diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2002-10-27 07:03:29 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2002-10-27 07:03:29 +0000 |
commit | a2ecb9b790665ba2d34021fd9afead85f82760b3 (patch) | |
tree | 68db4a6fce87a1271d7012e61fc2ce77d4d94f2d /sys/sys/mac_policy.h | |
parent | 03ce2c0c9b3ccf695ca181928df8728110287478 (diff) | |
download | src-a2ecb9b790665ba2d34021fd9afead85f82760b3.tar.gz src-a2ecb9b790665ba2d34021fd9afead85f82760b3.zip |
Hook up mac_check_system_reboot(), a MAC Framework entry point that
permits MAC modules to augment system security decisions regarding
the reboot() system call, if MAC is compiled into the kernel.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Notes
Notes:
svn path=/head/; revision=106024
Diffstat (limited to 'sys/sys/mac_policy.h')
-rw-r--r-- | sys/sys/mac_policy.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h index 72da14f5ef89..d92bcf7b98f6 100644 --- a/sys/sys/mac_policy.h +++ b/sys/sys/mac_policy.h @@ -310,6 +310,7 @@ struct mac_policy_ops { struct socket *so, struct label *socketlabel); int (*mpo_check_socket_visible)(struct ucred *cred, struct socket *so, struct label *socketlabel); + int (*mpo_check_system_reboot)(struct ucred *cred, int howto); int (*mpo_check_system_swapon)(struct ucred *cred, struct vnode *vp, struct label *label); int (*mpo_check_vnode_access)(struct ucred *cred, @@ -502,6 +503,7 @@ enum mac_op_constant { MAC_CHECK_SOCKET_RELABEL, MAC_CHECK_SOCKET_SEND, MAC_CHECK_SOCKET_VISIBLE, + MAC_CHECK_SYSTEM_REBOOT, MAC_CHECK_SYSTEM_SWAPON, MAC_CHECK_VNODE_ACCESS, MAC_CHECK_VNODE_CHDIR, |