This is a new helper function that leverages existing code: It calls
successively cr_canseeotheruids(), cr_canseeothergids() and cr_canseejailproc()
(as long as the previous didn't deny access). Will be used in a subsequent
commit.
Details
- Reviewers
mjg kib dchagin mhorne olce - Commits
- rG0dafeb5bc874: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
rG768fe2300987: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
rG3ad322db8902: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
rGe4a7b4f99cfd: New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped - Build Status
Buildable 52162 Build 49053: arc lint + arc unit
Event Timeline
sys/kern/kern_prot.c | ||
---|---|---|
1431 | Please mention return values for consistency with other function comments in this file |
sys/kern/kern_prot.c | ||
---|---|---|
1434 | Naming is hard. |
sys/kern/kern_prot.c | ||
---|---|---|
1434 | Indeed. The most important thing is that the name reflects that these are BSD-specific (actually, FreeBSD-specific, but anyway) security policies and that these affect object/subject visibility. I considered naming the function cr_security_bsd_visibility so as to reference the sysctl security.bsd more explicitly, but then the name was longer and probably not more helpful than the short form to people that are not aware of the security.bsd nodes. I'm not that pleased with the name, but it does the job and I couldn't come up with a better idea. Suggestions welcome. |
Mark as accepted again, since the only change is the rename: cr_bsd_visibility() to cr_bsd_visible().