSD.org)
Received: from freefall.freebsd.org (rwatson@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g71FbDJU080409;
	Thu, 1 Aug 2002 08:37:13 -0700 (PDT)
	(envelope-from rwatson@freefall.freebsd.org)
Received: (from rwatson@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g71FbCEa080408;
	Thu, 1 Aug 2002 08:37:12 -0700 (PDT)
Message-Id: <200208011537.g71FbCEa080408@freefall.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Thu, 1 Aug 2002 08:37:12 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/sys/kern vfs_syscalls.c
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

rwatson     2002/08/01 08:37:12 PDT

  Modified files:
    sys/kern             vfs_syscalls.c 
  Log:
  Introduce support for Mandatory Access Control and extensible
  kernel access control.
  
  Invoke appropriate MAC entry points to authorize the following
  operations:
  
          truncate on open()                      (write)
          access()                                (access)
          readlink()                              (readlink)
          chflags(), lchflags(), fchflags()       (setflag)
          chmod(), fchmod(), lchmod()             (setmode)
          chown(), fchown(), lchown()             (setowner)
          utimes(), lutimes(), futimes()          (setutimes)
          truncate(), ftrunfcate()                (write)
          revoke()                                (revoke)
          fhopen()                                (open)
          truncate on fhopen()                    (write)
          extattr_set_fd, extattr_set_file()      (setextattr)
          extattr_get_fd, extattr_get_file()      (getextattr)
          extattr_delete_fd(), extattr_delete_file() (setextattr)
  
  These entry points permit MAC policies to enforce a variety of
  protections on vnodes.  More vnode checks to come, especially in
  non-native ABIs.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, NAI Labs
  
  Revision  Changes    Path
  1.277     +95 -10    src/sys/kern/vfs_syscalls.c

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message