d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Introduce support for Mandatory Access Control and extensible

Browse Source 
kernel access control.

Label pipe IPC objects, permitting security information to be
maintained at the granularity of the pipe object.  The label is
shared between the two pipe endpoints in the style of the
pipe mutex, and is maintained using similar conventions.  The
label is protected by the pipe mutex.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
This commit is contained in:
Robert Watson 2002-07-30 22:33:28 +00:00
parent abf24f80a6
commit 87acada933
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/sys/pipe.h
View File

@ -28,6 +28,7 @@
#include <sys/time.h> /* for struct timespec */
#include <sys/selinfo.h> /* for struct selinfo */
#include <vm/vm.h> /* for vm_page_t */
#include <sys/mac.h> /* for struct label */
#include <machine/param.h> /* for PAGE_SIZE */
#endif
@ -106,6 +107,7 @@ struct pipe {
struct pipe *pipe_peer; /* link with other direction */
u_int pipe_state; /* pipe status info */
int pipe_busy; /* busy flag, mostly to handle rundown sanely */
struct label *pipe_label; /* pipe MAC label - shared */
struct mtx *pipe_mtxp; /* shared mutex between both pipes */
};