Add a placeholder for the execve_mac() system call, similar to SELinux's
execve_secure() system call, which permits a process to pass in a label for a label change during exec. This permits SELinux to change the label for the resulting exec without a race following a manual label change on the process. Because this interface uses our general purpose MAC label abstraction, we call it execve_mac(), and wrap our port of SELinux's execve_secure() around it with appropriate sid mappings. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
This commit is contained in:
parent
ae81971478
commit
f3cd77cf07
@ -585,3 +585,4 @@
|
||||
412 UNIMPL BSD extattr_set_link
|
||||
413 UNIMPL BSD extattr_get_link
|
||||
414 UNIMPL BSD extattr_delete_link
|
||||
415 UNIMPL BSD __execve_mac
|
||||
|
@ -585,3 +585,4 @@
|
||||
412 UNIMPL BSD extattr_set_link
|
||||
413 UNIMPL BSD extattr_get_link
|
||||
414 UNIMPL BSD extattr_delete_link
|
||||
415 UNIMPL BSD __execve_mac
|
||||
|
@ -585,3 +585,4 @@
|
||||
412 UNIMPL BSD extattr_set_link
|
||||
413 UNIMPL BSD extattr_get_link
|
||||
414 UNIMPL BSD extattr_delete_link
|
||||
415 UNIMPL BSD __execve_mac
|
||||
|
@ -598,6 +598,7 @@
|
||||
void *data, size_t nbytes); }
|
||||
414 STD BSD { int extattr_delete_link(const char *path, \
|
||||
int attrnamespace, const char *attrname); }
|
||||
415 UNIMPL BSD __execve_mac
|
||||
|
||||
; Please copy any additions and changes to the following compatability tables:
|
||||
; sys/ia64/ia32/syscalls.master (take a best guess)
|
||||
|
Loading…
Reference in New Issue
Block a user