180 Commits

Author SHA1 Message Date
Robert Watson
7ea02dcd89 Return (-1) not (ENOENT) for mac_prepare_type(), and set errno to
ENOENT instead.

Reported by:	"Kenneth D. Merry" <ken@kdm.org>
Submitted by:	Bryan Liesner <bleez@comcast.net>
2003-08-30 14:51:01 +00:00
Robert Watson
09a7f4484d Add HISTORY sections to the remaining MAC library man pages.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-08-22 18:01:03 +00:00
Robert Watson
bec8c3f9c3 Update the mac_prepare(3) man page to reflect changes to the
mac_prepare() APIs.

Add a HISTORY section.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-08-22 17:58:38 +00:00
Robert Watson
930d4ffa56 Make the elements argument to mac_prepare() be const.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-08-22 17:49:59 +00:00
Robert Watson
738824ad6c As new objects begin to support new labels, start to generalize
the default label support in /etc/mac.conf.  Rather than maintain
each default label type in an explicit global variable in mac.c,
keep a list of defaults loaded from the configuration file.
Generalize the parsing so that we support both the older:

        default_file_labels foo
        default_ifnet_labels foo
        default_process_labels foo

And also a new:

        default_labels file foo
        default_labels ifnet foo
        default_labels process foo

We now accept arbitrary object classes in the first argument.  If
the same object is specified more than once, we discard the
earlier definition in favor of the later one.

Add a new API, mac_prepare_type(), which accepts a mac_t to
prepare, as well as an object name in the second argument, which
will pull a default label set for the object out of the
configuration loaded by mac_init_internal().  This permits the libc
to adapt to new objects known about by applications but not by libc
at compile-time.

Also liberalize the error handling a bit: if we're using implicit
initialization (i.e., the application didn't explicitly initialize
the MAC code), ignore syntax errors and only use valid lines.  In
the future, we may want to add explicit warnings and do this a
bit more consistently.

While here, add support for a MAC_CONFFILE environmental variable,
which may be used to specify an alternative mac.conf configuration
file if the application isn't running with modified privilege
(issetugid()).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-08-22 17:36:23 +00:00
Robert Watson
82fefada64 Print group name in getfacl output when calculating an effective
permission set based on a more restrictive mask.

Submitted by:	Glen Gibb <grg@ridley.unimelb.edu.au>
2003-07-24 23:33:25 +00:00
Ruslan Ermilov
734ac3b543 mdoc(7) fixes.
Approved by:	re (blanket)
2003-05-24 19:53:08 +00:00
Ruslan Ermilov
3a5146d9e2 Assorted mdoc(7) fixes.
Approved by:	re (blanket)
2003-05-22 13:02:28 +00:00
Robert Watson
2715ba4892 Add some strategic whitespace. 2003-04-26 03:32:18 +00:00
Robert Watson
8aa884cb01 Add FILES section to mac.3 and mac.conf.5. Properly Xref mac.conf.5
from mac.3; likewise, mac.conf.5 from mac_prepare.3.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-04-20 04:43:56 +00:00
Robert Watson
781a15a533 Add a man page for the mac.conf MAC library configuration file.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-04-20 03:18:44 +00:00
Robert Watson
23408b001b Add the mac_prepare{,_*}() functions to the high-level function list
in the mac.3 library man page.  They were already cross-referenced
at the end of the man page, just not explicitly listed here.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-04-20 02:56:16 +00:00
Robert Watson
ecf889825d Clarify the relationship between the MAC library APIs and POSIX.1e:
they resemble one another, but POSIX.1e interfaces were not sufficiently
expressive to do what we needed.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-04-16 20:40:34 +00:00
Jacques Vidrine
2bbd7cf820 Eliminate 19 warnings in libc (at level WARNS=2) of the
`implicit declaration of function' variety.
2003-02-27 13:40:01 +00:00
Ruslan Ermilov
ace5be682d mdoc(7) police: Scheduled sweep. 2003-02-24 22:53:26 +00:00
Ruslan Ermilov
0213c21b44 mdoc(7) police: kill self-xref. 2003-02-23 01:45:25 +00:00
Ruslan Ermilov
66d8bae40a Punctuation. 2003-02-23 01:44:59 +00:00
Ruslan Ermilov
02d753ca73 Typo. 2003-02-23 01:44:37 +00:00
Ruslan Ermilov
8b6eff89b0 Grammar. 2003-02-23 01:43:45 +00:00
Jacques Vidrine
6d7bd75a4e Whack 28 unused variables. 2003-02-18 13:39:52 +00:00
Jacques Vidrine
e0554a531f Eliminate 61 warnings emitted at WARNS=2 (leaving 53 to go).
Only warnings that could be fixed without changing the generated object
code and without restructuring the source code have been handled.

Reviewed by:	/sbin/md5
2003-02-16 17:29:11 +00:00
Philippe Charnier
d649825182 The .Fn function 2003-02-06 11:04:47 +00:00
Chris Costello
5bc8d71283 Actually add mac_prepare.3.
Sponsored by:	DARPA, Network Associates Laboratories
2003-01-15 03:05:21 +00:00
Chris Costello
8f8690e73b Cross-reference mac(4)
Sponsored by:	DARPA, Network Associates Laboratories
2003-01-15 03:03:05 +00:00
Chris Costello
c75fc22921 s/SEE_ALSO/SEE ALSO/
Cross-reference mac(4) and mac(9)

Sponsored by:	DARPA, Network Associates Laboratories
2003-01-15 03:02:30 +00:00
Chris Costello
76a829fd1d o Document mac_prepare() and associated functions
o Link mac_get_pid.3 to mac_get.3
o Update SEE ALSO to refer to mac_prepare, and added missing references
o Remove clause #3 on my work
o Update mac_get.3 for the updated MAC API

Sponsored by:	DARPA, Network Associates Laboratories
Obtained from:	TrustedBSD Project
2003-01-15 00:45:31 +00:00
Chris Costello
e4ee15b13f o Remove clause #3
o Document mac_set_link().

Sponsored by:	DARPA, Network Associates Labs
2003-01-14 23:20:40 +00:00
Robert Watson
e4c3e988a5 Remove BUGS section indicating that these calls are unimplemented.
Update copyrights.

Obtained from:	TrustedBSD Project
2002-12-29 20:52:42 +00:00
Robert Watson
93724388fc Update acl_set.3, missed in last round:
- Update BUGS: this stuff is implemented.
- Update last modified date.
- Document acl_set_link_np() call.

Obtained from:	TrustedBSD Project
2002-12-29 20:50:30 +00:00
Robert Watson
6394f703dc Update libc POSIX.1e code and documentation to reflect:
- Updated copyrights, modified dates
- Remove "BUGS" entry indicating that ACLs are unimplemented
- Implement acl_*_link() library wrapper variants for get, set,
  delete, aclvalid.
- Document acl_*_link() calls.

Obtained from:	TrustedBSD Project
2002-12-29 20:47:05 +00:00
Jens Schweikhardt
57bd0fc6e8 english(4) police. 2002-12-27 12:15:40 +00:00
Ruslan Ermilov
2efeeba554 mdoc(7) police: "The .Fa argument.". 2002-12-19 09:40:28 +00:00
Ruslan Ermilov
1fae73b137 mdoc(7) police: "The .Fn function". 2002-12-18 12:45:11 +00:00
Ruslan Ermilov
c8d40b7d34 mdoc(7) police: sort xrefs in SEE ALSO. 2002-12-13 16:53:51 +00:00
Ruslan Ermilov
8d5d039f80 Uniformly refer to a file system as "file system".
Approved by:	re
2002-12-12 17:26:04 +00:00
Ruslan Ermilov
051bb54bd3 mdoc(7) police: Added the missing .Os call; it's not strictly
necessary nowadays, but is documented as "required", and may
become so again in the future.

Approved by:	re
2002-12-11 15:55:29 +00:00
Ruslan Ermilov
3b29692060 mdoc(7) police: markup overhaul.
Approved by:	re
2002-12-04 16:28:45 +00:00
Ruslan Ermilov
c51d717f0c libc_r wasn't so tied to libc for 22 months. 2002-11-18 09:50:57 +00:00
Robert Watson
963b8cdcc8 Update acl.3 to xref getfacl(1) and setfacl(1), the recommended tools for
manipulating file ACLs.  Update the status of the implementation a bit,
update the copyright, etc.

Obtained from:	TrustedBSD Project
2002-11-08 15:01:28 +00:00
Chris Costello
2834b91a8d o Make the COMPATIBILITY section a bit less redundant.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Labs
2002-11-06 17:38:18 +00:00
Chris Costello
baae0d7638 o Update man page to reflect the new prototypes for mac_{to,from}_text.
o Remove a (currently) no-longer-pertinent entry from errors.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Labs
2002-11-06 17:34:29 +00:00
Robert Watson
ce311c66ec Hook up the userland wrapper for __mac_execve().
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-11-06 03:38:47 +00:00
Robert Watson
f8d0815040 License update authorized by NAI: remove clause 3. 2002-11-05 01:42:35 +00:00
Robert Watson
1ccff0f490 Clarify language relating to ACLs, Capabtilities, and MAC, since the
implementation status of these services has changed substantially
since this man page was last updated.
2002-11-04 20:52:09 +00:00
Robert Watson
ec05f17e38 Update license, historical information. 2002-11-04 20:45:44 +00:00
Robert Watson
443ab2a0fd Point out that the MAC Framework is considered experimental. 2002-11-04 20:42:58 +00:00
Chris Costello
311e43248d Scoop out examples illustrating the label text format and refer to
maclabel(7) instead.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Labs
2002-10-28 23:06:04 +00:00
Garrett Wollman
688dfe4533 Do not include <sys/syslimits.h> directly; it is not intended for general
consumption.
2002-10-27 17:44:33 +00:00
Chris Costello
4bae1674ce Place mac_prepare() with the other mac_prepare*() functions. 2002-10-24 01:16:56 +00:00
Chris Costello
0d511a4ea7 mac_free() no longer accepts a void * parameter; only mac_t's are supposed
to be passed.  Point this out in a warning notice, which will eventually
go away, sometime between now and -RELEASE.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-10-24 01:01:29 +00:00