From owner-p4-projects  Wed Sep 18 16:53:19 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 3B42C37B404; Wed, 18 Sep 2002 16:53:13 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DBBBC37B401
	for <perforce@freebsd.org>; Wed, 18 Sep 2002 16:53:12 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7C3A043E65
	for <perforce@freebsd.org>; Wed, 18 Sep 2002 16:53:12 -0700 (PDT)
	(envelope-from chris@freebsd.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g8INrCCo014739
	for <perforce@freebsd.org>; Wed, 18 Sep 2002 16:53:12 -0700 (PDT)
	(envelope-from chris@freebsd.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g8INrCwv014736
	for perforce@freebsd.org; Wed, 18 Sep 2002 16:53:12 -0700 (PDT)
Date: Wed, 18 Sep 2002 16:53:12 -0700 (PDT)
Message-Id: <200209182353.g8INrCwv014736@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to chris@freebsd.org using -f
From: Chris Costello <chris@FreeBSD.org>
Subject: PERFORCE change 17681 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17681

Change 17681 by chris@chris_holly on 2002/09/18 16:52:58

	Begin to move things around and make minor corrections as prescribed
	by Garrett Wollman.  This is actually a weeks-old change and will be
	followed up by correctly organizing this document.
	
	  Here are a few points that should be made about this document:
	o all relabel entry points are scattered, not under the right heading
	o there were a few other grammar errors that have yet to be corrected
	o every single entry point requires at least 26 lines of metadata
	o Data is formatted in a suboptimal layout due to DocBook limitations
	o on the current version, we're looking at hastily-written summaries
	o catching-up needs to be done; this document is out of date
	o Best thing to do after that is to mostly re-write each description
	o over the next few weeks, I'll be carrying out those changes
	o over the next few months, I'll decide whether or not I would like to
	  keep this document in the DocBook format, or possibly move it out

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#16 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#16 (text+ko) ====

@@ -688,60 +688,6 @@
             the root file system is mounted, after
             &mac.mpo;_create_mount;.</para>
         </sect4>
-        
-        <sect4 id="mac-mpo-vnode-relabel">
-          <title><function>&mac.mpo;_vnode_relabel</function></title>
-          
-          <funcsynopsis>
-            <funcprototype>
-              <funcdef>void
-                <function>&mac.mpo;_vnode_relabel</function></funcdef>
-              
-              <paramdef>struct ucred
-                *<parameter>cred</parameter></paramdef>
-              <paramdef>struct vnode
-                *<parameter>vp</parameter></paramdef>
-              <paramdef>struct label
-                *<parameter>vnodelabel</parameter></paramdef>
-              <paramdef>struct label
-                *<parameter>newlabel</parameter></paramdef>
-            </funcprototype>
-          </funcsynopsis>
-          
-          <informaltable>
-            <tgroup cols="3">
-              &mac.thead;
-              
-              <tbody>
-                <row>
-                  <entry><parameter>cred</parameter></entry>
-                  <entry>Subject credential</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>vp</parameter></entry>
-                  <entry>vnode to relabel</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>vnodelabel</parameter></entry>
-                  <entry>Existing policy label for
-                    <parameter>vp</parameter></entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>newlabel</parameter></entry>
-                  <entry>New, possibly partial label to replace
-                    <parameter>vnodelabel</parameter></entry>
-                </row>
-              </tbody>
-            </tgroup>
-          </informaltable>
-          
-          <para>Update the label on the passed vnode given the passed
-            update vnode label and the passed subject credential.</para>
-        </sect4>
-        
         <sect4 id="mac-mpo-stdcreatevnode-ea">
           <title><function>&mac.mpo;_stdcreatevnode_ea</function></title>
           
@@ -1233,7 +1179,7 @@
             or prior to &man.accept.2;, depending on the protocol.</para>
         </sect4>
         
-        <sect4 id="mac-mpo-relabel-socekt">
+        <sect4 id="mac-mpo-relabel-socket">
           <title><function>&mac.mpo;_socket_relabel</function></title>
           
           <funcsynopsis>
@@ -2397,7 +2343,7 @@
           </informaltable>
           
           <para>Create the subject credential of process 1, the parent
-            of all kernel processes.</para>
+            of all user processes.</para>
         </sect4>
         
         <sect4 id="mac-mpo-cred-relabel">
@@ -2449,7 +2395,7 @@
         entry point will include one or more authorizing credentials,
         information (possibly including a label) for any other objects
         involved in the operation.  An access control entry point may
-        return 0 to permit the operation, and an &man.errno.2; error
+        return 0 to permit the operation, or an &man.errno.2; error
         value.  The results of invoking the entry point across various
         registered policy modules will be composed as follows: if all
         modules permit the operation to succeed, success will be
@@ -4733,6 +4679,59 @@
         calls are not permitted to fail (failure should be reported
         earlier in the relabel check).</para>
       
+      <sect3 id="mac-mpo-vnode-relabel">
+        <title><function>&mac.mpo;_vnode_relabel</function></title>
+        
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>void
+              <function>&mac.mpo;_vnode_relabel</function></funcdef>
+            
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>vp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>vnodelabel</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>newlabel</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+        
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+            
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+              
+              <row>
+                <entry><parameter>vp</parameter></entry>
+                <entry>vnode to relabel</entry>
+              </row>
+                
+              <row>
+                <entry><parameter>vnodelabel</parameter></entry>
+                <entry>Existing policy label for
+                  <parameter>vp</parameter></entry>
+              </row>
+              
+              <row>
+                <entry><parameter>newlabel</parameter></entry>
+                <entry>New, possibly partial label to replace
+                  <parameter>vnodelabel</parameter></entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+        
+        <para>Update the label on the passed vnode given the passed
+          update vnode label and the passed subject credential.</para>
+      </sect3>
+        
       <sect3 id="mac-mpo-init-bpfdesc">
         <title><function>&mac.mpo;_init_bpfdesc</function></title>
         

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message