diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-11-05 14:57:49 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-11-05 14:57:49 +0000 |
commit | c2166f1034cafe467058e46b1391fc62e348cf59 (patch) | |
tree | d61b1553d8b9cc78bc9920dac5971244182b2e2b /sys/kern/kern_mac.c | |
parent | 430eab0e437bb1bff7355ce0b173a649c8d75b85 (diff) | |
download | FreeBSD-src-c2166f1034cafe467058e46b1391fc62e348cf59.zip FreeBSD-src-c2166f1034cafe467058e46b1391fc62e348cf59.tar.gz |
Hook up the mac_will_execve_transition() and mac_execve_transition()
entrypoints, #ifdef MAC. The supporting logic already existed in
kern_mac.c, so no change there. This permits MAC policies to cause
a process label change as the result of executing a binary --
typically, as a result of executing a specially labeled binary.
For example, the SEBSD port of SELinux/FLASK uses this functionality
to implement TE type transitions on processes using transitioning
binaries, in a manner similar to setuid. Policies not implementing
a notion of transition (all the ones in the tree right now) require
no changes, since the old label data is copied to the new label
via mac_create_cred() even if a transition does occur.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/kern/kern_mac.c')
0 files changed, 0 insertions, 0 deletions