freebsd-dev/sys
Robert Watson f4d2cfdda6 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke appropriate MAC entry points to authorize the following
operations:

        truncate on open()                      (write)
        access()                                (access)
        readlink()                              (readlink)
        chflags(), lchflags(), fchflags()       (setflag)
        chmod(), fchmod(), lchmod()             (setmode)
        chown(), fchown(), lchown()             (setowner)
        utimes(), lutimes(), futimes()          (setutimes)
        truncate(), ftrunfcate()                (write)
        revoke()                                (revoke)
        fhopen()                                (open)
        truncate on fhopen()                    (write)
        extattr_set_fd, extattr_set_file()      (setextattr)
        extattr_get_fd, extattr_get_file()      (getextattr)
        extattr_delete_fd(), extattr_delete_file() (setextattr)

These entry points permit MAC policies to enforce a variety of
protections on vnodes.  More vnode checks to come, especially in
non-native ABIs.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 15:37:12 +00:00
..
alpha - Split the unaligned access check flags out of md_flags in struct mdthread 2002-07-31 19:37:03 +00:00
amd64 Fix a bug about stack manipulation at ACPI wakeup. 2002-08-01 09:48:01 +00:00
arm Create a new header <machine/_stdint.h> for storing MD parts of 2002-07-29 17:41:23 +00:00
boot Stash various networking paramters in the environment for the kernel 2002-07-31 20:17:06 +00:00
cam Correct spelling of 'supplied'. 2002-06-19 20:44:48 +00:00
coda More s/file system/filesystem/g 2002-05-16 21:28:32 +00:00
compat Regenerate 2002-07-20 02:56:34 +00:00
conf Remove duplicate 'modules-tags' rule 2002-08-01 03:13:10 +00:00
contrib Resolve conflicts arising from the ACPI CA 20020725 import. 2002-07-30 19:35:32 +00:00
crypto Fix some really pedantic GCC warnings. 2002-07-15 13:45:15 +00:00
ddb Part 1 of KSE-III 2002-06-29 17:26:22 +00:00
dev Don't set the IFF_PROMISC bit when in hostap mode like the previous 2002-08-01 07:37:52 +00:00
fs Introduce support for Mandatory Access Control and extensible 2002-08-01 02:03:21 +00:00
geom Don't use the static thread.. it is going away. 2002-06-29 07:47:20 +00:00
gnu Use hashdestroy() now that it exists. 2002-06-30 03:01:44 +00:00
i4b Remote pci.h/NPCI usage from i4b code. 2002-06-13 06:04:28 +00:00
i386 Fix a bug about stack manipulation at ACPI wakeup. 2002-08-01 09:48:01 +00:00
ia64 Resolve conflicts arising from the ACPI CA 20020725 import. 2002-07-30 19:35:32 +00:00
isa Clock frequencies reported by sysctl should be unsigned values. Discovered 2002-06-22 16:30:18 +00:00
isofs/cd9660 Quick fix for non-unique inode numbers for hard links. We use the 2002-05-22 08:50:18 +00:00
kern Introduce support for Mandatory Access Control and extensible 2002-08-01 15:37:12 +00:00
libkern Convert GNU variadic macros to the ISO 9X variety. 2002-07-15 13:34:50 +00:00
modules Introduce support for Mandatory Access Control and extensible 2002-08-01 02:03:21 +00:00
net Introduce support for Mandatory Access Control and extensible 2002-07-31 16:23:42 +00:00
netatalk Back out my lats commit of locking down a socket, it conflicts with hsu's work. 2002-05-31 11:52:35 +00:00
netatm - Remove UM_* user land memory macros since they are no longer used. 2002-06-24 22:31:17 +00:00
netgraph NUL terminate the ACNAME passed to userland. 2002-06-22 21:00:53 +00:00
netinet Document the undocumented assumption that at least one of the PCB 2002-08-01 03:54:43 +00:00
netinet6 correct comment for setsockopt arg size. 2002-07-25 20:40:09 +00:00
netipx Make spxnames a const char * to quieten some warnings in netstat. 2002-07-27 23:15:08 +00:00
netkey - fixed the order of searching SA table for packets. 2002-07-10 16:39:38 +00:00
netnatm Back out my lats commit of locking down a socket, it conflicts with hsu's work. 2002-05-31 11:52:35 +00:00
netncp Wire the sysctl output buffer before grabbing any locks to prevent 2002-07-28 19:59:31 +00:00
netns Fix bug which has been there since rev 1.1 where && was used instead of &. 2002-06-09 03:57:34 +00:00
netsmb Wire the sysctl output buffer before grabbing any locks to prevent 2002-07-28 19:59:31 +00:00
nfs
nfsclient o Lock page queue accesses in nfs_getpages(). 2002-07-21 20:01:32 +00:00
nfsserver Oops, another unused arg to nfssvc_nfsd(). *blush* 2002-07-24 23:10:34 +00:00
pc98 gethints.awk is a machine-specific 4.x->5.x transition aid. We cannot 2002-07-26 03:52:30 +00:00
pccard Add 16-bit before bus to keep the words card and bus apart. 2002-07-31 20:01:11 +00:00
pci Make sure to set both sets of registers which control the RX and TX buffer 2002-07-31 19:58:36 +00:00
posix4 Part 1 of KSE-III 2002-06-29 17:26:22 +00:00
powerpc Create a new header <machine/_stdint.h> for storing MD parts of 2002-07-29 17:41:23 +00:00
rpc
security Introduce support for Mandatory Access Control and extensible 2002-07-31 18:07:45 +00:00
sparc64 Modify the cache handling code to assume 2 virtual colours, which is much 2002-08-01 00:16:22 +00:00
sys Add pathconf/fpathconf entries from POSIX.1e indicating support for 2002-07-31 15:54:03 +00:00
tools - Add automatic post vop debug checks. These work in both the success and 2002-07-30 08:52:00 +00:00
ufs Introduce support for Mandatory Access Control and extensible 2002-07-31 16:05:30 +00:00
vm o Setting PG_MAPPED and PG_WRITEABLE on pages that are mapped and unmapped 2002-07-31 18:46:47 +00:00
Makefile Milestone #1 in cross-arch make releases. 2002-04-26 17:55:27 +00:00