Page MenuHomeFreeBSD

MAC: Define a common 'mac' node for MAC's jail parameters
AcceptedPublic

Authored by olce on Oct 4 2024, 7:56 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Oct 31, 10:55 PM
Unknown Object (File)
Thu, Oct 10, 10:29 AM
Unknown Object (File)
Wed, Oct 9, 12:48 PM
Unknown Object (File)
Oct 5 2024, 4:51 PM
Unknown Object (File)
Oct 5 2024, 1:10 PM
Unknown Object (File)
Oct 5 2024, 9:34 AM
Unknown Object (File)
Oct 5 2024, 3:32 AM
Subscribers

Details

Reviewers
emaste
jamie
Summary

To be used by MAC/do.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 59710
Build 56596: arc lint + arc unit

Event Timeline

olce requested review of this revision.Oct 4 2024, 7:56 AM

I suppose this will make more sense once there's at least one MAC policy that has an associated jail parameter. Currently, it seems to suggest (being a jailsys parameter) that there's some sort of valid "new" or "deleted" state for MAC inside the jail.

I suppose this will make more sense once there's at least one MAC policy that has an associated jail parameter.

Exactly. All these commits are preparatory ones for deep changes in mac_do(4). Here, the goal is to define a common parameter node so that mac_do(4) will use mac.do to fit its parameters.

Currently, it seems to suggest (being a jailsys parameter) that there's some sort of valid "new" or "deleted" state for MAC inside the jail.

Not sure what you mean here. SYSCTL_JAIL_PARAM_NODE() just declares the common MAC sub-node. mac_do(4) will then indeed use the new SYSCTL_JAIL_PARAM_SYS_SUBNODE() for the mac.do jail parameter "node", effectively intended to be a jailsys one.

Currently, it seems to suggest (being a jailsys parameter) that there's some sort of valid "new" or "deleted" state for MAC inside the jail.

Not sure what you mean here. SYSCTL_JAIL_PARAM_NODE() just declares the common MAC sub-node. mac_do(4) will then indeed use the new SYSCTL_JAIL_PARAM_SYS_SUBNODE() for the mac.do jail parameter "node", effectively intended to be a jailsys one.

Eh, just thinking with my fingers on the keyboard - no need to try making sense of it.

This revision is now accepted and ready to land.Wed, Oct 16, 3:00 AM