Introduce support for Mandatory Access Control and extensible kernel
access control.
Label process credentials, permitting security information to be
maintained at the granularity of processes and cached credential
objects. cr_label follows the semantics of other entries in struct
ucred: when a credential is exclusively referenced, it may be
modified. Otherwise, it must be treated as immutable. As with
other interesting entries in struct ucred, failing to use the
documented credential management APIs (such as crcopy, crdup, ...)
can result in data corruption or incorrect behavior.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
projects / FreeBSD / FreeBSD.git / commit