freebsd-nq/sys
Robert Watson 5264841183 Introduce MAC Framework and MAC Policy entry points to label and control
access to POSIX Semaphores:

mac_init_posix_sem()            Initialize label for POSIX semaphore
mac_create_posix_sem()          Create POSIX semaphore
mac_destroy_posix_sem()         Destroy POSIX semaphore
mac_check_posix_sem_destroy()   Check whether semaphore may be destroyed
mac_check_posix_sem_getvalue()  Check whether semaphore may be queried
mac_check_possix_sem_open()     Check whether semaphore may be opened
mac_check_posix_sem_post()      Check whether semaphore may be posted to
mac_check_posix_sem_unlink()    Check whether semaphore may be unlinked
mac_check_posix_sem_wait()      Check whether may wait on semaphore

Update Biba, MLS, Stub, and Test policies to implement these entry points.
For information flow policies, most semaphore operations are effectively
read/write.

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Sponsored by:	DARPA, McAfee, SPARTA
Obtained from:	TrustedBSD Project
2005-05-04 10:39:15 +00:00
..
alpha Change cpu_set_kse_upcall to more generic style, so we can reuse it 2005-04-23 02:32:32 +00:00
amd64 Implement an alternate method to stop CPUs when entering DDB. Normally we use 2005-04-30 20:01:00 +00:00
arm Allocating the memory for the kernel stack one time is enough. 2005-04-27 13:29:54 +00:00
boot Allow BOOT_BOOT0_COMCONSOLE_SPEED to be derived from BOOT_COMCONSOLE_SPEED 2005-04-25 17:41:35 +00:00
bsm
cam Make sure we look at the correct sub op codes when 2005-04-14 04:51:18 +00:00
coda - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
compat - Pass the ISOPEN flag to namei so filesystems will know we're about to 2005-04-27 09:05:19 +00:00
conf Introduce MAC Framework and MAC Policy entry points to label and control 2005-05-04 10:39:15 +00:00
contrib Resolve conflicts created during the import of pf 3.7 Some features are 2005-05-03 16:43:32 +00:00
crypto gbde(8) is also rejndael user. 2005-03-11 22:07:04 +00:00
ddb Don't enter the debugger if KDB_UNATTENDED is set or if 2005-04-20 20:52:46 +00:00
dev A patch to support Palm Tungsten T via USB-Cradle. 2005-05-04 00:46:24 +00:00
doc
fs - Set the v_object pointer after a successful VOP_OPEN(). This isn't a 2005-05-03 11:05:33 +00:00
gdb check return value of gdb_rx_varhex 2005-03-28 18:31:18 +00:00
geom Fix signed vs unsigned warning. 2005-05-01 09:44:50 +00:00
gnu - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
i4b Don't use 'i386/include' directly. 2005-04-08 03:37:20 +00:00
i386 Add convenience APIs pmc_width() and pmc_capabilities() to -lpmc. 2005-05-01 14:11:49 +00:00
ia64 Change cpu_set_kse_upcall to more generic style, so we can reuse it 2005-04-23 02:32:32 +00:00
isa Add ISACFGATTR_HINTS flag to allow detection of a device that was created 2005-04-13 03:26:24 +00:00
isofs/cd9660 - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
kern Introduce MAC Framework and MAC Policy entry points to label and control 2005-05-04 10:39:15 +00:00
libkern Update comment to direct the reader to libkern.h instead of systm.h. 2005-04-28 05:50:18 +00:00
modules Introduce MAC Framework and MAC Policy entry points to label and control 2005-05-04 10:39:15 +00:00
net -introduce net.bpf sysctl instead of the less intuitive debug.* 2005-05-04 03:09:28 +00:00
net80211 Revise crypto api lightly to improve group key handling: 2005-04-12 17:55:13 +00:00
netatalk When generating a phase II ARP lookup from aarpwhohas(), use a 2005-02-22 14:37:22 +00:00
netatm In the current world order, solisten() implements the state transition of 2005-02-21 21:58:17 +00:00
netgraph - Initialize interface as UP when hook is connected. 2005-04-20 14:22:13 +00:00
netinet Remove now unused inirw variable from previous use of COMMON_END(). 2005-05-01 14:01:38 +00:00
netinet6 Add IPv6 support to IPFW and Dummynet. 2005-04-18 18:35:05 +00:00
netipsec correct space check 2005-03-09 15:28:48 +00:00
netipx Update copyright: parts of the netipx implementation are covered by a 2005-04-10 18:05:46 +00:00
netkey
netnatm Mark netatm and netnatm explicitly as requiring Giant, as they still do. 2005-02-17 14:21:22 +00:00
netncp avoid potential null ptr derefs 2005-02-23 22:44:38 +00:00
netsmb Explicitly hold a reference to the cdev we have just cloned. This 2005-03-31 12:19:44 +00:00
nfs
nfs4client - We want if (mrep != NULL) not if (m_freem != NULL). m_freem will never 2005-04-25 05:11:19 +00:00
nfsclient Don't copy the NFSMNT_* flags into struct statfs's f_flags field, 2005-05-02 15:57:10 +00:00
nfsserver NFS write gathering defers execution of NFS server write requests to wait 2005-04-17 16:25:36 +00:00
opencrypto just use crypto/rijndael, and nuke opencrypto/rindael.[ch]. 2005-03-11 17:24:46 +00:00
pc98 MFi386: revision 1.1198 (add KDB_STOP_NMI option). 2005-05-01 04:00:12 +00:00
pccard Remove more deadwood that never got implemented in NEWCARD, since NEWCARD 2005-02-15 02:54:53 +00:00
pci Deal with failed malloc calls[1]. 2005-04-25 10:18:24 +00:00
posix4 Introduce MAC Framework and MAC Policy entry points to label and control 2005-05-04 10:39:15 +00:00
powerpc - move to SCHED_4BSD per jeffr's comments on SCHED_ULE's state 2005-05-03 11:56:05 +00:00
rpc - Don't call rpcclnt_realign() if we don't have any mbufs to realign. 2005-03-19 01:16:25 +00:00
security Introduce MAC Framework and MAC Policy entry points to label and control 2005-05-04 10:39:15 +00:00
sparc64 Slightly reformat apb_alloc_resource() to create some horizontal space 2005-04-28 03:33:46 +00:00
sys Introduce MAC Framework and MAC Policy entry points to label and control 2005-05-04 10:39:15 +00:00
tools - Add the character "E" to the understood lock types. This means 2005-04-11 15:15:03 +00:00
ufs - Don't restrict the softdep stats to DEBUG kernels, they cost nothing to 2005-05-03 11:03:29 +00:00
vm - Add a new object flag "OBJ_NEEDSGIANT". We set this flag if the 2005-05-03 11:11:26 +00:00
Makefile When building cscopnamefile, default architecture to ${MACHINE}, not i386. 2005-03-08 00:09:41 +00:00