CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	rwatson <rwatson@FreeBSD.org>
	Sun, 27 Oct 2002 07:12:34 +0000 (07:12 +0000)
committer	rwatson <rwatson@FreeBSD.org>
	Sun, 27 Oct 2002 07:12:34 +0000 (07:12 +0000)
commit	653f637c44410250d66ac8b2f617a644ad3d590c
tree	789bed96910dc8f124a0dca9e09e81693002d3c9	tree \| snapshot
parent	be98961ae9a436687b5316053ddc75281a568984	commit \| diff

Implement mac_check_system_sysctl(), a MAC Framework entry point to
permit MAC policies to augment the security protections on sysctl()
operations.  This is not really a wonderful entry point, as we
only have access to the MIB of the target sysctl entry, rather than
the more useful entry name, but this is sufficient for policies
like Biba that wish to use their notions of privilege or integrity
to prevent inappropriate sysctl modification.  Affects MAC kernels
only.  Since SYSCTL_LOCK isn't in sysctl.h, just kern_sysctl.c,
we can't assert the SYSCTL subsystem lockin the MAC Framework.

Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories

sys/kern/kern_mac.c		diff \| blob \| history
sys/kern/kern_sysctl.c		diff \| blob \| history
sys/security/mac/mac_framework.c		diff \| blob \| history
sys/security/mac/mac_framework.h		diff \| blob \| history
sys/security/mac/mac_internal.h		diff \| blob \| history
sys/security/mac/mac_net.c		diff \| blob \| history
sys/security/mac/mac_pipe.c		diff \| blob \| history
sys/security/mac/mac_policy.h		diff \| blob \| history
sys/security/mac/mac_process.c		diff \| blob \| history
sys/security/mac/mac_syscalls.c		diff \| blob \| history
sys/security/mac/mac_system.c		diff \| blob \| history
sys/security/mac/mac_vfs.c		diff \| blob \| history
sys/sys/mac.h		diff \| blob \| history
sys/sys/mac_policy.h		diff \| blob \| history