Date: Tue, 5 Nov 2002 09:51:56 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/sys imgact.h mac.h mac_policy.h src/sys/kern kern_exec.c kern_mac.c src/sys/compat/pecoff imgact_pecoff.c Message-ID: <200211051751.gA5Hpuf5042592@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2002/11/05 09:51:56 PST Modified files: sys/sys imgact.h mac.h mac_policy.h sys/kern kern_exec.c kern_mac.c sys/compat/pecoff imgact_pecoff.c Log: Bring in two sets of changes: (1) Permit userland applications to request a change of label atomic with an execve() via mac_execve(). This is required for the SEBSD port of SELinux/FLASK. Attempts to invoke this without MAC compiled in result in ENOSYS, as with all other MAC system calls. Complexity, if desired, is present in policy modules, rather than the framework. (2) Permit policies to have access to both the label of the vnode being executed as well as the interpreter if it's a shell script or related UNIX nonsense. Because we can't hold both vnode locks at the same time, cache the interpreter label. SEBSD relies on this because it supports secure transitioning via shell script executables. Other policies might want to take both labels into account during an integrity or confidentiality decision at execve()-time. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Revision Changes Path 1.28 +1 -0 src/sys/compat/pecoff/imgact_pecoff.c 1.196 +72 -8 src/sys/kern/kern_exec.c 1.63 +56 -6 src/sys/kern/kern_mac.c 1.33 +2 -0 src/sys/sys/imgact.h 1.29 +12 -4 src/sys/sys/mac.h 1.29 +7 -3 src/sys/sys/mac_policy.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211051751.gA5Hpuf5042592>