d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
98cc161947
freebsd-nq/sys/security/mac
History
Robert Watson babe9a2bb3 Introduce p_canwait() and MAC Framework and MAC Policy entry points 
mac_check_proc_wait(), which control the ability to wait4() specific
processes.  This permits MAC policies to limit information flow from
children that have changed label, although has to be handled carefully
due to common programming expectations regarding the behavior of
wait4().  The cr_seeotheruids() check in p_canwait() is #if 0'd for
this reason.

The mac_stub and mac_test policies are updated to reflect these new
entry points.

Sponsored by:	SPAWAR, SPARTA
Obtained from:	TrustedBSD Project
2005-04-18 13:36:57 +00:00
..
mac_framework.c In mac_get_fd(), remove unconditional acquisition of Giant around copying 2005-04-16 18:33:13 +00:00
mac_framework.h Introduce p_canwait() and MAC Framework and MAC Policy entry points 2005-04-18 13:36:57 +00:00
mac_inet.c Move inet and inet6 related MAC Framework entry points from mac_net.c 2004-02-26 03:51:04 +00:00
mac_internal.h Remove extern declaration of mac_enforce_sysv, as it's not present in 2004-10-22 11:07:18 +00:00
mac_label.c In the MAC label zone destructor, assert that the label is only 2004-10-22 11:08:52 +00:00
mac_net.c Introduce a temporary mutex, mac_ifnet_mtx, to lock MAC labels on 2004-06-24 03:34:46 +00:00
mac_pipe.c add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
mac_policy.h Introduce p_canwait() and MAC Framework and MAC Policy entry points 2005-04-18 13:36:57 +00:00
mac_process.c Introduce p_canwait() and MAC Framework and MAC Policy entry points 2005-04-18 13:36:57 +00:00
mac_socket.c Introduce three additional MAC Framework and MAC Policy entry points to 2005-04-16 18:46:29 +00:00
mac_syscalls.c In mac_get_fd(), remove unconditional acquisition of Giant around copying 2005-04-16 18:33:13 +00:00
mac_system.c add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
mac_sysv_msg.c Remove an accidental clearing of the new label pointer on a system V 2005-02-24 16:08:41 +00:00
mac_sysv_sem.c Implement MAC entry points relating to System V IPC, calling into the 2004-11-17 13:14:24 +00:00
mac_sysv_shm.c Implement MAC entry points relating to System V IPC, calling into the 2004-11-17 13:14:24 +00:00
mac_vfs.c Move MAC check_vnode_mmap entry point out from being exclusive to 2005-04-14 16:03:30 +00:00