From owner-cvs-src@FreeBSD.ORG  Wed May 18 00:32:07 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B794A16A4CE; Wed, 18 May 2005 00:32:07 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8CB0D43D70; Wed, 18 May 2005 00:32:06 +0000 (GMT)
	(envelope-from csjp@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j4I0W5Ec063481;
	Wed, 18 May 2005 00:32:05 GMT
	(envelope-from csjp@repoman.freebsd.org)
Received: (from csjp@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j4I0W5nZ063480;
	Wed, 18 May 2005 00:32:05 GMT
	(envelope-from csjp)
Message-Id: <200505180032.j4I0W5nZ063480@repoman.freebsd.org>
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
Date: Wed, 18 May 2005 00:32:05 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: RELENG_5
Subject: cvs commit: src/sys/security/mac mac_vfs.csrc/sys/security/mac_biba
 mac_biba.c src/sys/security/mac_lomac mac_lomac.c
 src/sys/security/mac_mls mac_mls.c src/sys/security/mac_stub...
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2005 00:32:07 -0000

csjp        2005-05-18 00:32:05 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_5)
    sys/security/mac     mac_vfs.c 
    sys/security/mac_biba mac_biba.c 
    sys/security/mac_lomac mac_lomac.c 
    sys/security/mac_mls mac_mls.c 
    sys/security/mac_stub mac_stub.c 
    sys/security/mac_test mac_test.c 
    sys/sys              mac.h mac_policy.h 
    sys/vm               vm_mmap.c 
  Log:
  MFC
  Move MAC check_vnode_mmap entry point out from being exclusive to
  MAP_SHARED so that the entry point gets executed un-conditionally.
  This may be useful for security policies which want to perform access
  control checks around run-time linking.
  
  -add the mmap(2) flags argument to the check_vnode_mmap entry point
   so that we can make access control decisions based on the type of
   mapped object.
  -update any dependent API around this parameter addition such as
   function prototype modifications, entry point parameter additions
   and the inclusion of sys/mman.h header file.
  -Change the MLS, BIBA and LOMAC security policies so that subject
   domination routines are not executed unless the type of mapping is
   shared. This is done to maintain compatibility between the old
   vm_mmap_vnode(9) and these policies.
  
  Revision   Changes    Path
  1.106.2.2  +3 -2      src/sys/security/mac/mac_vfs.c
  1.80.2.3   +3 -2      src/sys/security/mac_biba/mac_biba.c
  1.32.2.2   +3 -2      src/sys/security/mac_lomac/mac_lomac.c
  1.66.2.2   +3 -2      src/sys/security/mac_mls/mac_mls.c
  1.42.2.2   +1 -1      src/sys/security/mac_stub/mac_stub.c
  1.48.2.3   +1 -1      src/sys/security/mac_test/mac_test.c
  1.58.2.1   +1 -1      src/sys/sys/mac.h
  1.55.2.3   +1 -1      src/sys/sys/mac_policy.h
  1.192.2.3  +5 -5      src/sys/vm/vm_mmap.c