d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2555374c4f
freebsd-dev/sys
History
Robert Watson 2555374c4f Introduce p_label, extensible security label storage for the MAC framework 
in struct proc.  While the process label is actually stored in the
struct ucred pointed to by p_ucred, there is a need for transient
storage that may be used when asynchronous (deferred) updates need to
be performed on the "real" label for locking reasons.  Unlike other
label storage, this label has no locking semantics, relying on policies
to provide their own protection for the label contents, meaning that
a policy leaf mutex may be used, avoiding lock order issues.  This
permits policies that act based on historical process behavior (such
as audit policies, the MAC Framework port of LOMAC, etc) can update
process properties even when many existing locks are held without
violating the lock order.  No currently committed policies implement use
of this label storage.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-11-20 15:41:25 +00:00
..
alpha MFi386 r1.369 2002-11-18 01:36:09 +00:00
amd64 Regenerate after adding syscalls. 2002-11-16 23:48:14 +00:00
arm Add standards visibility conditionals. Change any uses of sigset_t to 2002-10-13 00:31:46 +00:00
boot Document loader tunables hw.pci.enable_io_modes and 2002-11-13 09:43:53 +00:00
cam Panic message strings do not need a trailing \n. 2002-11-14 05:35:57 +00:00
coda Back our kernel support for reliable signal queues. 2002-10-01 17:15:53 +00:00
compat Regenerate after adding syscalls. 2002-11-16 23:48:14 +00:00
conf Move SHOW_BUSYBUFS and PANIC_REBOOT_WAIT_TIME into the MI options file, since 2002-11-18 06:17:07 +00:00
contrib network interface and link layer changes: 2002-11-15 00:00:15 +00:00
crypto Make this compilable from userland as well. 2002-11-01 08:56:39 +00:00
ddb - Rename the DDB specific %z printf format to %y. 2002-10-25 19:41:32 +00:00
dev Create the ofwcons device at SI_SUB_CONFIGURE instead of SI_SUB_DRIVERS, 2002-11-18 06:19:12 +00:00
fs Fix instances of macros with improperly parenthasized arguments. 2002-11-09 12:55:07 +00:00
geom Save a slice name on the disk and print it at g_pc98_dumpconf(). 2002-11-17 13:56:37 +00:00
gnu MFufs 1.33: 2002-10-18 21:41:41 +00:00
i4b network interface and link layer changes: 2002-11-15 00:00:15 +00:00
i386 Add getcontext, setcontext, and swapcontext as system calls. 2002-11-16 06:35:53 +00:00
ia64 MFi386 r1.369 2002-11-17 21:48:42 +00:00
isa Capitalize the first letter of device descriptions 2002-11-11 15:26:08 +00:00
isofs/cd9660 Unbreak MNT_UPDATE when running with cd as root. Detect mountroot by 2002-11-02 20:16:55 +00:00
kern Introduce p_label, extensible security label storage for the MAC framework 2002-11-20 15:41:25 +00:00
libkern Fix instances of macros with improperly parenthasized arguments. 2002-11-09 12:55:07 +00:00
modules Remove opt_pci.h from SRCS, it doesn't exist anymore. 2002-11-13 17:45:42 +00:00
net correct function declarations of stubs used for building w/o device bpf 2002-11-19 02:50:46 +00:00
netatalk Add more ethernet types and move AppleTalk types into proper location. 2002-09-06 17:02:29 +00:00
netatm - Change the ATM stack functions to use intptr_t instead of int for opaque 2002-11-08 18:27:30 +00:00
netgraph o track changes to ethernet input packet handling 2002-11-14 23:44:37 +00:00
netinet Add a sysctl to control the generation of source quench packets, 2002-11-19 17:06:06 +00:00
netinet6 plugged memory leakage in some erroneous cases 2002-10-31 19:45:48 +00:00
netipsec FAST_IPSEC fixups: 2002-11-08 23:37:50 +00:00
netipx Fix a sizeof(int) != sizeof(void *) warning. 2002-11-08 21:16:27 +00:00
netkey - fixed the order of searching SA table for packets. 2002-07-10 16:39:38 +00:00
netnatm Be consistent about functions being static. 2002-10-16 09:19:17 +00:00
netncp - Change mb_copy_t to take a size_t as the length argument instead of an 2002-11-08 21:26:32 +00:00
netns Use m_length() instead of home-rolled versions. 2002-09-18 19:44:14 +00:00
netsmb - Change mb_copy_t to take a size_t as the length argument instead of an 2002-11-08 21:26:32 +00:00
nfs Change iov_base's type from char *' to the standard void *'. All 2002-10-11 14:58:34 +00:00
nfsclient reapply 1.26 through 1.28. 2002-11-20 15:21:06 +00:00
nfsserver Permit MAC policies to instrument the access control decisions for 2002-11-04 15:13:36 +00:00
opencrypto correct minor # in make_dev call 2002-11-08 23:07:41 +00:00
pc98 MFi386: revision 1.550. 2002-11-17 02:57:06 +00:00
pccard MFp4: Comment about not assuming INTA# for 6729 2002-10-07 07:02:48 +00:00
pci o track either_ifattach/ether_ifdetach API changes 2002-11-14 23:49:09 +00:00
posix4 Rework the sysconf(3) interaction with aio: 2002-11-17 04:15:34 +00:00
powerpc Add getcontext, setcontext, and swapcontext as system calls. 2002-11-16 06:35:53 +00:00
rpc
security Introduce p_label, extensible security label storage for the MAC framework 2002-11-20 15:41:25 +00:00
sparc64 Fix compile in the case of SMP defined but DDB not defined. 2002-11-20 14:09:33 +00:00
sys Introduce p_label, extensible security label storage for the MAC framework 2002-11-20 15:41:25 +00:00
tools - Move ASSERT_VOP_*LOCK* functionality into functions in vfs_subr.c 2002-09-26 04:48:44 +00:00
ufs The target for the maximum number of dependencies has been cut 2002-11-20 05:16:11 +00:00
vm - Wakeup the correct address when a zone is no longer full. 2002-11-18 08:27:14 +00:00
Makefile