aboutsummaryrefslogtreecommitdiff
path: root/sys/security/mac_mls
Commit message (Expand)AuthorAgeFilesLines
* Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessaryEdward Tomasz Napierala2008-10-281-3/+3
* Rename three MAC entry points from _proc_ to _cred_ to reflect the factRobert Watson2008-10-281-38/+38
* Implement MAC policy support for IPv6 fragment reassembly queues,Robert Watson2008-10-261-1/+53
* Add a mac_inpcb_check_visible implementation to all MAC policiesBjoern A. Zeeb2008-10-171-0/+19
* Introduce two related changes to the TrustedBSD MAC Framework:Robert Watson2008-08-231-1/+21
* Minor style tweaks.Robert Watson2008-08-021-9/+4
* Rework the lifetime management of the kernel implementation of POSIXJohn Baldwin2008-06-271-6/+25
* Remove the posixsem_check_destroy() MAC check. It is semantically identicalJohn Baldwin2008-06-231-1/+0
* The TrustedBSD MAC Framework named struct ipq instances 'ipq', which is theRobert Watson2008-06-131-10/+10
* Properly return the error from mls_subject_privileged() in the ifnetRobert Watson2008-01-281-3/+1
* Resort TrustedBSD MAC Framework policy entry point implementations andRobert Watson2007-10-291-897/+904
* Garbage collect mac_mbuf_create_multicast_encap TrustedBSD MAC FrameworkRobert Watson2007-10-281-14/+0
* Continue to move from generic network entry points in the TrustedBSD MACRobert Watson2007-10-281-13/+26
* Move towards more explicit support for various network protocol stacksRobert Watson2007-10-281-13/+49
* Rename 'mac_mbuf_create_from_firewall' to 'mac_netinet_firewall_send' asRobert Watson2007-10-261-4/+4
* Normalize TCP syncache-related MAC Framework entry points to match mostRobert Watson2007-10-251-6/+6
* Rename mac_associate_nfsd_label() to mac_proc_associate_nfsd(), and moveRobert Watson2007-10-251-12/+12
* Consistently name functions for mac_<policy> as <policy>_whatever ratherRobert Watson2007-10-251-729/+720
* Merge first in a series of TrustedBSD MAC Framework KPI changesRobert Watson2007-10-241-293/+298
* Canonicalize naming of local variables for struct ksem and associatedRobert Watson2007-10-211-9/+9
* Rename mac_check_vnode_delete() MAC Framework and MAC Policy entryRobert Watson2007-09-101-25/+25
* When checking labels during a vnode link operation in MLS, use the fileRobert Watson2007-07-231-1/+1
* Rename mac*devfsdirent*() to mac*devfs*() to synchronize with SEDarwin,Robert Watson2007-04-231-4/+5
* Apply variable name normalization to MAC policies: adopt global conventionsRobert Watson2007-04-231-216/+213
* In the MAC Framework implementation, file systems have two per-mountpointRobert Watson2007-04-221-12/+8
* Allow MAC policy modules to control access to audit configuration systemRobert Watson2007-04-211-0/+40
* Introduce accessor functions mac_label_get() and mac_label_set() to replaceRobert Watson2007-02-061-2/+2
* Continue 7-CURRENT MAC Framework rearrangement and cleanup:Robert Watson2007-02-061-1/+0
* Move src/sys/sys/mac_policy.h, the kernel interface between the MACRobert Watson2006-12-221-2/+1
* Teach the MAC policies which utilize mbuf labeling the new syncacheChristian S.J. Peron2006-12-131-0/+25
* Merge posix4/* into normal kernel hierarchy.Tom Rhodes2006-11-111-2/+1
* Introduce a new entry point, mac_create_mbuf_from_firewall. This entry pointChristian S.J. Peron2006-09-121-0/+12
* Fix panic associated with file creation via RPC/NFS when the MLS policyChristian S.J. Peron2006-08-261-0/+12
* Add #include <sys/sx.h>, devfs is going to require this shortly.Poul-Henning Kamp2005-09-191-0/+1
* Remove mac_create_root_mount() and mpo_create_root_mount(), whichRobert Watson2005-09-191-14/+0
* When devfs cloning takes place, provide access to the credential of theRobert Watson2005-07-141-2/+2
* Eliminate MAC entry point mac_create_mbuf_from_mbuf(), which isRobert Watson2005-07-051-22/+0
* Gratuitous renaming of four System V Semaphore MAC Framework entryRobert Watson2005-06-071-6/+6
* Introduce MAC Framework and MAC Policy entry points to label and controlRobert Watson2005-05-041-0/+59
* Move MAC check_vnode_mmap entry point out from being exclusive toChristian S.J. Peron2005-04-141-2/+3
* Remove policy references to mpo_check_vnode_mprotect(), which isRobert Watson2005-01-261-1/+0
* Implement MLS confidentiality protection for System V IPC objectsRobert Watson2005-01-221-5/+391
* Introduce SLOT_SET macro and use it in place of casts as lvalues.Alexander Kabaev2004-07-281-3/+4
* Rename Biba and MLS _single label elements to _effective, which moreRobert Watson2004-07-162-173/+173
* Introduce a temporary mutex, mac_ifnet_mtx, to lock MAC labels onRobert Watson2004-06-241-0/+1
* Do the dreaded s/dev_t/struct cdev */Poul-Henning Kamp2004-06-161-1/+1
* Update my personal copyrights and NETA copyrights in the kernelRobert Watson2004-02-222-4/+4
* Coalesce pipe allocations and frees. Previously, the pipe codeRobert Watson2004-02-011-8/+8
* Switch TCP over to using the inpcb label when responding in timedRobert Watson2003-12-171-0/+13
* Rename mac_create_cred() MAC Framework entry point to mac_copy_cred(),Robert Watson2003-12-061-13/+1