Add a placeholder for the execve_mac() system call, similar to SELinux's

execve_secure() system call, which permits a process to pass in a label
for a label change during exec.  This permits SELinux to change the
label for the resulting exec without a race following a manual label
change on the process.  Because this interface uses our general purpose
MAC label abstraction, we call it execve_mac(), and wrap our port of
SELinux's execve_secure() around it with appropriate sid mappings.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
This commit is contained in:
rwatson 2002-10-19 21:06:57 +00:00
parent ae81971478
commit f3cd77cf07
4 changed files with 4 additions and 0 deletions

View File

@ -585,3 +585,4 @@
412 UNIMPL BSD extattr_set_link
413 UNIMPL BSD extattr_get_link
414 UNIMPL BSD extattr_delete_link
415 UNIMPL BSD __execve_mac

View File

@ -585,3 +585,4 @@
412 UNIMPL BSD extattr_set_link
413 UNIMPL BSD extattr_get_link
414 UNIMPL BSD extattr_delete_link
415 UNIMPL BSD __execve_mac

View File

@ -585,3 +585,4 @@
412 UNIMPL BSD extattr_set_link
413 UNIMPL BSD extattr_get_link
414 UNIMPL BSD extattr_delete_link
415 UNIMPL BSD __execve_mac

View File

@ -598,6 +598,7 @@
void *data, size_t nbytes); }
414 STD BSD { int extattr_delete_link(const char *path, \
int attrnamespace, const char *attrname); }
415 UNIMPL BSD __execve_mac
; Please copy any additions and changes to the following compatability tables:
; sys/ia64/ia32/syscalls.master (take a best guess)