From ba0fbe963748c752a191b98233acc738c6f4bb0f Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Fri, 2 Aug 2002 07:02:51 +0000 Subject: [PATCH] Introduce support for Mandatory Access Control and extensible kernel access control. Teach mount(8) to understand the MNT_MULTILABEL flag, which is used to determine whether a file system operates with individual per-vnode labels, or treats the entire file system as a single object with a single (mount) label. The behavior here will probably evolve some now that nmount(2) is available and can more flexibly support mount options. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs --- sbin/mount/mntopts.h | 4 +++- sbin/mount/mount.c | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/sbin/mount/mntopts.h b/sbin/mount/mntopts.h index 8ff13f7940ac..c7cecf518550 100644 --- a/sbin/mount/mntopts.h +++ b/sbin/mount/mntopts.h @@ -57,6 +57,7 @@ struct mntopt { #define MOPT_NOCLUSTERW { "clusterw", 1, MNT_NOCLUSTERW, 0 } #define MOPT_SUIDDIR { "suiddir", 0, MNT_SUIDDIR, 0 } #define MOPT_SNAPSHOT { "snapshot", 0, MNT_SNAPSHOT, 0 } +#define MOPT_MULTILABEL { "multilabel", 0, MNT_MULTILABEL, 0 } /* Control flags. */ #define MOPT_FORCE { "force", 0, MNT_FORCE, 0 } @@ -86,7 +87,8 @@ struct mntopt { MOPT_RDONLY, \ MOPT_UNION, \ MOPT_NOCLUSTERR, \ - MOPT_NOCLUSTERW + MOPT_NOCLUSTERW, \ + MOPT_MULTILABEL void getmntopts(const char *, const struct mntopt *, int *, int *); void rmslashes(char *, char *); diff --git a/sbin/mount/mount.c b/sbin/mount/mount.c index 64c3f573f5d3..e08202ff8a93 100644 --- a/sbin/mount/mount.c +++ b/sbin/mount/mount.c @@ -107,6 +107,7 @@ static struct opt { { MNT_NOCLUSTERW, "noclusterw" }, { MNT_SUIDDIR, "suiddir" }, { MNT_SOFTDEP, "soft-updates" }, + { MNT_MULTILABEL, "multilabel" }, { 0, NULL } }; @@ -762,6 +763,7 @@ flags2opts(flags) if (flags & MNT_NOCLUSTERW) res = catopt(res, "noclusterw"); if (flags & MNT_NOSYMFOLLOW) res = catopt(res, "nosymfollow"); if (flags & MNT_SUIDDIR) res = catopt(res, "suiddir"); + if (flags & MNT_MULTILABEL) res = catopt(res, "multilabel"); return res; }