- Synchronize label initialization and destruction arguments: in some
cases, the object pointer was still present as an argument to label init/destroy calls, although it was removed in the source a while back. In some cases, we've added blocking dispositions to initialization calls that previously didn't have them (ipq), so add that also. Generally call 'how' 'flag' instead to match the prototypes in mac_policy.h. - Add missing descriptions of mpo_destroy_vnode_label(), and the recently added mpo_copy_mbuf_label(). Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
This commit is contained in:
Robert Watson
parent
e51825dea9
commit
bdfc29bc51
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=16611
2 changed files with 178 additions and 150 deletions
en_US.ISO8859-1/books
|
|
@ -623,8 +623,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_bpfdesc_label</function></funcdef>
|
||||
|
||||
<paramdef>struct bpf_d
|
||||
*<parameter>bpf_d</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -635,11 +633,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>bpf_d</parameter></entry>
|
||||
<entry>Object; bpf descriptor</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>New label to apply</entry>
|
||||
|
|
@ -690,8 +683,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_devfsdirent_label</function></funcdef>
|
||||
|
||||
<paramdef>struct devfs_dirent
|
||||
*<parameter>devfs_dirent</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -702,11 +693,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>devfs_dirent</parameter></entry>
|
||||
<entry>Object; devfs directory entry</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>New label to apply</entry>
|
||||
|
|
@ -727,8 +713,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_ifnet_label</function></funcdef>
|
||||
|
||||
<paramdef>struct ifnet
|
||||
*<parameter>ifnet</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -739,11 +723,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>ifnet</parameter></entry>
|
||||
<entry>Object; network interface</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>New label to apply</entry>
|
||||
|
|
@ -764,10 +743,9 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_ipq_label</function></funcdef>
|
||||
|
||||
<paramdef>struct ipq
|
||||
*<parameter>ipq</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
<paramdef>int <parameter>flag</parameter></paramdef>
|
||||
</funcprototype>
|
||||
</funcsynopsis>
|
||||
|
||||
|
|
@ -776,21 +754,30 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>ipq</parameter></entry>
|
||||
<entry>Object; IP reassembly queue</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>New label to apply</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>flag</parameter></entry>
|
||||
<entry>Blocking/non-blocking &man.malloc.9;; see
|
||||
below</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</informaltable>
|
||||
|
||||
<para>Initialize the label on a newly instantiated IP fragment
|
||||
reassembly queue.</para>
|
||||
reassembly queue. The <parameter>flag</parameter> field may
|
||||
be one of <symbol>M_WAITOK</symbol> and <symbol>M_NOWAIT</symbol>,
|
||||
and should be employed to avoid performing a blocking
|
||||
&man.malloc.9; during this initialization call. IP fragment
|
||||
reassembly queue allocation frequently occurs in performance
|
||||
sensitive environments, and the implementation should be careful
|
||||
to avoid blocking or long-lived operations. This entry point
|
||||
is permitted to fail resulting in the failure to allocate
|
||||
the IP fragment reassembly queue.</para>
|
||||
</sect3>
|
||||
|
||||
<sect3 id="mac-mpo-init-mbuf">
|
||||
|
|
@ -801,9 +788,7 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_mbuf_label</function></funcdef>
|
||||
|
||||
<paramdef>struct mbuf
|
||||
*<parameter>mbuf</parameter></paramdef>
|
||||
<paramdef>int <parameter>how</parameter></paramdef>
|
||||
<paramdef>int <parameter>flag</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -815,12 +800,7 @@
|
|||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>mbuf</parameter></entry>
|
||||
<entry>Object; mbuf</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>how</parameter></entry>
|
||||
<entry><parameter>flag</parameter></entry>
|
||||
<entry>Blocking/non-blocking &man.malloc.9;; see
|
||||
below</entry>
|
||||
</row>
|
||||
|
|
@ -834,10 +814,10 @@
|
|||
|
||||
<para>Initialize the label on a newly instantiated mbuf packet
|
||||
header (<parameter>mbuf</parameter>). The
|
||||
<parameter>how</parameter> field may be one of
|
||||
<parameter>flag</parameter> field may be one of
|
||||
<symbol>M_WAITOK</symbol> and <symbol>M_NOWAIT</symbol>, and
|
||||
should be employed to avoid performing a blocking
|
||||
&man.malloc.9; during this initialization call. Mbuf
|
||||
&man.malloc.9; during this initialization call. Mbuf
|
||||
allocation frequently occurs in performance sensitive
|
||||
environments, and the implementation should be careful to
|
||||
avoid blocking or long-lived operations. This entry point
|
||||
|
|
@ -853,8 +833,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_mount_label</function></funcdef>
|
||||
|
||||
<paramdef>struct mount
|
||||
*<parameter>mount</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>mntlabel</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
|
|
@ -868,11 +846,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>mount</parameter></entry>
|
||||
<entry>Object; file system mount point</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>mntlabel</parameter></entry>
|
||||
<entry>Policy label to be initialized for the mount
|
||||
|
|
@ -1061,8 +1034,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_vnode_label</function></funcdef>
|
||||
|
||||
<paramdef>struct vnode
|
||||
*<parameter>vp</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -1073,11 +1044,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>vp</parameter></entry>
|
||||
<entry>Object; file system object</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>New label to initialize</entry>
|
||||
|
|
@ -1128,8 +1094,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_destroy_cred_label</function></funcdef>
|
||||
|
||||
<paramdef>struct ucred
|
||||
*<parameter>cred</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -1140,11 +1104,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>cred</parameter></entry>
|
||||
<entry>Subject; user credential</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>Label being destroyed</entry>
|
||||
|
|
@ -1168,8 +1127,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_destroy_devfsdirent_label</function></funcdef>
|
||||
|
||||
<paramdef>struct devfs_dirent
|
||||
*<parameter>devfs_dirent</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -1180,11 +1137,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>devfs_dirent</parameter></entry>
|
||||
<entry>Object; devfs directory entry</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>Label being destroyed</entry>
|
||||
|
|
@ -1335,8 +1287,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_destroy_mount_label</function></funcdef>
|
||||
|
||||
<paramdef>struct mount
|
||||
*<parameter>mp</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>mntlabel</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
|
|
@ -1349,11 +1299,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>mp</parameter></entry>
|
||||
<entry>Object; file system mount point</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>mntlabel</parameter></entry>
|
||||
<entry>Mount point label being destroyed</entry>
|
||||
|
|
@ -1503,6 +1448,75 @@
|
|||
destroyed.</para>
|
||||
</sect3>
|
||||
|
||||
<sect3 id="mac-mpo-destroy-vnode-label">
|
||||
<title><function>&mac.mpo;_destroy_vnode_label</function></title>
|
||||
|
||||
<funcsynopsis>
|
||||
<funcprototype>
|
||||
<funcdef>void
|
||||
<function>&mac.mpo;_destroy_vnode_label</function></funcdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
</funcsynopsis>
|
||||
|
||||
<informaltable>
|
||||
<tgroup cols="3">
|
||||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>Process label</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</informaltable>
|
||||
|
||||
<para>Destroy the label on a vnode. In this entry point, a
|
||||
policy module should free any internal storage associated
|
||||
with <parameter>label</parameter> so that it may be
|
||||
destroyed.</para>
|
||||
</sect3>
|
||||
|
||||
<sect3 id="mac-mpo-copy-mbuf-label">
|
||||
<title><function>&mac.mpo;_copy_mbuf_label</function></title>
|
||||
|
||||
<funcsynopsis>
|
||||
<funcprototype>
|
||||
<funcdef>void
|
||||
<function>&mac.mpo;_copy_mbuf_label</function></funcdef>
|
||||
|
||||
<paramdef>struct label
|
||||
*<parameter>src</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>dest</parameter></paramdef>
|
||||
</funcprototype>
|
||||
</funcsynopsis>
|
||||
|
||||
<informaltable>
|
||||
<tgroup cols="3">
|
||||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>src</parameter></entry>
|
||||
<entry>Source label</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>dest</parameter></entry>
|
||||
<entry>Destination label</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</informaltable>
|
||||
|
||||
<para>Copy the label information in
|
||||
<parameter>src</parameter> into
|
||||
<parameter>dest</parameter>.</para>
|
||||
</sect3>
|
||||
|
||||
<sect3 id="mac-mpo-copy-pipe-label">
|
||||
<title><function>&mac.mpo;_copy_pipe_label</function></title>
|
||||
|
||||
|
|
|
|||
|
|
@ -623,8 +623,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_bpfdesc_label</function></funcdef>
|
||||
|
||||
<paramdef>struct bpf_d
|
||||
*<parameter>bpf_d</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -635,11 +633,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>bpf_d</parameter></entry>
|
||||
<entry>Object; bpf descriptor</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>New label to apply</entry>
|
||||
|
|
@ -690,8 +683,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_devfsdirent_label</function></funcdef>
|
||||
|
||||
<paramdef>struct devfs_dirent
|
||||
*<parameter>devfs_dirent</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -702,11 +693,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>devfs_dirent</parameter></entry>
|
||||
<entry>Object; devfs directory entry</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>New label to apply</entry>
|
||||
|
|
@ -727,8 +713,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_ifnet_label</function></funcdef>
|
||||
|
||||
<paramdef>struct ifnet
|
||||
*<parameter>ifnet</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -739,11 +723,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>ifnet</parameter></entry>
|
||||
<entry>Object; network interface</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>New label to apply</entry>
|
||||
|
|
@ -764,10 +743,9 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_ipq_label</function></funcdef>
|
||||
|
||||
<paramdef>struct ipq
|
||||
*<parameter>ipq</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
<paramdef>int <parameter>flag</parameter></paramdef>
|
||||
</funcprototype>
|
||||
</funcsynopsis>
|
||||
|
||||
|
|
@ -776,21 +754,30 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>ipq</parameter></entry>
|
||||
<entry>Object; IP reassembly queue</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>New label to apply</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>flag</parameter></entry>
|
||||
<entry>Blocking/non-blocking &man.malloc.9;; see
|
||||
below</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</informaltable>
|
||||
|
||||
<para>Initialize the label on a newly instantiated IP fragment
|
||||
reassembly queue.</para>
|
||||
reassembly queue. The <parameter>flag</parameter> field may
|
||||
be one of <symbol>M_WAITOK</symbol> and <symbol>M_NOWAIT</symbol>,
|
||||
and should be employed to avoid performing a blocking
|
||||
&man.malloc.9; during this initialization call. IP fragment
|
||||
reassembly queue allocation frequently occurs in performance
|
||||
sensitive environments, and the implementation should be careful
|
||||
to avoid blocking or long-lived operations. This entry point
|
||||
is permitted to fail resulting in the failure to allocate
|
||||
the IP fragment reassembly queue.</para>
|
||||
</sect3>
|
||||
|
||||
<sect3 id="mac-mpo-init-mbuf">
|
||||
|
|
@ -801,9 +788,7 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_mbuf_label</function></funcdef>
|
||||
|
||||
<paramdef>struct mbuf
|
||||
*<parameter>mbuf</parameter></paramdef>
|
||||
<paramdef>int <parameter>how</parameter></paramdef>
|
||||
<paramdef>int <parameter>flag</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -815,12 +800,7 @@
|
|||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>mbuf</parameter></entry>
|
||||
<entry>Object; mbuf</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>how</parameter></entry>
|
||||
<entry><parameter>flag</parameter></entry>
|
||||
<entry>Blocking/non-blocking &man.malloc.9;; see
|
||||
below</entry>
|
||||
</row>
|
||||
|
|
@ -834,10 +814,10 @@
|
|||
|
||||
<para>Initialize the label on a newly instantiated mbuf packet
|
||||
header (<parameter>mbuf</parameter>). The
|
||||
<parameter>how</parameter> field may be one of
|
||||
<parameter>flag</parameter> field may be one of
|
||||
<symbol>M_WAITOK</symbol> and <symbol>M_NOWAIT</symbol>, and
|
||||
should be employed to avoid performing a blocking
|
||||
&man.malloc.9; during this initialization call. Mbuf
|
||||
&man.malloc.9; during this initialization call. Mbuf
|
||||
allocation frequently occurs in performance sensitive
|
||||
environments, and the implementation should be careful to
|
||||
avoid blocking or long-lived operations. This entry point
|
||||
|
|
@ -853,8 +833,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_mount_label</function></funcdef>
|
||||
|
||||
<paramdef>struct mount
|
||||
*<parameter>mount</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>mntlabel</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
|
|
@ -868,11 +846,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>mount</parameter></entry>
|
||||
<entry>Object; file system mount point</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>mntlabel</parameter></entry>
|
||||
<entry>Policy label to be initialized for the mount
|
||||
|
|
@ -1061,8 +1034,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_init_vnode_label</function></funcdef>
|
||||
|
||||
<paramdef>struct vnode
|
||||
*<parameter>vp</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -1073,11 +1044,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>vp</parameter></entry>
|
||||
<entry>Object; file system object</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>New label to initialize</entry>
|
||||
|
|
@ -1128,8 +1094,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_destroy_cred_label</function></funcdef>
|
||||
|
||||
<paramdef>struct ucred
|
||||
*<parameter>cred</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -1140,11 +1104,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>cred</parameter></entry>
|
||||
<entry>Subject; user credential</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>Label being destroyed</entry>
|
||||
|
|
@ -1168,8 +1127,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_destroy_devfsdirent_label</function></funcdef>
|
||||
|
||||
<paramdef>struct devfs_dirent
|
||||
*<parameter>devfs_dirent</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
|
|
@ -1180,11 +1137,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>devfs_dirent</parameter></entry>
|
||||
<entry>Object; devfs directory entry</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>Label being destroyed</entry>
|
||||
|
|
@ -1335,8 +1287,6 @@
|
|||
<funcdef>void
|
||||
<function>&mac.mpo;_destroy_mount_label</function></funcdef>
|
||||
|
||||
<paramdef>struct mount
|
||||
*<parameter>mp</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>mntlabel</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
|
|
@ -1349,11 +1299,6 @@
|
|||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>mp</parameter></entry>
|
||||
<entry>Object; file system mount point</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>mntlabel</parameter></entry>
|
||||
<entry>Mount point label being destroyed</entry>
|
||||
|
|
@ -1503,6 +1448,75 @@
|
|||
destroyed.</para>
|
||||
</sect3>
|
||||
|
||||
<sect3 id="mac-mpo-destroy-vnode-label">
|
||||
<title><function>&mac.mpo;_destroy_vnode_label</function></title>
|
||||
|
||||
<funcsynopsis>
|
||||
<funcprototype>
|
||||
<funcdef>void
|
||||
<function>&mac.mpo;_destroy_vnode_label</function></funcdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>label</parameter></paramdef>
|
||||
</funcprototype>
|
||||
</funcsynopsis>
|
||||
|
||||
<informaltable>
|
||||
<tgroup cols="3">
|
||||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>label</parameter></entry>
|
||||
<entry>Process label</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</informaltable>
|
||||
|
||||
<para>Destroy the label on a vnode. In this entry point, a
|
||||
policy module should free any internal storage associated
|
||||
with <parameter>label</parameter> so that it may be
|
||||
destroyed.</para>
|
||||
</sect3>
|
||||
|
||||
<sect3 id="mac-mpo-copy-mbuf-label">
|
||||
<title><function>&mac.mpo;_copy_mbuf_label</function></title>
|
||||
|
||||
<funcsynopsis>
|
||||
<funcprototype>
|
||||
<funcdef>void
|
||||
<function>&mac.mpo;_copy_mbuf_label</function></funcdef>
|
||||
|
||||
<paramdef>struct label
|
||||
*<parameter>src</parameter></paramdef>
|
||||
<paramdef>struct label
|
||||
*<parameter>dest</parameter></paramdef>
|
||||
</funcprototype>
|
||||
</funcsynopsis>
|
||||
|
||||
<informaltable>
|
||||
<tgroup cols="3">
|
||||
&mac.thead;
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>src</parameter></entry>
|
||||
<entry>Source label</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>dest</parameter></entry>
|
||||
<entry>Destination label</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</informaltable>
|
||||
|
||||
<para>Copy the label information in
|
||||
<parameter>src</parameter> into
|
||||
<parameter>dest</parameter>.</para>
|
||||
</sect3>
|
||||
|
||||
<sect3 id="mac-mpo-copy-pipe-label">
|
||||
<title><function>&mac.mpo;_copy_pipe_label</function></title>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue