diff options
| author | csjp <csjp@FreeBSD.org> | 2006-04-06 23:33:11 +0000 |
|---|---|---|
| committer | csjp <csjp@FreeBSD.org> | 2006-04-06 23:33:11 +0000 |
| commit | be495bef582420958359473d795fa8a169f560f7 (patch) | |
| tree | 1238986aae318c40637c5589ccf1012b648990cc /sys/security/mac/mac_framework.h | |
| parent | eb74e00e0c0b698cccd240b53935b86ae6bb2191 (diff) | |
| download | FreeBSD-src-be495bef582420958359473d795fa8a169f560f7.zip FreeBSD-src-be495bef582420958359473d795fa8a169f560f7.tar.gz | |
Introduce a new MAC entry point for label initialization of the NFS daemon's
credential: mac_associate_nfsd_label()
This entry point can be utilized by various Mandatory Access Control policies
so they can properly initialize the label of files which get created
as a result of an NFS operation. This work will be useful for fixing kernel
panics associated with accessing un-initialized or invalid vnode labels.
The implementation of these entry points will come shortly.
Obtained from: TrustedBSD
Requested by: mdodd
MFC after: 3 weeks
Diffstat (limited to 'sys/security/mac/mac_framework.h')
| -rw-r--r-- | sys/security/mac/mac_framework.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 65d879d..f1b6fe0 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -463,6 +463,7 @@ int mac_setsockopt_label(struct ucred *cred, struct socket *so, int mac_pipe_label_set(struct ucred *cred, struct pipepair *pp, struct label *label); void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); +void mac_associate_nfsd_label(struct ucred *cred); /* * Calls to help various file systems implement labeling functionality |
