diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2005-04-18 13:36:57 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2005-04-18 13:36:57 +0000 |
| commit | babe9a2bb37a1c0a1e87cbe5c3ce5fd40c70d990 (patch) | |
| tree | edb79f235bf4b33075b9d7e39ce462e142125e48 /sys/sys/proc.h | |
| parent | da833457ebe3d1ce020fe98888e70ac5cb278f5d (diff) | |
| download | src-babe9a2bb37a1c0a1e87cbe5c3ce5fd40c70d990.tar.gz src-babe9a2bb37a1c0a1e87cbe5c3ce5fd40c70d990.zip | |
Introduce p_canwait() and MAC Framework and MAC Policy entry points
mac_check_proc_wait(), which control the ability to wait4() specific
processes. This permits MAC policies to limit information flow from
children that have changed label, although has to be handled carefully
due to common programming expectations regarding the behavior of
wait4(). The cr_seeotheruids() check in p_canwait() is #if 0'd for
this reason.
The mac_stub and mac_test policies are updated to reflect these new
entry points.
Sponsored by: SPAWAR, SPARTA
Obtained from: TrustedBSD Project
Notes
Notes:
svn path=/head/; revision=145234
Diffstat (limited to 'sys/sys/proc.h')
| -rw-r--r-- | sys/sys/proc.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/sys/proc.h b/sys/sys/proc.h index 1af6b7166a79..7a151bbead49 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -851,6 +851,7 @@ int p_candebug(struct thread *td, struct proc *p); int p_cansee(struct thread *td, struct proc *p); int p_cansched(struct thread *td, struct proc *p); int p_cansignal(struct thread *td, struct proc *p, int signum); +int p_canwait(struct thread *td, struct proc *p); struct pargs *pargs_alloc(int len); void pargs_drop(struct pargs *pa); void pargs_free(struct pargs *pa); |