rwatson 2007-04-22 15:31:22 UTC FreeBSD src repository
Modified files: sys/i386/i386 sys_machdep.c sys/kern kern_linker.c kern_time.c sys/nfsserver nfs_syscalls.c sys/security/mac mac_framework.h mac_policy.h mac_system.c sys/security/mac_biba mac_biba.c sys/security/mac_lomac mac_lomac.c sys/security/mac_stub mac_stub.c sys/security/mac_test mac_test.c Log: Remove MAC Framework access control check entry points made redundant with the introduction of priv(9) and MAC Framework entry points for privilege checking/granting. These entry points exactly aligned with privileges and provided no additional security context: - mac_check_sysarch_ioperm() - mac_check_kld_unload() - mac_check_settime() - mac_check_system_nfsd() Add mpo_priv_check() implementations to Biba and LOMAC policies, which, for each privilege, determine if they can be granted to processes considered unprivileged by those two policies. These mostly, but not entirely, align with the set of privileges granted in jails. Obtained from: TrustedBSD Project Revision Changes Path 1.108 +0 -5 src/sys/i386/i386/sys_machdep.c 1.148 +0 -5 src/sys/kern/kern_linker.c 1.140 +0 -14 src/sys/kern/kern_time.c 1.114 +0 -8 src/sys/nfsserver/nfs_syscalls.c 1.80 +0 -4 src/sys/security/mac/mac_framework.h 1.88 +0 -8 src/sys/security/mac/mac_policy.h 1.111 +16 -47 src/sys/security/mac/mac_system.c 1.103 +179 -39 src/sys/security/mac_biba/mac_biba.c 1.47 +192 -17 src/sys/security/mac_lomac/mac_lomac.c 1.63 +0 -32 src/sys/security/mac_stub/mac_stub.c 1.73 +0 -36 src/sys/security/mac_test/mac_test.c _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"