This removes a lot of complexity, since we basically just reserve
space on a retrieval of a label, and pass around strings. Two new
elements: (1) consumers of the API must now declare what label
elements they are interested in retrieving, or (2) rely on the default
provided in a new configuration file, mac.conf.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
to bring in the new MAC label management API. With the new API
revision, we have only policy-agnostic code in libc and the base
kernel.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
label updates. Biba and MLS already supported this. This permits the
userland library to submit relative updates on MAC labels, rather
than submitting an entire label to replace the current label. This
also requires changes to the MAC modules, which are forthcoming.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
kernel access control.
Extensions to libc to provide basic MAC label manipulation facilities
for userland. These interface will be replaced in the next month
or two with more flexible interfaces, but provide sufficient support
to allow use of the Biba and MLS policies for user applications.
libc_r wrappers to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
o Document the following capabilities: CAP_NET_ADMIN, CAP_SYS_RAWIO,
CAP_SYS_ADMIN, and CAP_SYS_TTY_CONFIG.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
extattr namespace routines to the libc/posix1e directory. While
the extattr calls are not strictly POSIX.1e, POSIX.1e wasn't
strictly ever approved, so I think that's OK.
Obtained from: TrustedBSD Project
o Removed whitespace at EOL
o Removed hard sentence breaks
o Added cap_size() to the NAME section
o Normalized .Nd descriptions
o Fixed the abuses of .Nm and .Va
o Fixed some DESCRIPTION texts
o Fixed the RETURN VALUES and ERRORS texts to look more traditional
Reviewed by: tmm
sys/capability.h--this compiled fine on i386 where (int) and (ssize_t)
are the same, but broke on Alpha where they differ.
Submitted by: Mike Barcroft <mike@FreeBSD.org>
Obtained from: TrustedBSD Project
support functions:
cap_subset_np() - Is cap1 a subset of cap2
cap_equal_np() - Is cap1 equal to cap2
o Introduce implementations of POSIX.1e capability support functions:
cap_copy_ext() - Externalize capability
cap_copy_int() - Internalize capability
cap_size() - Determine size required for cap_copy_ext()
Submitted by: tmm
Obtained from: TrustedBSD Project
documented by POSIX.1e, and understand the opaque capability structures.
Introduce support in the userland POSIX.1e library for a
_CAPABILITY_NEEDMACROS define to remove these macros from the normal
namespace, but allow the libc functions to use them.
Submitted by: tmm
Obtained from: TrustedBSD Project
