* Add .Vt in the right places, transform some .Fa to .Vt, depending
on discussion context.
* When refering to the function malloc(), use .Fn, and not .Xr.
* Add `The' to prefix a sentence when describing a function, so
it results in ``The xxx() function..."
* Use `system call' instead of `syscall'.
* Improve the sentence which discusses accept_filt_generic_mod_event();
Talk about moduledata_t, and refer to the DECLARE_MODULE(9) manual
page.
* Properly markup .An (Author Name) throughout the AUTHORS section.
* Remove first person sentence start.
* Make use of .Dv for LEASE_READ and LEASE_WRITE.
* Move the LOCKS section below the standard mdoc(7) RETURN VALUES
section.
* Cleanup grammar for RETURN VALUES and AUTHORS section.
* Remove redundant sentence on return values.
to a multiple of the access byte width. This overcomes errors in the
AML often found in Toshiba laptops. These errors were allowed by
the Microsoft ASL compiler and interpreter. This will NOT be imported
by ACPI-CA so make the change on our local branch. File was already off
the vendor branch.
Submitted by: blaz
Original idea: Rick Richardson for Linux
enable strict checks of the AML. Our default behavior will be to relax
checks to work on as many platforms as possible. Also clean up and document
other ACPI options while I'm here.
Include src/sys/security/mac/mac_internal.h in kern_mac.c.
Remove redundant defines from the include: SYSCTL_DECL(), debug macros,
composition macros.
Unstaticize various bits now exposed to the remainder of the kernel:
mac_init_label(), mac_destroy_label().
Remove all the functions now implemented in mac_process/mac_vfs/mac_net/
mac_pipe. Also remove debug counters, sysctls exporting debug
counters, enforcement flags, sysctls exporting enforcement flags.
Leave module declaration, sysctl nodes, mactemp malloc type, system
calls.
This should conclude MAC/LINT/NOTES breakage from the break-out process,
but I'm running builds now to make sure I caught everything.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Unstaticize mac_late.
Remove ea_warn_once, now in mac_vfs.c.
Unstaticisize mac_policy_list, mac_static_policy_list, use
struct mac_policy_list_head instead of LIST_HEAD() directly.
Unstaticize and un-inline MAC policy locking functions so they can
be referenced from mac_*.c.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
security/mac/mac_net.c
security/mac/mac_pipe.c
security/mac/mac_process.c
security/mac/mac_system.c
security/mac/mac_vfs.c
Note: Here begins a period of NOTES/LINT build breakage due to duplicate
symbols that will shortly be removed from kern_mac.c.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Extended attribute transaction warning flag if transactions aren't
supported on the EA implementation being used.
Debug fallback flag to permit a less conservative fallback if reading
an on-disk label fails.
Enforce_fs toggle to enforce file systme access control.
Debugging counters for file system objects: mounts, vnodes, devfs_dirents.
Object initialization, destruction, copying, internalization,
externalization, relabeling for file system objects.
Life cycle operations for devfs entries.
Generic extended attribute label implementation for use by UFS, UFS2 in
multilabel mode.
Generic single-level label implementation for use by all file systems
when in singlelabel mode.
Exec-time transition based on file label entry points.
Vnode operation access control checks (many).
Mount operation access control checks (few).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Pipe enforcement flag.
Pipe object debugging counters.
MALLOC type for MAC label storage.
Pipe MAC label management routines, externalize/internalization/change
routines.
Pipe MAC access control checks.
Un-staticize functions called from mac_set_fd() when operating on a
pipe. Abstraction improvements in this space seem likely.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Network and socket enforcement toggles.
Counters for network objects (mbufs, ifnets, bpfdecs, sockets, and ipqs).
Label management routines for network objects.
Life cycle events for network objects.
Label internalization/externalization/relabel for ifnets, sockets,
including ioctl implementations for sockets, ifnets.
Access control checks relating to network obejcts.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
in mac_internal.h:
Sysctl tree declarations.
Policy list structure definition.
Policy list variables (static, dynamic).
mac_late flag.
Enforcement flags for process, vm, which have checks in multiple files.
mac_labelmbufs variable to drive conditional mbuf labeling.
M_MACTEMP malloc type.
Debugging counter macros.
MAC Framework infrastructure primitives, including policy locking
primitives, kernel label initialization/destruction, userland
label consistency checks, policy slot allocation.
Per-object interfaces for objects that are internalized and externalized
using system calls that will remain centrally defined: credentials,
pipes, vnodes.
MAC policy composition macros: MAC_CHECK, MAC_BOOLEAN, MAC_EXTERNALIZE,
MAC_INTERNALIZE, MAC_PERFORM.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
vm_pageout_scan(). Rationale: I don't like leaving a busy page in the
cache queue with neither the vm object nor the vm page queues lock held.
- Assert that the page is active in vm_pageout_page_stats().
src/sys/security/mac/mac_{internal.h,net.c,pipe.c,process.c,system.c,
vfs.c}. kern_mac.c has rapidly become the second-largest file in
src/sys/kern, and was not well organized. In follow-up commits,
components of the MAC Framework will be broken out into different
mac_* files.
Thanks Joe!