| Age | Commit message (Collapse) | Author |
|---|
|
The concept of resource borders is mostly used for resources that can
easily be mapped into memory, synced and contain attributes. However,
some things (e.g., a network resource, keyboard input, etc) may not be
great with raw memory mappings. This commit mitigates this problem.
Signed-off-by: Ian Moffett <ian@osmora.org>
|
|
The map callback within the MAC ops returns ssize_t, therefore the
mac_map() wrapper should return the same
Signed-off-by: Ian Moffett <ian@osmora.org>
|
|
This commit introduces initial support for mandatory access control. As
one may recall, L5 follows "everything is memory". In order to interact
with a resource, a process must request it from the kernel in the form
of a (sometimes) syncable memory buffer.
Each resource as well as processes have an access level, if a process
attempts to request a resource with a higher access level than it, the
request is rejected by the kernel. However, if a process has a greater
than or equal access level as a resource, the request can be granted.
Signed-off-by: Ian Moffett <ian@osmora.org>
|
