Provide a mac_check_system_swapoff() entry point, which permits MAC

modules to authorize disabling of swap against a particular vnode. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
author: rwatson <rwatson@FreeBSD.org> 2003-03-05 23:50:15 +0000
committer: rwatson <rwatson@FreeBSD.org> 2003-03-05 23:50:15 +0000
commit: 9ecf925a7d952716f0fd6c5a64b072a3caee80af (patch)
tree: a528f54ce13be77b6cce282371e23bf45a6d45ad /sys/security/mac/mac_pipe.c
parent: 3158a8710ade4d09a7a6763dceb8f57a09acfa9d (diff)
download: FreeBSD-src-9ecf925a7d952716f0fd6c5a64b072a3caee80af.zip
FreeBSD-src-9ecf925a7d952716f0fd6c5a64b072a3caee80af.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
index e98a50c..a766006 100644
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@@ -2694,6 +2694,20 @@ mac_check_system_swapon(struct ucred *cred, struct vnode *vp)
 }
 
 int
+mac_check_system_swapoff(struct ucred *cred, struct vnode *vp)
+{
+	int error;
+
+	ASSERT_VOP_LOCKED(vp, "mac_check_system_swapoff");
+
+	if (!mac_enforce_system)
+		return (0);
+
+	MAC_CHECK(check_system_swapoff, cred, vp, &vp->v_label);
+	return (error);
+}
+
+int
 mac_check_system_sysctl(struct ucred *cred, int *name, u_int namelen,
     void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen)
 {
author	rwatson <rwatson@FreeBSD.org>	2003-03-05 23:50:15 +0000
committer	rwatson <rwatson@FreeBSD.org>	2003-03-05 23:50:15 +0000
commit	9ecf925a7d952716f0fd6c5a64b072a3caee80af (patch)
tree	a528f54ce13be77b6cce282371e23bf45a6d45ad /sys/security/mac/mac_pipe.c
parent	3158a8710ade4d09a7a6763dceb8f57a09acfa9d (diff)
download	FreeBSD-src-9ecf925a7d952716f0fd6c5a64b072a3caee80af.zip FreeBSD-src-9ecf925a7d952716f0fd6c5a64b072a3caee80af.tar.gz