two major bugs:
- off-by-one overflow when the length of the source string exceeds or
equals the destination buffer size.
- old version was not padding the destination buffer with null wide chars
if the user has a 'label' entry in their login class. If so, attempt
to set that label on the process as part of the credential setup. If
we're unable to parse the label, or unable to set the label, fail.
In the future, we may also want to warn if a label is set but the
kernel doesn't support MAC.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
This removes a lot of complexity, since we basically just reserve
space on a retrieval of a label, and pass around strings. Two new
elements: (1) consumers of the API must now declare what label
elements they are interested in retrieving, or (2) rely on the default
provided in a new configuration file, mac.conf.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Constify some things.
Staticize some things.
Remove some unused things.
Prototype some things.
Don't install a gazillion man-pages links.
Drop support for ON-TRACK disk-manager.
memory while mapping a virtual address to a physical address.
This allows us to work with virtual addresses for page tables,
provided it doesn't cause infinite recursion. Currently all
page tables are direct mapped.
to bring in the new MAC label management API. With the new API
revision, we have only policy-agnostic code in libc and the base
kernel.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
o fillin media s/h/c fields from new XML phk just added; need this because
sysinstall uses them in the fdisk look-alike
o add new tags to xml parser
o cleanup parser a touch; remove unused tags and move tag parsing stuff to
a table to simplify future additions
o redo callback to pass 64-bit values since mediasize overflows u_int32_t
o loosen parsing sanity checks a touch to deal with new xml we must handle
o move sector size probing to non-geom handling since we now get it from xml
o remove WHOLE_DISK_SLICE buggery now that we get mediasize from xml
get the xml configuration for the devices and "parse" the information to
get what's needed
o replace #ifdef DEBUG constructs with DPRINT/DPRINTX to make the code more
readable
Note the xml "parser" is very very hackish and should be replaced with a
real one. This one was done to be very small and special-purpose; don't
think about copying it elsewhere.
Approved by: phk
group membership requirement if the group has no explicit members listed
in /etc/group. By default, this group is the wheel group; setting this
flag restores the default BSD behavior from 4.x.
Reviewed by: markm
Requested by: various
Sponsored by: DARPA, Network Associates Laboratories
