From 62c0c26325de4f6af3bb3b68a34206dc367ed9f9 Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Mon, 12 Aug 2002 01:54:10 +0000
Subject: [PATCH] Introduce IO_NOMACCHECK, a flag that will be passed to
 vn_rdwr() to indicate that the calling code has already performed necessary
 MAC checks (if any) for this operation.  This flag will help resolve layering
 problems that existing because vn_rdwr() is called both on behalf of user
 processes directly (such as in system calls of various sorts, during core
 dumps, etc), as well as deep in the file system code on behalf of the file
 system (such as in UFS, ext2fs, etc).  Code that is acting on behalf of a
 kernel service rather than explicitly on behalf of a user process will
 specify this flag. By default, MAC checks will be performed (and generally
 should be performed).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
---
 sys/sys/vnode.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/sys/vnode.h b/sys/sys/vnode.h
index b0299c5103b2..6ac9bf2fe0b9 100644
--- a/sys/sys/vnode.h
+++ b/sys/sys/vnode.h
@@ -284,6 +284,7 @@ struct vattr {
 #define	IO_NOWDRAIN	0x0200		/* do not block on wdrain */
 #define	IO_EXT		0x0400		/* operate on external attributes */
 #define	IO_NORMAL	0x0800		/* operate on regular data */
+#define	IO_NOMACCHECK	0x1000		/* MAC checks unnecessary */
 
 /*
  *  Modes.  Some values same as Ixxx entries from inode.h for now.