From owner-cvs-src@FreeBSD.ORG  Thu Jun 24 03:34:46 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 97DE716A4CE; Thu, 24 Jun 2004 03:34:46 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8FFAE43D4C; Thu, 24 Jun 2004 03:34:46 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i5O3YkXX039191;
	Thu, 24 Jun 2004 03:34:46 GMT
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from rwatson@localhost)
	by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i5O3YkPi039190;
	Thu, 24 Jun 2004 03:34:46 GMT
	(envelope-from rwatson)
Message-Id: <200406240334.i5O3YkPi039190@repoman.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Thu, 24 Jun 2004 03:34:46 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/sys mac_policy.h src/sys/security/mac
 mac_net.c src/sys/security/mac_biba mac_biba.c
 src/sys/security/mac_lomac mac_lomac.c src/sys/security/mac_mls
 mac_mls.c src/sys/security/mac_stub mac_stub.c ...
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jun 2004 03:34:46 -0000

rwatson     2004-06-24 03:34:46 UTC

  FreeBSD src repository

  Modified files:
    sys/sys              mac_policy.h 
    sys/security/mac     mac_net.c 
    sys/security/mac_biba mac_biba.c 
    sys/security/mac_lomac mac_lomac.c 
    sys/security/mac_mls mac_mls.c 
    sys/security/mac_stub mac_stub.c 
    sys/security/mac_test mac_test.c 
  Log:
  Introduce a temporary mutex, mac_ifnet_mtx, to lock MAC labels on
  network interfaces.  This global mutex will protect all ifnet labels.
  Acquire the mutex across various MAC activities on interfaces, such
  as security checks, propagating interface labels to mbufs generated
  from the interface, retrieving and setting the interface label.
  
  Introduce mpo_copy_ifnet_label MAC policy entry point to copy the
  value of an interface label from one label to another.  Use this
  to avoid performing a label externalize while holding mac_ifnet_mtx;
  copy the label to a temporary ifnet label and then externalize that.
  
  Implement mpo_copy_ifnet_label for various MAC policies that
  implement interface labeling using generic label copying routines.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, McAfee Research
  
  Revision  Changes    Path
  1.116     +38 -0     src/sys/security/mac/mac_net.c
  1.78      +1 -0      src/sys/security/mac_biba/mac_biba.c
  1.31      +1 -0      src/sys/security/mac_lomac/mac_lomac.c
  1.64      +1 -0      src/sys/security/mac_mls/mac_mls.c
  1.42      +1 -0      src/sys/security/mac_stub/mac_stub.c
  1.47      +9 -0      src/sys/security/mac_test/mac_test.c
  1.55      +2 -0      src/sys/sys/mac_policy.h