Paths

Table of Contentst

Differential D47603

MAC/do: Remove the 'prison0' special cases in the common paths
Needs ReviewPublic
Actions

Authored by olce on Fri, Nov 15, 5:07 PM.

Tags

None

Referenced Files

	F102709180: D47603.diff
	Sat, Nov 16, 4:29 AM

Subscribers

Details

Reviewers

Summary

This revision is part of a series. Click on the Stack tab below to see the context.
This series has also been squeezed into D47633 to provide an overall view.

Commit message:
The rules on 'prison0' are initialized in init(), now using
set_empty_rules().

Until the jail is destroyed, they can never be uninitialized by a call
to osd_jail_del(), since the only chain to call it is
mac_do_prison_set() -> remove_rules() -> osd_jail_del(), and
mac_do_prison_set() (method PR_METHOD_SET) can never be called on
'prison0'. This guarantees that find_rules() always find a valid
'rules' pointer to return.

There's no need to do anything special in destroy() for 'prison0', as
osd_jail_deregister() now takes care of it.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 60594
Build 57478: arc lint + arc unit

Event Timeline

olce created this revision.Fri, Nov 15, 5:07 PM

Herald added a subscriber: imp. · View Herald TranscriptFri, Nov 15, 5:07 PM

olce requested review of this revision.Fri, Nov 15, 5:07 PM

Harbormaster completed remote builds in B60594: Diff 146536.Fri, Nov 15, 5:07 PM

olce edited the summary of this revision. (Show Details)Fri, Nov 15, 10:44 PM

olce added a parent revision: D47602: MAC/do: Enable changing 'security.mac.do.rules' from a jail.Fri, Nov 15, 10:47 PM

olce added a child revision: D47604: MAC/do: Move destroy() to a better place.

olce added a reviewer: bapt.Fri, Nov 15, 10:49 PM

olce added subscribers: lwhsu, emaste.Fri, Nov 15, 10:52 PM

Revision Contents
Changeset List

Path

Size

sys/

security/

mac_do/

27 lines

Diff 146536

sys/security/mac_do/mac_do.c

Loading...