Robert Watson 5ac3b03500 Properly return the error from mls_subject_privileged() in the ifnet ... relabel check for MLS rather than returning 0 directly. This problem didn't result in a vulnerability currently as the central implementation of ifnet relabeling also checks for UNIX privilege, and we currently don't guarantee containment for the root user in mac_mls, but we should be using the MLS definition of privilege as well as the UNIX definition in anticipation of supporting root containment at some point. MFC after: 3 days Submitted by: Zhouyi Zhou <zhouzhouyi at gmail dot com> Sponsored by: Google SoC 2007		2008-01-28 10:20:18 +00:00
..
audit	Fix gratuitous whitespace bug	2008-01-18 19:57:21 +00:00
mac	VOP_LOCK1() (and so VOP_LOCK()) and VOP_UNLOCK() are only used in	2008-01-13 14:44:15 +00:00
mac_biba	Resort TrustedBSD MAC Framework policy entry point implementations and	2007-10-29 13:33:06 +00:00
mac_bsdextended	Resort TrustedBSD MAC Framework policy entry point implementations and	2007-10-29 13:33:06 +00:00
mac_ifoff	Resort TrustedBSD MAC Framework policy entry point implementations and	2007-10-29 13:33:06 +00:00
mac_lomac	Resort TrustedBSD MAC Framework policy entry point implementations and	2007-10-29 13:33:06 +00:00
mac_mls	Properly return the error from mls_subject_privileged() in the ifnet	2008-01-28 10:20:18 +00:00
mac_none	Consistently name functions for mac_<policy> as <policy>_whatever rather	2007-10-25 11:31:11 +00:00
mac_partition	Resort TrustedBSD MAC Framework policy entry point implementations and	2007-10-29 13:33:06 +00:00
mac_portacl	Consistently name functions for mac_<policy> as <policy>_whatever rather	2007-10-25 11:31:11 +00:00
mac_seeotheruids	Resort TrustedBSD MAC Framework policy entry point implementations and	2007-10-29 13:33:06 +00:00
mac_stub	Add a new file descriptor type for IPC shared memory objects and use it to	2008-01-08 21:58:16 +00:00
mac_test	Add a new file descriptor type for IPC shared memory objects and use it to	2008-01-08 21:58:16 +00:00