Date: Sun, 27 Oct 2002 00:12:34 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/sys mac.h mac_policy.h src/sys/kern kern_mac.c kern_sysctl.c Message-ID: <200210270712.g9R7CYPG076959@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2002/10/27 00:12:34 PDT
Modified files:
sys/sys mac.h mac_policy.h
sys/kern kern_mac.c kern_sysctl.c
Log:
Implement mac_check_system_sysctl(), a MAC Framework entry point to
permit MAC policies to augment the security protections on sysctl()
operations. This is not really a wonderful entry point, as we
only have access to the MIB of the target sysctl entry, rather than
the more useful entry name, but this is sufficient for policies
like Biba that wish to use their notions of privilege or integrity
to prevent inappropriate sysctl modification. Affects MAC kernels
only. Since SYSCTL_LOCK isn't in sysctl.h, just kern_sysctl.c,
we can't assert the SYSCTL subsystem lockin the MAC Framework.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Revision Changes Path
1.52 +28 -0 src/sys/kern/kern_mac.c
1.135 +11 -0 src/sys/kern/kern_sysctl.c
1.22 +3 -0 src/sys/sys/mac.h
1.22 +4 -0 src/sys/sys/mac_policy.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210270712.g9R7CYPG076959>