Date: Thu, 1 Dec 2005 21:22:59 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 87605 for review Message-ID: <200512012122.jB1LMxVJ083597@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=87605 Change 87605 by millert@millert_g4tower on 2005/12/01 21:22:48 Man page updates from DSEP Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/darwin/adv_cmds/ps.tproj/ps.1#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/file_cmds/ls/ls.1#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/Makefile#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac.3#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac.4#1 add .. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac.conf.5#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_execve.3#1 add .. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_free.3#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_get.3#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_is_present_np.3#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_set.3#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_text.3#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/maclabel.7#1 add Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/adv_cmds/ps.tproj/ps.1#3 (text+ko) ==== @@ -168,7 +168,8 @@ .It Fl Z Add label to the list of keywords for which .Nm -will display information. +will display information. This will display label information for +loaded MAC Framework policies, configured in /etc/mac.conf. .El .Pp A complete list of the available keywords are listed below. @@ -490,6 +491,7 @@ .Xr kill 1 , .Xr w 1 , .Xr kvm 3 , +.Xr mac.conf 5 , .Xr strftime 3 , .Xr procfs 5 , .Xr pstat 8 ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/file_cmds/ls/ls.1#3 (text+ko) ==== @@ -44,7 +44,7 @@ .Nd list directory contents .Sh SYNOPSIS .Nm -.Op Fl ACFLRSTWacdfgiklnoqrstux1 +.Op Fl ACFLRSTWZacdfgiklnoqrstux1 .Op Ar file ... .Sh DESCRIPTION For each operand that names a @@ -99,6 +99,9 @@ month, day, hour, minute, second, and year. .It Fl W Display whiteouts when scanning directories. +.It Fl Z +Display each file's MAC label; see +.Xr maclabel 7 . .It Fl a Include directory entries whose names begin with a dot (.). @@ -352,6 +355,7 @@ specification. .Sh SEE ALSO .Xr chmod 1 , +.Xr maclabel 7 , .Xr symlink 7 , .Xr sticky 8 .Sh STANDARDS ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/Makefile#3 (text+ko) ==== @@ -16,6 +16,14 @@ $(INSTALL) -o $(LIBOWN) -g $(LIBGRP) -m 0644 lib$(LIB).a \ $(DESTDIR)/usr/lib $(RANLIB) $(DESTDIR)/usr/lib/lib$(LIB).a + $(INSTALL) -d $(DESTDIR)/usr/share/man/man3 + $(INSTALL) -d $(DESTDIR)/usr/share/man/man4 + $(INSTALL) -d $(DESTDIR)/usr/share/man/man7 + $(INSTALL) -c -m 444 mac.4 $(DSTROOT)/usr/share/man/man4/ + $(INSTALL) -c -m 444 maclabel.7 $(DSTROOT)/usr/share/man/man7/ + $(INSTALL) -c -m 444 mac.3 mac_free.3 mac_get.3 mac_is_present_np.3 \ + mac_prepare.3 mac_set.3 mac_text.3 mac_execve.3 mac_syscall.3 \ + $(DSTROOT)/usr/share/man/man3/ clean: rm -f lib$(LIB).a $(OBJS) security.c ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac.3#3 (text+ko) ==== @@ -1,4 +1,5 @@ .\" Copyright (c) 2001, 2003 Networks Associates Technology, Inc. +.\" Copyright (c) 2005 SPARTA, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by Chris @@ -37,7 +38,7 @@ .Nm mac .Nd introduction to the MAC security API .Sh LIBRARY -.Lb libc +The MAC Framework Library (libmac, -lmac) .Sh SYNOPSIS .In sys/mac.h .Pp @@ -155,7 +156,6 @@ .Xr mac_text 3 , .Xr mac 4 , .Xr mac.conf 5 , -.Xr mac 9 .Sh STANDARDS These APIs are loosely based on the APIs described in POSIX.1e. POSIX.1e is described in IEEE POSIX.1e draft 17. @@ -182,6 +182,3 @@ .Fx . Sites considering production deployment should keep the experimental status of these services in mind during any deployment process. -See also -.Xr mac 9 -for related considerations regarding the kernel framework. ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac.conf.5#3 (text+ko) ==== @@ -89,7 +89,6 @@ .Xr mac_get 3 , .Xr mac_prepare 3 , .Xr mac 4 , -.Xr mac 9 .Sh HISTORY Support for Mandatory Access Control was introduced in .Fx 5.0 @@ -104,6 +103,3 @@ .Fx . Sites considering production deployment should keep the experimental status of these services in mind during any deployment process. -See also -.Xr mac 9 -for related considerations regarding the kernel framework. ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_free.3#3 (text+ko) ==== @@ -40,7 +40,7 @@ .Nm mac_free .Nd free MAC label .Sh LIBRARY -.Lb libc +The MAC Framework Library (libmac, -lmac) .Sh SYNOPSIS .In sys/mac.h .Ft int @@ -64,8 +64,7 @@ .Xr mac_prepare 3 , .Xr mac_set 3 , .Xr mac_text 3 , -.Xr mac 4 , -.Xr mac 9 +.Xr mac 4 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion of the draft ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_get.3#3 (text+ko) ==== @@ -36,10 +36,13 @@ .Sh NAME .Nm mac_get_file , .Nm mac_get_fd , +.Nm mac_get_lctx , +.Nm mac_get_lcid , +.Nm mac_get_pid , .Nm mac_get_proc .Nd get the label of a file, socket, socket peer or process .Sh LIBRARY -.Lb libc +The MAC Framework Library (libmac, -lmac) .Sh SYNOPSIS .In sys/mac.h .Ft int @@ -47,6 +50,10 @@ .Ft int .Fn mac_get_fd "int fd" "mac_t label" .Ft int +.Fn mac_get_lcid "pid_t lcid" "mac_t label" +.Ft int +.Fn mac_get_lctx "mac_t label" +.Ft int .Fn mac_get_pid "pid_t pid" "mac_t label" .Ft int .Fn mac_get_proc "mac_t label" @@ -70,6 +77,18 @@ .Xr getsockopt 2 . .Pp The +.Fn mac_get_lctx +and +.Fn mac_get_lcid +functions fill in +.Fa label +(which must first be allocated by +.Xr mac_prepare 3 ) +with the MAC label associated +with the Login Context of the requesting process +or the specified Login Context, respectively. +.Pp +The .Fn mac_get_proc and .Fn mac_get_pid @@ -113,8 +132,7 @@ .Xr mac_text 3 , .Xr mac_prepare 3 , .Xr mac_set 3 , -.Xr mac 4 , -.Xr mac 9 +.Xr mac 4 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion of the draft ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_is_present_np.3#3 (text+ko) ==== @@ -37,7 +37,7 @@ .Nm mac_is_present_np .Nd report whether the running system has MAC support .Sh LIBRARY -.Lb libc +.Lb libmac .Sh SYNOPSIS .In sys/mac.h .Ft int @@ -77,5 +77,4 @@ .Xr mac_prepare 3 , .Xr mac_set 3 , .Xr mac_text 3 , -.Xr mac 4 , -.Xr mac 9 +.Xr mac 4 ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_set.3#3 (text+ko) ==== @@ -36,10 +36,11 @@ .Sh NAME .Nm mac_set_file , .Nm mac_set_fd , +.Nm mac_set_lctx , .Nm mac_set_proc -.Nd set the MAC label for a file or process +.Nd set the MAC label for a file, login context or process .Sh LIBRARY -.Lb libc +The MAC Framework Library (libmac, -lmac) .Sh SYNOPSIS .In sys/mac.h .Ft int @@ -49,6 +50,8 @@ .Ft int .Fn mac_set_fd "int fd" "mac_t label" .Ft int +.Fn mac_set_lctx "mac_t label" +.Ft int .Fn mac_set_proc "mac_t label" .Sh DESCRIPTION The @@ -73,6 +76,12 @@ .Fn mac_set_file , except that it does not follow symlinks. The +.Fn mac_set_lctx +function associates the MAC label +specified by +.Fa label +with the login context the current process is a member of, if any. +The .Fn mac_set_proc function associates the MAC label specified by @@ -85,7 +94,7 @@ the owner of the file, or has appropriate privileges. .Sh RETURN VALUES -.Rv -std mac_set_fd mac_set_file mac_set_link mac_set_proc +.Rv -std mac_set_fd mac_set_file mac_set_link mac_set_lctx mac_set_proc .Sh ERRORS .Bl -tag -width Er .It Bq Er EACCES ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_text.3#3 (text+ko) ==== @@ -38,7 +38,7 @@ .Nm mac_to_text .Nd convert MAC label to/from text representation .Sh LIBRARY -.Lb libc +The MAC Framework Library (libmac, -lmac) .Sh SYNOPSIS .In sys/mac.h .Ft int
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512012122.jB1LMxVJ083597>