From owner-cvs-all  Tue Nov  5  9:53:44 2002
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 821CE37B401; Tue,  5 Nov 2002 09:53:43 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id ACF8F43E6E; Tue,  5 Nov 2002 09:53:42 -0800 (PST)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gA5HpumV042593;
	Tue, 5 Nov 2002 09:51:56 -0800 (PST)
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from rwatson@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gA5Hpuf5042592;
	Tue, 5 Nov 2002 09:51:56 -0800 (PST)
Message-Id: <200211051751.gA5Hpuf5042592@repoman.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Tue, 5 Nov 2002 09:51:56 -0800 (PST)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/sys/sys imgact.h mac.h mac_policy.h src/sys/kern
         kern_exec.c kern_mac.c src/sys/compat/pecoff imgact_pecoff.c
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

rwatson     2002/11/05 09:51:56 PST

  Modified files:
    sys/sys              imgact.h mac.h mac_policy.h 
    sys/kern             kern_exec.c kern_mac.c 
    sys/compat/pecoff    imgact_pecoff.c 
  Log:
  Bring in two sets of changes:
  
  (1) Permit userland applications to request a change of label atomic
      with an execve() via mac_execve().  This is required for the
      SEBSD port of SELinux/FLASK.  Attempts to invoke this without
      MAC compiled in result in ENOSYS, as with all other MAC system
      calls.  Complexity, if desired, is present in policy modules,
      rather than the framework.
  
  (2) Permit policies to have access to both the label of the vnode
      being executed as well as the interpreter if it's a shell
      script or related UNIX nonsense.  Because we can't hold both
      vnode locks at the same time, cache the interpreter label.
      SEBSD relies on this because it supports secure transitioning
      via shell script executables.  Other policies might want to
      take both labels into account during an integrity or
      confidentiality decision at execve()-time.
  
  Approved by:    re
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, Network Associates Laboratories
  
  Revision  Changes    Path
  1.28      +1 -0      src/sys/compat/pecoff/imgact_pecoff.c
  1.196     +72 -8     src/sys/kern/kern_exec.c
  1.63      +56 -6     src/sys/kern/kern_mac.c
  1.33      +2 -0      src/sys/sys/imgact.h
  1.29      +12 -4     src/sys/sys/mac.h
  1.29      +7 -3      src/sys/sys/mac_policy.h

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message