K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-11-05T14:57:49.000000Z
K 7
svn:log
V 808
Hook up the mac_will_execve_transition() and mac_execve_transition()
entrypoints, #ifdef MAC.  The supporting logic already existed in
kern_mac.c, so no change there.  This permits MAC policies to cause
a process label change as the result of executing a binary --
typically, as a result of executing a specially labeled binary.

For example, the SEBSD port of SELinux/FLASK uses this functionality
to implement TE type transitions on processes using transitioning
binaries, in a manner similar to setuid.  Policies not implementing
a notion of transition (all the ones in the tree right now) require
no changes, since the old label data is copied to the new label
via mac_create_cred() even if a transition does occur.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

END