mirror of
https://github.com/opnsense/src.git
synced 2026-03-11 02:31:16 -04:00
c92163dcad
MAP_SHARED so that the entry point gets executed un-conditionally. This may be useful for security policies which want to perform access control checks around run-time linking. -add the mmap(2) flags argument to the check_vnode_mmap entry point so that we can make access control decisions based on the type of mapped object. -update any dependent API around this parameter addition such as function prototype modifications, entry point parameter additions and the inclusion of sys/mman.h header file. -Change the MLS, BIBA and LOMAC security policies so that subject domination routines are not executed unless the type of mapping is shared. This is done to maintain compatibility between the old vm_mmap_vnode(9) and these policies. Reviewed by: rwatson MFC after: 1 month |
||
|---|---|---|
| .. | ||
| mac_framework.c | ||
| mac_framework.h | ||
| mac_inet.c | ||
| mac_internal.h | ||
| mac_label.c | ||
| mac_net.c | ||
| mac_pipe.c | ||
| mac_policy.h | ||
| mac_process.c | ||
| mac_socket.c | ||
| mac_syscalls.c | ||
| mac_system.c | ||
| mac_sysv_msg.c | ||
| mac_sysv_sem.c | ||
| mac_sysv_shm.c | ||
| mac_vfs.c | ||