freebsd-nq/sys/security
Christian S.J. Peron d94f2a68f8 Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point
exists to allow the mandatory access control policy to properly initialize
mbufs generated by the firewall. An example where this might happen is keep
alive packets, or ICMP error packets in response to other packets.

This takes care of kernel panics associated with un-initialize mbuf labels
when the firewall generates packets.

[1] I modified this patch from it's original version, the initial patch
    introduced a number of entry points which were programmatically
    equivalent. So I introduced only one. Instead, we should leverage
    mac_create_mbuf_netlayer() which is used for similar situations,
    an example being icmp_error()

    This will minimize the impact associated with the MFC

Submitted by:	mlaier [1]
MFC after:	1 week

This is a RELENG_6 candidate
2006-09-12 04:25:13 +00:00
..
audit Add a BSM conversion switch case for AUE_GETCWD, so that a console 2006-09-09 10:23:44 +00:00
mac Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point 2006-09-12 04:25:13 +00:00
mac_biba Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point 2006-09-12 04:25:13 +00:00
mac_bsdextended Add some new options to mac_bsdestended. We can now match on: 2006-04-23 17:06:18 +00:00
mac_ifoff
mac_lomac Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point 2006-09-12 04:25:13 +00:00
mac_mls Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point 2006-09-12 04:25:13 +00:00
mac_none Add #include <sys/sx.h>, devfs is going to require this shortly. 2005-09-19 18:52:51 +00:00
mac_partition Add #include <sys/sx.h>, devfs is going to require this shortly. 2005-09-19 18:52:51 +00:00
mac_portacl Normalize a significant number of kernel malloc type names: 2005-10-31 15:41:29 +00:00
mac_seeotheruids Allow the root user to be aware of other credentials by virtue 2005-09-30 23:41:10 +00:00
mac_stub Add #include <sys/sx.h>, devfs is going to require this shortly. 2005-09-19 18:52:51 +00:00
mac_test Add #include <sys/sx.h>, devfs is going to require this shortly. 2005-09-19 18:52:51 +00:00