diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2002-10-22 15:53:43 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2002-10-22 15:53:43 +0000 |
commit | 1cbfd977fdaf8581569f097b51c4a3d8e386aa0b (patch) | |
tree | 6a24bba13df50f300ec31a1b71f9ed5936c155b5 /sys/sys/mac_policy.h | |
parent | 2789e47e2cad8f8a97023475a98de16f6d3e50fe (diff) | |
download | src-1cbfd977fdaf8581569f097b51c4a3d8e386aa0b.tar.gz src-1cbfd977fdaf8581569f097b51c4a3d8e386aa0b.zip |
Introduce MAC_CHECK_VNODE_SWAPON, which permits MAC policies to
perform authorization checks during swapon() events; policies
might choose to enforce protections based on the credential
requesting the swap configuration, the target of the swap operation,
or other factors such as internal policy state.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Notes
Notes:
svn path=/head/; revision=105717
Diffstat (limited to 'sys/sys/mac_policy.h')
-rw-r--r-- | sys/sys/mac_policy.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h index 28ed3a85f2d3..aabc95e3e745 100644 --- a/sys/sys/mac_policy.h +++ b/sys/sys/mac_policy.h @@ -385,6 +385,8 @@ struct mac_policy_ops { int (*mpo_check_vnode_stat)(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label); + int (*mpo_check_vnode_swapon)(struct ucred *cred, + struct vnode *vp, struct label *label); int (*mpo_check_vnode_write)(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label); @@ -531,6 +533,7 @@ enum mac_op_constant { MAC_CHECK_VNODE_SETOWNER, MAC_CHECK_VNODE_SETUTIMES, MAC_CHECK_VNODE_STAT, + MAC_CHECK_VNODE_SWAPON, MAC_CHECK_VNODE_WRITE, }; |