Introduce support for Mandatory Access Control and extensible

kernel access control.

Replace 'void *' with 'struct mac *' now that mac.h is in the base
tree.  The current POSIX.1e-derived userland MAC interface is
schedule for replacement, but will act as a functional placeholder
until the replacement is done.  These system calls allow userland
processes to get and set labels on both the current process, as well
as file system objects and file descriptor backed objects.
This commit is contained in:
Robert Watson 2002-07-30 22:43:20 +00:00
parent 781caa8157
commit 55fb783052

View File

@ -553,12 +553,14 @@
int new_grp_flag); }
382 STD BSD { int thread_wakeup(struct thread_mailbox *tmbx); }
383 MSTD BSD { int kse_yield(void); }
384 MSTD BSD { int __mac_get_proc(void *dummy); }
385 MSTD BSD { int __mac_set_proc(void *dummy); }
386 MSTD BSD { int __mac_get_fd(int fd, void *dummy); }
387 MSTD BSD { int __mac_get_file(const char *path_p, void *dummy); }
388 MSTD BSD { int __mac_set_fd(int fd, void *dummy); }
389 MSTD BSD { int __mac_set_file(const char *path_p, void *dummy); }
384 MSTD BSD { int __mac_get_proc(struct mac *mac_p); }
385 MSTD BSD { int __mac_set_proc(struct mac *mac_p); }
386 MSTD BSD { int __mac_get_fd(int fd, struct mac *mac_p); }
387 MSTD BSD { int __mac_get_file(const char *path_p, \
struct mac *mac_p); }
388 MSTD BSD { int __mac_set_fd(int fd, struct mac *mac_p); }
389 MSTD BSD { int __mac_set_file(const char *path_p, \
struct mac *mac_p); }
390 STD BSD { int kenv(int what, const char *name, char *value, \
int len); }
391 STD BSD { int lchflags(const char *path, int flags); }