From 9ecf925a7d952716f0fd6c5a64b072a3caee80af Mon Sep 17 00:00:00 2001 From: rwatson Date: Wed, 5 Mar 2003 23:50:15 +0000 Subject: Provide a mac_check_system_swapoff() entry point, which permits MAC modules to authorize disabling of swap against a particular vnode. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/security/mac/mac_framework.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'sys/security/mac/mac_framework.c') diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index e98a50c..a766006 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -2694,6 +2694,20 @@ mac_check_system_swapon(struct ucred *cred, struct vnode *vp) } int +mac_check_system_swapoff(struct ucred *cred, struct vnode *vp) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_system_swapoff"); + + if (!mac_enforce_system) + return (0); + + MAC_CHECK(check_system_swapoff, cred, vp, &vp->v_label); + return (error); +} + +int mac_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) { -- cgit v1.1