Date: Fri, 22 Mar 2002 11:57:42 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_prot.c src/sys/netinet raw_ip.c tcp_subr.c udp_usrreq.c src/sys/sys systm.h Message-ID: <200203221957.g2MJvgS80358@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2002/03/22 11:57:42 PST
Modified files:
sys/kern kern_prot.c
sys/netinet raw_ip.c tcp_subr.c udp_usrreq.c
sys/sys systm.h
Log:
Merge from TrustedBSD MAC branch:
Move the network code from using cr_cansee() to check whether a
socket is visible to a requesting credential to using a new
function, cr_canseesocket(), which accepts a subject credential
and object socket. Implement cr_canseesocket() so that it does a
prison check, a uid check, and add a comment where shortly a MAC
hook will go. This will allow MAC policies to seperately
instrument the visibility of sockets from the visibility of
processes.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Revision Changes Path
1.144 +23 -0 src/sys/kern/kern_prot.c
1.91 +2 -2 src/sys/netinet/raw_ip.c
1.125 +4 -4 src/sys/netinet/tcp_subr.c
1.105 +3 -3 src/sys/netinet/udp_usrreq.c
1.165 +2 -0 src/sys/sys/systm.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203221957.g2MJvgS80358>