diff options
| author | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2004-02-22 12:31:44 +0000 |
|---|---|---|
| committer | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2004-02-22 12:31:44 +0000 |
| commit | 63dba32b76bdbc5438c5121c7209f7a8f6774b28 (patch) | |
| tree | 1c4d31f4b056d45cd39f0c68f6aad1b1af2ebd1c /sys/sys/mac.h | |
| parent | 47c524ddd41a4d07b2f0d1847ff22c43babbe1ed (diff) | |
| download | src-63dba32b76bdbc5438c5121c7209f7a8f6774b28.tar.gz src-63dba32b76bdbc5438c5121c7209f7a8f6774b28.zip | |
Reimplement sysctls handling by MAC framework.
Now I believe it is done in the right way.
Removed some XXMAC cases, we now assume 'high' integrity level for all
sysctls, except those with CTLFLAG_ANYBODY flag set. No more magic.
Reviewed by: rwatson
Approved by: rwatson, scottl (mentor)
Tested with: LINT (compilation), mac_biba(4) (functionality)
Notes
Notes:
svn path=/head/; revision=126121
Diffstat (limited to 'sys/sys/mac.h')
| -rw-r--r-- | sys/sys/mac.h | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/sys/mac.h b/sys/sys/mac.h index 895c7e305eb1..59c247a5f592 100644 --- a/sys/sys/mac.h +++ b/sys/sys/mac.h @@ -120,6 +120,8 @@ struct mount; struct proc; struct sockaddr; struct socket; +struct sysctl_oid; +struct sysctl_req; struct pipepair; struct thread; struct timespec; @@ -281,9 +283,8 @@ int mac_check_system_reboot(struct ucred *cred, int howto); int mac_check_system_settime(struct ucred *cred); int mac_check_system_swapon(struct ucred *cred, struct vnode *vp); int mac_check_system_swapoff(struct ucred *cred, struct vnode *vp); -int mac_check_system_sysctl(struct ucred *cred, int *name, - u_int namelen, void *old, size_t *oldlenp, int inkernel, - void *new, size_t newlen); +int mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, + void *arg1, int arg2, struct sysctl_req *req); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode); int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp); |