| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
| |
context of sockets, and document EINVAL as a possible failure mode
based on the object selected, not just the label provided.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SO_PEERLABEL. This provides an interface to query the label of a
socket peer without embedding implementation details of mac_t in
the application. Previously, sizeof(*mac_t) had to be specified
by an application when performing getsockopt().
Document mac_get_peer(3), and expand documentation of the other
mac_get(3) functions. Note that it's possible to get EINVAL back
from mac_get_fd(3) when pointing it at an inappropriate object.
NOTE: mac_get_fd() and mac_set_fd() support for sockets will
follow shortly, so the documentation is slightly ahead of the
code.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
| |
mac_free(3), which is used only for variables of type mac_t in
the FreeBSD implementation.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
is accessed for the first time as a result of an application looking
up label configuration information. Previously, the check and read
were kicked off by mac_prepare_(typename)() functions; since
mac_prepare_type() may now be directly employed by a user process,
push the check and initialization into that function.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
| |
rather than generating an error. This is consistent with other tools
printing user and group names, and means you can read the ACL using
our tools rather than being up a creek.
PR: 56991
Submitted by: Michael Bretterklieber <mbretter@a-quadrat.at>
|
| | |
|
| |
|
|
|
|
|
| |
ENOENT instead.
Reported by: "Kenneth D. Merry" <ken@kdm.org>
Submitted by: Bryan Liesner <bleez@comcast.net>
|
| |
|
|
|
| |
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
| |
mac_prepare() APIs.
Add a HISTORY section.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
| |
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the default label support in /etc/mac.conf. Rather than maintain
each default label type in an explicit global variable in mac.c,
keep a list of defaults loaded from the configuration file.
Generalize the parsing so that we support both the older:
default_file_labels foo
default_ifnet_labels foo
default_process_labels foo
And also a new:
default_labels file foo
default_labels ifnet foo
default_labels process foo
We now accept arbitrary object classes in the first argument. If
the same object is specified more than once, we discard the
earlier definition in favor of the later one.
Add a new API, mac_prepare_type(), which accepts a mac_t to
prepare, as well as an object name in the second argument, which
will pull a default label set for the object out of the
configuration loaded by mac_init_internal(). This permits the libc
to adapt to new objects known about by applications but not by libc
at compile-time.
Also liberalize the error handling a bit: if we're using implicit
initialization (i.e., the application didn't explicitly initialize
the MAC code), ignore syntax errors and only use valid lines. In
the future, we may want to add explicit warnings and do this a
bit more consistently.
While here, add support for a MAC_CONFFILE environmental variable,
which may be used to specify an alternative mac.conf configuration
file if the application isn't running with modified privilege
(issetugid()).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
| |
permission set based on a more restrictive mask.
Submitted by: Glen Gibb <grg@ridley.unimelb.edu.au>
|
| |
|
|
| |
Approved by: re (blanket)
|
| |
|
|
| |
Approved by: re (blanket)
|
| | |
|
| |
|
|
|
|
|
| |
from mac.3; likewise, mac.conf.5 from mac_prepare.3.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
| |
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
| |
in the mac.3 library man page. They were already cross-referenced
at the end of the man page, just not explicitly listed here.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
| |
they resemble one another, but POSIX.1e interfaces were not sufficiently
expressive to do what we needed.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
| |
`implicit declaration of function' variety.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Only warnings that could be fixed without changing the generated object
code and without restructuring the source code have been handled.
Reviewed by: /sbin/md5
|
| | |
|
| |
|
|
| |
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
| |
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
| |
Cross-reference mac(4) and mac(9)
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
|
| |
o Link mac_get_pid.3 to mac_get.3
o Update SEE ALSO to refer to mac_prepare, and added missing references
o Remove clause #3 on my work
o Update mac_get.3 for the updated MAC API
Sponsored by: DARPA, Network Associates Laboratories
Obtained from: TrustedBSD Project
|
| |
|
|
|
|
| |
o Document mac_set_link().
Sponsored by: DARPA, Network Associates Labs
|
| |
|
|
|
|
| |
Update copyrights.
Obtained from: TrustedBSD Project
|
| |
|
|
|
|
|
|
| |
- Update BUGS: this stuff is implemented.
- Update last modified date.
- Document acl_set_link_np() call.
Obtained from: TrustedBSD Project
|
| |
|
|
|
|
|
|
|
|
| |
- Updated copyrights, modified dates
- Remove "BUGS" entry indicating that ACLs are unimplemented
- Implement acl_*_link() library wrapper variants for get, set,
delete, aclvalid.
- Document acl_*_link() calls.
Obtained from: TrustedBSD Project
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Approved by: re
|
| |
|
|
|
|
|
| |
necessary nowadays, but is documented as "required", and may
become so again in the future.
Approved by: re
|
| |
|
|
| |
Approved by: re
|
| | |
|
| |
|
|
|
|
|
| |
manipulating file ACLs. Update the status of the implementation a bit,
update the copyright, etc.
Obtained from: TrustedBSD Project
|
| |
|
|
|
| |
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Labs
|
| |
|
|
|
|
|
| |
o Remove a (currently) no-longer-pertinent entry from errors.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Labs
|
| |
|
|
|
| |
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
