From owner-p4-projects  Mon Jan 13 17: 7:44 2003
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id AB9DA37B405; Mon, 13 Jan 2003 17:07:36 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2BC2837B401
	for <perforce@freebsd.org>; Mon, 13 Jan 2003 17:07:36 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AAC3243F18
	for <perforce@freebsd.org>; Mon, 13 Jan 2003 17:07:35 -0800 (PST)
	(envelope-from chris@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0E17Zfh025916
	for <perforce@freebsd.org>; Mon, 13 Jan 2003 17:07:35 -0800 (PST)
	(envelope-from chris@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0E17YYY025913
	for perforce@freebsd.org; Mon, 13 Jan 2003 17:07:34 -0800 (PST)
Date: Mon, 13 Jan 2003 17:07:34 -0800 (PST)
Message-Id: <200301140107.h0E17YYY025913@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to chris@freebsd.org using -f
From: Chris Costello <chris@FreeBSD.org>
Subject: PERFORCE change 23708 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://perforce.freebsd.org/chv.cgi?CH=23708

Change 23708 by chris@chris_holly on 2003/01/13 17:07:30

	Finish the system "check" entry points.

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#20 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#20 (text+ko) ====

@@ -5202,6 +5202,264 @@
           <errorcode>EPERM</errorcode> for lack of privilege, or
           <errorcode>ESRCH</errorcode> to hide visibility.</para>
       </sect3>
+
+      <sect3 id="mac-mpo-check-system-acct">
+        <title><function>&mac.mpo;_check_system_acct</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_system_acct</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>ucred</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>vp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>vlabel</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>ucred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>vp</parameter></entry>
+                <entry>Accounting file; &man.acct.5;</entry>
+              </row>
+
+              <row>
+                <entry><parameter>vlabel</parameter></entry>
+                <entry>Label associated with
+                  <parameter>vp</parameter></entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to
+          enable accounting, based on its label and the label of the
+          accounting log file.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-system-nfsd">
+        <title><function>&mac.mpo;_check_system_nfsd</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_system_nfsd</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to call
+            &man.nfssvc.2;.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-system-reboot">
+        <title><function>&mac.mpo;_check_system_reboot</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_system_reboot</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>int <parameter>howto</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>howto</parameter></entry>
+                <entry><parameter>howto</parameter> parameter from
+                    &man.reboot.2;</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to
+          reboot the system in the specified manner.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-system-settime">
+        <title><function>&mac.mpo;_check_system_settime</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_system_settime</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the user should be allowed to set the
+          system clock.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-system-swapon">
+        <title><function>&mac.mpo;_check_system_swapon</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_system_swapon</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>vp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>vlabel</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>vp</parameter></entry>
+                <entry>Swap device</entry>
+              </row>
+
+              <row>
+                <entry><parameter>vlabel</parameter></entry>
+                <entry>Label associated with
+                  <parameter>vp</parameter></entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to add
+          <parameter>vp</parameter> as a swap device.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-system-sysctl">
+        <title><function>&mac.mpo;_check_system_sysctl</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_system_sysctl</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>int *<parameter>name</parameter></paramdef>
+            <paramdef>u_int *<parameter>namelen</parameter></paramdef>
+            <paramdef>void *<parameter>old</parameter></paramdef>
+            <paramdef>size_t
+              *<parameter>oldlenp</parameter></paramdef>
+            <paramdef>int <parameter>inkernel</parameter></paramdef>
+            <paramdef>void *<parameter>new</parameter></paramdef>
+            <paramdef>size_t <parameter>newlen</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>name</parameter></entry>
+                <entry morerows="3">See &man.sysctl.3;</entry>
+              </row>
+
+              <row>
+                <entry><parameter>namelen</parameter></entry>
+              </row>
+
+              <row>
+                <entry><parameter>old</parameter></entry>
+              </row>
+
+              <row>
+                <entry><parameter>oldlenp</parameter></entry>
+              </row>
+
+              <row>
+                <entry><parameter>inkernel</parameter></entry>
+                <entry>Boolean; <literal>1</literal> if called from
+                  kernel</entry>
+              </row>
+
+              <row>
+                <entry><parameter>new</parameter></entry>
+                <entry morerows="1">See &man.sysctl.3;</entry>
+              </row>
+
+              <row>
+                <entry><parameter>newlen</parameter></entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to make
+          the specified &man.sysctl.3; transaction.</para>
+      </sect3>
     </sect2>
     
     <sect2 id="mac-label-management">

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message