From owner-cvs-all  Mon Mar 24 17:16:14 2003
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2CB3F37B401; Mon, 24 Mar 2003 17:16:11 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id BD9D543F85; Mon, 24 Mar 2003 17:16:10 -0800 (PST)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h2P1GA0U078681;
	Mon, 24 Mar 2003 17:16:10 -0800 (PST)
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from rwatson@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h2P1GAjE078680;
	Mon, 24 Mar 2003 17:16:10 -0800 (PST)
Message-Id: <200303250116.h2P1GAjE078680@repoman.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Mon, 24 Mar 2003 17:16:10 -0800 (PST)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: cvs commit: src/sys/security/mac_mls mac_mls.c
X-FreeBSD-CVS-Branch: HEAD
X-Spam-Status: No, hits=-0.1 required=5.0
	tests=AWL
	version=2.50
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp)
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

rwatson     2003/03/24 17:16:10 PST

  FreeBSD src repository

  Modified files:
    sys/security/mac_mls mac_mls.c 
  Log:
  Expand scope of the MLS policy to include a new entry point available
  for enforcement:
  
    mac_mls_check_system_swapon() - Require that the subject and the
    swapfile target vnode labels dominate one another.  An additional
    check is probably needed here to require that the swapfile target
    has a label of mls/high to prevent information leakage through
    swapfiles.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, Network Associates Laboratories
  
  Revision  Changes    Path
  1.42      +20 -0     src/sys/security/mac_mls/mac_mls.c

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message