Date: Tue, 5 Nov 2002 09:51:56 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/sys imgact.h mac.h mac_policy.h src/sys/kern kern_exec.c kern_mac.c src/sys/compat/pecoff imgact_pecoff.c Message-ID: <200211051751.gA5Hpuf5042592@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2002/11/05 09:51:56 PST
Modified files:
sys/sys imgact.h mac.h mac_policy.h
sys/kern kern_exec.c kern_mac.c
sys/compat/pecoff imgact_pecoff.c
Log:
Bring in two sets of changes:
(1) Permit userland applications to request a change of label atomic
with an execve() via mac_execve(). This is required for the
SEBSD port of SELinux/FLASK. Attempts to invoke this without
MAC compiled in result in ENOSYS, as with all other MAC system
calls. Complexity, if desired, is present in policy modules,
rather than the framework.
(2) Permit policies to have access to both the label of the vnode
being executed as well as the interpreter if it's a shell
script or related UNIX nonsense. Because we can't hold both
vnode locks at the same time, cache the interpreter label.
SEBSD relies on this because it supports secure transitioning
via shell script executables. Other policies might want to
take both labels into account during an integrity or
confidentiality decision at execve()-time.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Revision Changes Path
1.28 +1 -0 src/sys/compat/pecoff/imgact_pecoff.c
1.196 +72 -8 src/sys/kern/kern_exec.c
1.63 +56 -6 src/sys/kern/kern_mac.c
1.33 +2 -0 src/sys/sys/imgact.h
1.29 +12 -4 src/sys/sys/mac.h
1.29 +7 -3 src/sys/sys/mac_policy.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211051751.gA5Hpuf5042592>