CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	rwatson <rwatson@FreeBSD.org>
	Wed, 31 Jul 2002 15:45:16 +0000 (15:45 +0000)
committer	rwatson <rwatson@FreeBSD.org>
	Wed, 31 Jul 2002 15:45:16 +0000 (15:45 +0000)
commit	751f2d0c51ea2bbdb1625338052d19ecbb5f9f26
tree	ed4ec9c3ffc090c01937ac072f89167be5573552	tree \| snapshot
parent	d829fd90ded403dd4a4a677af12efeec9fef680d	commit \| diff

Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument devfs to support per-dirent MAC labels.  In particular,
invoke MAC framework when devfs directory entries are instantiated
due to make_dev() and related calls, and invoke the MAC framework
when vnodes are instantiated from these directory entries.  Implement
vop_setlabel() for devfs, which pushes the label update into the
devfs directory entry for semi-persistant store.  This permits the MAC
framework to assign labels to devices and directories as they are
instantiated, and export access control information via devfs vnodes.

Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs

sys/fs/devfs/devfs_devs.c		diff \| blob \| history
sys/fs/devfs/devfs_vfsops.c		diff \| blob \| history
sys/fs/devfs/devfs_vnops.c		diff \| blob \| history