Date: Mon, 13 Jan 2003 17:07:34 -0800 (PST) From: Chris Costello <chris@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 23708 for review Message-ID: <200301140107.h0E17YYY025913@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=23708 Change 23708 by chris@chris_holly on 2003/01/13 17:07:30 Finish the system "check" entry points. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#20 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#20 (text+ko) ==== @@ -5202,6 +5202,264 @@ <errorcode>EPERM</errorcode> for lack of privilege, or <errorcode>ESRCH</errorcode> to hide visibility.</para> </sect3> + + <sect3 id="mac-mpo-check-system-acct"> + <title><function>&mac.mpo;_check_system_acct</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_system_acct</function></funcdef> + + <paramdef>struct ucred + *<parameter>ucred</parameter></paramdef> + <paramdef>struct vnode + *<parameter>vp</parameter></paramdef> + <paramdef>struct label + *<parameter>vlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>ucred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>vp</parameter></entry> + <entry>Accounting file; &man.acct.5;</entry> + </row> + + <row> + <entry><parameter>vlabel</parameter></entry> + <entry>Label associated with + <parameter>vp</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject should be allowed to + enable accounting, based on its label and the label of the + accounting log file.</para> + </sect3> + + <sect3 id="mac-mpo-check-system-nfsd"> + <title><function>&mac.mpo;_check_system_nfsd</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_system_nfsd</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject should be allowed to call + &man.nfssvc.2;.</para> + </sect3> + + <sect3 id="mac-mpo-check-system-reboot"> + <title><function>&mac.mpo;_check_system_reboot</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_system_reboot</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>int <parameter>howto</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>howto</parameter></entry> + <entry><parameter>howto</parameter> parameter from + &man.reboot.2;</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject should be allowed to + reboot the system in the specified manner.</para> + </sect3> + + <sect3 id="mac-mpo-check-system-settime"> + <title><function>&mac.mpo;_check_system_settime</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_system_settime</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the user should be allowed to set the + system clock.</para> + </sect3> + + <sect3 id="mac-mpo-check-system-swapon"> + <title><function>&mac.mpo;_check_system_swapon</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_system_swapon</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct vnode + *<parameter>vp</parameter></paramdef> + <paramdef>struct label + *<parameter>vlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>vp</parameter></entry> + <entry>Swap device</entry> + </row> + + <row> + <entry><parameter>vlabel</parameter></entry> + <entry>Label associated with + <parameter>vp</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject should be allowed to add + <parameter>vp</parameter> as a swap device.</para> + </sect3> + + <sect3 id="mac-mpo-check-system-sysctl"> + <title><function>&mac.mpo;_check_system_sysctl</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_check_system_sysctl</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>int *<parameter>name</parameter></paramdef> + <paramdef>u_int *<parameter>namelen</parameter></paramdef> + <paramdef>void *<parameter>old</parameter></paramdef> + <paramdef>size_t + *<parameter>oldlenp</parameter></paramdef> + <paramdef>int <parameter>inkernel</parameter></paramdef> + <paramdef>void *<parameter>new</parameter></paramdef> + <paramdef>size_t <parameter>newlen</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>name</parameter></entry> + <entry morerows="3">See &man.sysctl.3;</entry> + </row> + + <row> + <entry><parameter>namelen</parameter></entry> + </row> + + <row> + <entry><parameter>old</parameter></entry> + </row> + + <row> + <entry><parameter>oldlenp</parameter></entry> + </row> + + <row> + <entry><parameter>inkernel</parameter></entry> + <entry>Boolean; <literal>1</literal> if called from + kernel</entry> + </row> + + <row> + <entry><parameter>new</parameter></entry> + <entry morerows="1">See &man.sysctl.3;</entry> + </row> + + <row> + <entry><parameter>newlen</parameter></entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Determine whether the subject should be allowed to make + the specified &man.sysctl.3; transaction.</para> + </sect3> </sect2> <sect2 id="mac-label-management"> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301140107.h0E17YYY025913>