Revision tags: release/8.4.0, release/9.1.0, release/8.3.0_cvs, release/8.3.0, release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, release/8.1.0_cvs, release/8.1.0, release/7.3.0_cvs, release/7.3.0, release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0 |
|
#
cee815cf |
| 07-Mar-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Add __FBSDID() tags.
MFC after: 3 days
|
Revision tags: release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0, release/6.2.0_cvs, release/6.2.0, release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0, release/6.0.0_cvs, release/6.0.0, release/5.4.0_cvs, release/5.4.0, release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0, release/4.10.0_cvs, release/4.10.0, release/5.2.1_cvs, release/5.2.1, release/5.2.0_cvs, release/5.2.0 |
|
#
84d9142f |
| 06-Jan-2004 |
Jacques Vidrine <nectar@FreeBSD.org> |
Remove unused variables and function declarations. Add missing headers.
|
#
a2f046e8 |
| 17-Nov-2003 |
Robert Watson <rwatson@FreeBSD.org> |
Staticize label_default_head to prevent it from leaking out of mac.c.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
14346016 |
| 15-Nov-2003 |
Robert Watson <rwatson@FreeBSD.org> |
Remove debugging printf that crept into the last commit.
|
#
6e07ce26 |
| 15-Nov-2003 |
Robert Watson <rwatson@FreeBSD.org> |
/etc/mac.conf is implicitly read and parsed when the MAC configuration is accessed for the first time as a result of an application looking up label configuration information. Previously, the check
/etc/mac.conf is implicitly read and parsed when the MAC configuration is accessed for the first time as a result of an application looking up label configuration information. Previously, the check and read were kicked off by mac_prepare_(typename)() functions; since mac_prepare_type() may now be directly employed by a user process, push the check and initialization into that function.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
show more ...
|
Revision tags: release/4.9.0_cvs, release/4.9.0 |
|
#
7ea02dcd |
| 30-Aug-2003 |
Robert Watson <rwatson@FreeBSD.org> |
Return (-1) not (ENOENT) for mac_prepare_type(), and set errno to ENOENT instead.
Reported by: "Kenneth D. Merry" <ken@kdm.org> Submitted by: Bryan Liesner <bleez@comcast.net>
|
#
930d4ffa |
| 22-Aug-2003 |
Robert Watson <rwatson@FreeBSD.org> |
Make the elements argument to mac_prepare() be const.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
738824ad |
| 22-Aug-2003 |
Robert Watson <rwatson@FreeBSD.org> |
As new objects begin to support new labels, start to generalize the default label support in /etc/mac.conf. Rather than maintain each default label type in an explicit global variable in mac.c, keep
As new objects begin to support new labels, start to generalize the default label support in /etc/mac.conf. Rather than maintain each default label type in an explicit global variable in mac.c, keep a list of defaults loaded from the configuration file. Generalize the parsing so that we support both the older:
default_file_labels foo default_ifnet_labels foo default_process_labels foo
And also a new:
default_labels file foo default_labels ifnet foo default_labels process foo
We now accept arbitrary object classes in the first argument. If the same object is specified more than once, we discard the earlier definition in favor of the later one.
Add a new API, mac_prepare_type(), which accepts a mac_t to prepare, as well as an object name in the second argument, which will pull a default label set for the object out of the configuration loaded by mac_init_internal(). This permits the libc to adapt to new objects known about by applications but not by libc at compile-time.
Also liberalize the error handling a bit: if we're using implicit initialization (i.e., the application didn't explicitly initialize the MAC code), ignore syntax errors and only use valid lines. In the future, we may want to add explicit warnings and do this a bit more consistently.
While here, add support for a MAC_CONFFILE environmental variable, which may be used to specify an alternative mac.conf configuration file if the application isn't running with modified privilege (issetugid()).
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
show more ...
|
Revision tags: release/5.1.0_cvs, release/5.1.0, release/4.8.0_cvs, release/4.8.0 |
|
#
6d7bd75a |
| 18-Feb-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Whack 28 unused variables.
|
Revision tags: release/5.0.0_cvs, release/5.0.0 |
|
#
f8d08150 |
| 05-Nov-2002 |
Robert Watson <rwatson@FreeBSD.org> |
License update authorized by NAI: remove clause 3.
|
#
688dfe45 |
| 27-Oct-2002 |
Garrett Wollman <wollman@FreeBSD.org> |
Do not include <sys/syslimits.h> directly; it is not intended for general consumption.
|
#
4bae1674 |
| 24-Oct-2002 |
Chris Costello <chris@FreeBSD.org> |
Place mac_prepare() with the other mac_prepare*() functions.
|
#
391b1d75 |
| 22-Oct-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Reflect MAC kernel/user API changes into the libc MAC implementation. This removes a lot of complexity, since we basically just reserve space on a retrieval of a label, and pass around strings. Two
Reflect MAC kernel/user API changes into the libc MAC implementation. This removes a lot of complexity, since we basically just reserve space on a retrieval of a label, and pass around strings. Two new elements: (1) consumers of the API must now declare what label elements they are interested in retrieving, or (2) rely on the default provided in a new configuration file, mac.conf.
Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
show more ...
|