Commit Graph

144 Commits

Author SHA1 Message Date
Ruslan Ermilov
3b29692060 mdoc(7) police: markup overhaul.
Approved by:	re
2002-12-04 16:28:45 +00:00
Ruslan Ermilov
c51d717f0c libc_r wasn't so tied to libc for 22 months. 2002-11-18 09:50:57 +00:00
Robert Watson
963b8cdcc8 Update acl.3 to xref getfacl(1) and setfacl(1), the recommended tools for
manipulating file ACLs.  Update the status of the implementation a bit,
update the copyright, etc.

Obtained from:	TrustedBSD Project
2002-11-08 15:01:28 +00:00
Chris Costello
2834b91a8d o Make the COMPATIBILITY section a bit less redundant.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Labs
2002-11-06 17:38:18 +00:00
Chris Costello
baae0d7638 o Update man page to reflect the new prototypes for mac_{to,from}_text.
o Remove a (currently) no-longer-pertinent entry from errors.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Labs
2002-11-06 17:34:29 +00:00
Robert Watson
ce311c66ec Hook up the userland wrapper for __mac_execve().
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-11-06 03:38:47 +00:00
Robert Watson
f8d0815040 License update authorized by NAI: remove clause 3. 2002-11-05 01:42:35 +00:00
Robert Watson
1ccff0f490 Clarify language relating to ACLs, Capabtilities, and MAC, since the
implementation status of these services has changed substantially
since this man page was last updated.
2002-11-04 20:52:09 +00:00
Robert Watson
ec05f17e38 Update license, historical information. 2002-11-04 20:45:44 +00:00
Robert Watson
443ab2a0fd Point out that the MAC Framework is considered experimental. 2002-11-04 20:42:58 +00:00
Chris Costello
311e43248d Scoop out examples illustrating the label text format and refer to
maclabel(7) instead.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Labs
2002-10-28 23:06:04 +00:00
Garrett Wollman
688dfe4533 Do not include <sys/syslimits.h> directly; it is not intended for general
consumption.
2002-10-27 17:44:33 +00:00
Chris Costello
4bae1674ce Place mac_prepare() with the other mac_prepare*() functions. 2002-10-24 01:16:56 +00:00
Chris Costello
0d511a4ea7 mac_free() no longer accepts a void * parameter; only mac_t's are supposed
to be passed.  Point this out in a warning notice, which will eventually
go away, sometime between now and -RELEASE.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-10-24 01:01:29 +00:00
Chris Costello
3261668c1d Remove superfluous empty "FILES" section.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-10-23 23:56:15 +00:00
Chris Costello
b90b17d351 Remove hard sentence breaks.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-10-23 23:55:23 +00:00
Robert Watson
391b1d758d Reflect MAC kernel/user API changes into the libc MAC implementation.
This removes a lot of complexity, since we basically just reserve
space on a retrieval of a label, and pass around strings.  Two new
elements: (1) consumers of the API must now declare what label
elements they are interested in retrieving, or (2) rely on the default
provided in a new configuration file, mac.conf.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 14:36:11 +00:00
Robert Watson
19eab74a6c .Xr mac.3 and posix1e.3 to mac.9. Point at sys/mac.h in posix1e.3.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 01:52:53 +00:00
Robert Watson
803bf0837b Unhook the per-policy parsing/printing MAC modules in libc to prepare
to bring in the new MAC label management API.  With the new API
revision, we have only policy-agnostic code in libc and the base
kernel.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-21 03:54:24 +00:00
Robert Watson
ecfbf7e46d Update TE policy and MAC text conversion routines to support partial
label updates.  Biba and MLS already supported this.  This permits the
userland library to submit relative updates on MAC labels, rather
than submitting an entire label to replace the current label.  This
also requires changes to the MAC modules, which are forthcoming.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-09 03:09:38 +00:00
Robert Watson
1355f6d016 X-ref mac.3. 2002-08-09 03:03:08 +00:00
Robert Watson
d97fcfce27 Introduce support for Mandatory Access Control and extensible
kernel access control.

Extensions to libc to provide basic MAC label manipulation facilities
for userland.  These interface will be replaced in the next month
or two with more flexible interfaces, but provide sufficient support
to allow use of the Biba and MLS policies for user applications.

libc_r wrappers to follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 21:14:42 +00:00
Robert Watson
820a52632e No POSIX.1e capabilities in the main tree yet. 2002-06-13 23:40:13 +00:00
Jens Schweikhardt
27cf01ec47 Correct a bunch of typos. Translators can ignore this commit.
MFC after:	3 weeks
2002-06-02 10:27:41 +00:00
David E. O'Brien
333fc21e3c Fix the style of the SCM ID's.
I believe have made all of libc .c's as consistent as possible.
2002-03-22 21:53:29 +00:00
Brian Feldman
92369d84a9 Check if string is not NULL, not *string, before setting *string. 2002-02-27 22:00:44 +00:00
Chris D. Faulhaber
a82f127b41 o style(9) and consistency fix:
- if (!var) -> if (var == NULL)
o spelling fix (althouh -> although)

Reviewed by:	rwatson
Obtained from:	TrustedBSD Project
2002-02-21 23:18:04 +00:00
Chris D. Faulhaber
9fd46b0237 o style(9) and consistency fixes:
- if (!var) -> if (var == NULL)
  - return val; -> return (val);

Reviewed by:	rwatson
Obtained from:	TrustedBSD Project
2002-02-21 23:17:19 +00:00
Chris D. Faulhaber
e146d0bc6a Add more argument checking
Reviewed by:	rwatson
Obtained from:	TrustedBSD Project
2002-02-21 23:13:06 +00:00
Chris D. Faulhaber
c61eb011c4 static'ize and declare functions
Reviewed by:	rwatson
Obtained from:	TrustedBSD Project
2002-02-21 23:12:25 +00:00
Chris D. Faulhaber
e76872c11e o style and consistency fixes:
- if (!var) -> if (var == NULL)
  - return val; -> return (val);
o update copyright
2002-02-17 20:05:20 +00:00
Chris D. Faulhaber
60fba73589 Correct function's description.
Obtained from:	TrustedBSD Project
2002-01-29 12:18:45 +00:00
Chris D. Faulhaber
d5af31a255 o return EINVAL if acl_to_text() have been sent a NULL acl. o update copyright dates.
Reviewed by:	rwatson
2002-01-26 19:32:50 +00:00
Chris D. Faulhaber
98a32f6de6 Correct phrase 'get an ACL' to 'set an ACL'.
PR:		33660
Submitted by:	Rich Morin <rdm@cfcl.com>, Tom Rhodes <darklogik@pittgoth.com>
2002-01-07 22:46:14 +00:00
Chris Costello
d06a764812 o Change the layout of the tagged lists to be like those in acl(3).
o Document the following capabilities: CAP_NET_ADMIN, CAP_SYS_RAWIO,
  CAP_SYS_ADMIN, and CAP_SYS_TTY_CONFIG.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-12-23 00:19:48 +00:00
Robert Watson
5acb7446b0 o Reflect repo-copy of extattr.[c3] from libutil to libc, moving
extattr namespace routines to the libc/posix1e directory.  While
  the extattr calls are not strictly POSIX.1e, POSIX.1e wasn't
  strictly ever approved, so I think that's OK.

Obtained from:	TrustedBSD Project
2001-11-16 05:09:45 +00:00
Bruce Evans
da838a6546 Fixed missing `const' in synopsis. 2001-10-03 16:29:21 +00:00
Bruce Evans
d2dcbe6238 Fixed return type in synopsis. 2001-10-03 16:25:08 +00:00
Ruslan Ermilov
32eef9aeb1 mdoc(7) police: Use the new .In macro for #include statements. 2001-10-01 16:09:29 +00:00
Matthew Dillon
8719c58fef Add __FBSDID()s to libutil 2001-09-30 22:35:07 +00:00
Ruslan Ermilov
9cbf4a2152 mdoc(7) police: removed commas from the standard (split) AUTHORS block. 2001-09-11 09:26:38 +00:00
Ruslan Ermilov
8872ae5340 mdoc(7) police: markup and minor content fixes.
o Removed whitespace at EOL
o Removed hard sentence breaks
o Added cap_size() to the NAME section
o Normalized .Nd descriptions
o Fixed the abuses of .Nm and .Va
o Fixed some DESCRIPTION texts
o Fixed the RETURN VALUES and ERRORS texts to look more traditional

Reviewed by:	tmm
2001-09-05 14:09:08 +00:00
Robert Watson
8d44fade0e Add Thomas Moestl and Chris Faulhaber to the author list for POSIX.1e
support.

Obtained from:	TrustedBSD Project
2001-09-05 03:36:00 +00:00
Robert Watson
3652b4dc72 o Sync up prototypes for cap_size() and cap_copy_ext() with
sys/capability.h--this compiled fine on i386 where (int) and (ssize_t)
  are the same, but broke on Alpha where they differ.

Submitted by:		Mike Barcroft <mike@FreeBSD.org>
Obtained from:	TrustedBSD Project
2001-09-02 23:13:49 +00:00
Robert Watson
0e3adf0b58 o Attach cap_cmp.c and cap_copy.c to the build.
o Attach cap_copy_ext.3 and cap_copy_int.3 to the install, and link
  cap_size.3 to cap_copy_ext.3.

Submitted by:		tmm
Obtained from:	TrustedBSD Project
2001-09-01 00:00:50 +00:00
Ruslan Ermilov
d6002fef6f Use ``.Rv -std'' wherever possible.
Submitted by:	yar
2001-08-31 09:57:38 +00:00
Robert Watson
ab2ba9fac8 o Use .Fx to refer to FreeBSD
Submitted by:		tmm
Obtained from:	TrustedBSD Project
2001-08-31 02:12:54 +00:00
Robert Watson
cbc25559e4 o Remove definition of CAP_MAX_BUF_LEN since it is defined in
sys/capability.h now.

Submitted by:		tmm
Obtained from:	TrustedBSD Project
2001-08-31 02:11:59 +00:00
Robert Watson
7bb862d793 Introduce implementations of POSIX.1e non-portable form capability
support functions:
     cap_subset_np()    - Is cap1 a subset of cap2
     cap_equal_np()     - Is cap1 equal to cap2

o Introduce implementations of POSIX.1e capability support functions:
     cap_copy_ext()     - Externalize capability
     cap_copy_int()     - Internalize capability
     cap_size()         - Determine size required for cap_copy_ext()

Submitted by:		tmm
Obtained from:	TrustedBSD Project
2001-08-31 02:07:48 +00:00
Robert Watson
fca41b9c6f o src/sys/capability.h provides a number of support macros that are not
documented by POSIX.1e, and understand the opaque capability structures.
  Introduce support in the userland POSIX.1e library for a
  _CAPABILITY_NEEDMACROS define to remove these macros from the normal
  namespace, but allow the libc functions to use them.

Submitted by:	tmm
Obtained from:	TrustedBSD Project
2001-08-29 17:53:45 +00:00