Begin committing support for Mandatory Access Control and extensible

kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label file system mount points, permitting security information to be
maintained at the granularity of the file system.  Two labels are
currently maintained: a security label for the mount itself, and
a default label for objects in the file system (in particular, for
file systems not supporting per-vnode labeling directly).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
This commit is contained in:
Robert Watson 2002-07-30 22:22:35 +00:00
parent f8ef020e2e
commit 3b2e600940

View File

@ -43,6 +43,7 @@
*/
#include <sys/lockmgr.h>
#include <sys/mac.h>
#include <sys/ucred.h>
#include <sys/queue.h>
#include <sys/uio.h>
@ -149,6 +150,8 @@ struct mount {
time_t mnt_time; /* last time written*/
u_int mnt_iosize_max; /* max IO request size */
struct netexport *mnt_export; /* export list */
struct label mnt_mntlabel; /* MAC label for the mount */
struct label mnt_fslabel; /* MAC label for the fs */
};
#endif /* _KERNEL */