From fc71ee3677f823a7fe67b0d129e3512e8b4b3b2e Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Tue, 30 Jul 2002 22:22:35 +0000
Subject: [PATCH] Begin committing support for Mandatory Access Control and
 extensible kernel access control.  The MAC framework permits loadable kernel
 modules to link to the kernel at compile-time, boot-time, or run-time, and
 augment the system security policy.  This commit includes the initial kernel
 implementation, although the interface with the userland components of the
 oeprating system is still under work, and not all kernel subsystems are
 supported.  Later in this commit sequence, documentation of which kernel
 subsystems will not work correctly with a kernel compiled with MAC support
 will be added.

Label file system mount points, permitting security information to be
maintained at the granularity of the file system.  Two labels are
currently maintained: a security label for the mount itself, and
a default label for objects in the file system (in particular, for
file systems not supporting per-vnode labeling directly).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
---
 sys/sys/mount.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/sys/mount.h b/sys/sys/mount.h
index e5897269c181..ba1b07120a6a 100644
--- a/sys/sys/mount.h
+++ b/sys/sys/mount.h
@@ -43,6 +43,7 @@
  */
 #include <sys/lockmgr.h>
 
+#include <sys/mac.h>
 #include <sys/ucred.h>
 #include <sys/queue.h>
 #include <sys/uio.h>
@@ -149,6 +150,8 @@ struct mount {
 	time_t		mnt_time;		/* last time written*/
 	u_int		mnt_iosize_max;		/* max IO request size */
 	struct netexport *mnt_export;		/* export list */
+	struct label	mnt_mntlabel;		/* MAC label for the mount */
+	struct label	mnt_fslabel;		/* MAC label for the fs */
 };
 #endif /* _KERNEL */