Page MenuHomeFreeBSD
Differential D46899

MAC: Define a common 'mac' node for MAC's jail parameters
ClosedPublic
Actions

Authored by olce on Oct 4 2024, 7:56 AM.
Tags
None
Referenced Files
F109485084: D46899.diff
Wed, Feb 5, 5:13 PM
Unknown Object (File)
Tue, Feb 4, 1:28 AM
Unknown Object (File)
Thu, Jan 30, 4:50 AM
Unknown Object (File)
Mon, Jan 27, 4:35 PM
Unknown Object (File)
Thu, Jan 23, 9:23 PM
Unknown Object (File)
Sat, Jan 18, 2:30 AM
Unknown Object (File)
Fri, Jan 17, 12:26 AM
Unknown Object (File)
Jan 5 2025, 1:37 AM
View All 17 Files
Subscribers
bapt
imp

Details

Reviewers
emaste
jamie
Commits
rGae2383c0dd16: MAC: Define a common 'mac' node for MAC's jail parameters
rG66fb52a27279: MAC: Define a common 'mac' node for MAC's jail parameters
rG5041b20503db: MAC: Define a common 'mac' node for MAC's jail parameters
Summary

To be used by MAC/do.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

olce created this revision.Oct 4 2024, 7:56 AM
Herald added a subscriber: imp. · View Herald TranscriptOct 4 2024, 7:56 AM
olce requested review of this revision.Oct 4 2024, 7:56 AM
Harbormaster completed remote builds in B59710: Diff 144197.Oct 4 2024, 7:56 AM
olce added a subscriber: bapt.Oct 4 2024, 8:17 AM
olce added a parent revision: D46898: MAC: 'kernel_mac_support' module: Make an outdated comment more generic.Oct 4 2024, 8:26 AM
jamie added a comment.Oct 5 2024, 11:57 PM

I suppose this will make more sense once there's at least one MAC policy that has an associated jail parameter. Currently, it seems to suggest (being a jailsys parameter) that there's some sort of valid "new" or "deleted" state for MAC inside the jail.

olce added a comment.EditedOct 7 2024, 10:02 AM
In D46899#1070434, @jamie wrote:

I suppose this will make more sense once there's at least one MAC policy that has an associated jail parameter.

Exactly. All these commits are preparatory ones for deep changes in mac_do(4). Here, the goal is to define a common parameter node so that mac_do(4) will use mac.do to fit its parameters.

Currently, it seems to suggest (being a jailsys parameter) that there's some sort of valid "new" or "deleted" state for MAC inside the jail.

Not sure what you mean here. SYSCTL_JAIL_PARAM_NODE() just declares the common MAC sub-node. mac_do(4) will then indeed use the new SYSCTL_JAIL_PARAM_SYS_SUBNODE() for the mac.do jail parameter "node", effectively intended to be a jailsys one.

jamie accepted this revision.Oct 16 2024, 3:00 AM
In D46899#1070761, @olce wrote:
In D46899#1070434, @jamie wrote:

Currently, it seems to suggest (being a jailsys parameter) that there's some sort of valid "new" or "deleted" state for MAC inside the jail.

Not sure what you mean here. SYSCTL_JAIL_PARAM_NODE() just declares the common MAC sub-node. mac_do(4) will then indeed use the new SYSCTL_JAIL_PARAM_SYS_SUBNODE() for the mac.do jail parameter "node", effectively intended to be a jailsys one.

Eh, just thinking with my fingers on the keyboard - no need to try making sense of it.

This revision is now accepted and ready to land.Oct 16 2024, 3:00 AM
Closed by commit rG5041b20503db: MAC: Define a common 'mac' node for MAC's jail parameters (authored by olce). · Explain WhyDec 16 2024, 2:45 PM
This revision was automatically updated to reflect the committed changes.
olce added a commit: rG5041b20503db: MAC: Define a common 'mac' node for MAC's jail parameters.
olce added a commit: rG66fb52a27279: MAC: Define a common 'mac' node for MAC's jail parameters.Thu, Jan 16, 6:09 PM
olce added a commit: rGae2383c0dd16: MAC: Define a common 'mac' node for MAC's jail parameters.Fri, Jan 17, 12:28 PM

Revision Contents
Changeset List

PathSize
sys/
security/
mac/
6 lines

Diff 148027

View Options

sys/security/mac/mac_framework.c

Loading...