Date: Mon, 18 Apr 2005 13:36:58 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_exit.c kern_prot.c src/sys/security/mac mac_process.c src/sys/security/mac_stub mac_stub.c src/sys/security/mac_test mac_test.c src/sys/sys mac.h mac_policy.h proc.h Message-ID: <200504181336.j3IDawqn096684@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2005-04-18 13:36:58 UTC
FreeBSD src repository
Modified files:
sys/kern kern_exit.c kern_prot.c
sys/security/mac mac_process.c
sys/security/mac_stub mac_stub.c
sys/security/mac_test mac_test.c
sys/sys mac.h mac_policy.h proc.h
Log:
Introduce p_canwait() and MAC Framework and MAC Policy entry points
mac_check_proc_wait(), which control the ability to wait4() specific
processes. This permits MAC policies to limit information flow from
children that have changed label, although has to be handled carefully
due to common programming expectations regarding the behavior of
wait4(). The cr_seeotheruids() check in p_canwait() is #if 0'd for
this reason.
The mac_stub and mac_test policies are updated to reflect these new
entry points.
Sponsored by: SPAWAR, SPARTA
Obtained from: TrustedBSD Project
Revision Changes Path
1.258 +4 -0 src/sys/kern/kern_exit.c
1.200 +31 -0 src/sys/kern/kern_prot.c
1.108 +15 -0 src/sys/security/mac/mac_process.c
1.48 +8 -0 src/sys/security/mac_stub/mac_stub.c
1.57 +11 -0 src/sys/security/mac_test/mac_test.c
1.63 +1 -0 src/sys/sys/mac.h
1.62 +2 -0 src/sys/sys/mac_policy.h
1.425 +1 -0 src/sys/sys/proc.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504181336.j3IDawqn096684>