From owner-p4-projects@FreeBSD.ORG Mon Jan 9 20:01:53 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id F267716A422; Mon, 9 Jan 2006 20:01:52 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB66216A41F for ; Mon, 9 Jan 2006 20:01:52 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8355C43D48 for ; Mon, 9 Jan 2006 20:01:50 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k09K1o7b064793 for ; Mon, 9 Jan 2006 20:01:50 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k09K1oBa064790 for perforce@freebsd.org; Mon, 9 Jan 2006 20:01:50 GMT (envelope-from csjp@freebsd.org) Date: Mon, 9 Jan 2006 20:01:50 GMT Message-Id: <200601092001.k09K1oBa064790@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Cc: Subject: PERFORCE change 89432 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jan 2006 20:01:53 -0000 http://perforce.freebsd.org/chv.cgi?CH=89432 Change 89432 by csjp@csjp_xor on 2006/01/09 20:01:34 Now that we have support for labeling in NFS, teach the BIBA policy about it. For now, the NFSD label will be set to biba/high(low-high). This is going to change, however. We need to think about what makes the most sense. Should the label be inherited from the NFSD process which makes the nfssvc() call? Should it come from the network interface the NFS request was recieved on? We need to give this some thought. It should be noted that this fixed a panic which occurs when files are created through NFS. This happpend because the object label was not properly initialized. So this effectively un-breaks BIBA+NFS We will need to do something similar for other labeled security policies, too. Hopefully I have the time to do this. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#259 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#259 (text+ko) ==== @@ -49,6 +49,7 @@ #include #include #include +#include #include #include #include @@ -3083,6 +3084,17 @@ return (0); } +static void +mac_biba_associate_nfsd_label(struct ucred *cred) +{ + struct mac_biba *label; + + label = SLOT(cred->cr_label); + mac_biba_set_effective(label, MAC_BIBA_TYPE_HIGH, 0, NULL); + mac_biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, + MAC_BIBA_TYPE_HIGH, 0, NULL); +} + static struct mac_policy_ops mac_biba_ops = { .mpo_init = mac_biba_init, @@ -3262,6 +3274,7 @@ .mpo_check_vnode_setutimes = mac_biba_check_vnode_setutimes, .mpo_check_vnode_stat = mac_biba_check_vnode_stat, .mpo_check_vnode_write = mac_biba_check_vnode_write, + .mpo_associate_nfsd_label = mac_biba_associate_nfsd_label, }; MAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba",