Page MenuHomeFreeBSD
Differential D47598

MAC/do: Allocate/deallocate rules as a whole
AcceptedPublic
Actions

Authored by olce on Fri, Nov 15, 5:06 PM.
Tags
None
Referenced Files
F103109078: D47598.diff
Thu, Nov 21, 3:04 AM
Unknown Object (File)
Tue, Nov 19, 3:14 PM
Unknown Object (File)
Tue, Nov 19, 6:10 AM
Unknown Object (File)
Tue, Nov 19, 3:10 AM
Unknown Object (File)
Mon, Nov 18, 8:17 PM
Unknown Object (File)
Mon, Nov 18, 7:54 PM
Unknown Object (File)
Mon, Nov 18, 4:16 PM
Unknown Object (File)
Sat, Nov 16, 7:34 AM
View All 10 Files
Subscribers
emaste
imp
jlduran
lwhsu

Details

Reviewers
bapt
Summary

This revision is part of a series. Click on the Stack tab below to see the context.
This series has also been squeezed into D47633 to provide an overall view.

Commit message:
Stop recycling the top-level 'struct rules' already assigned to jails.
This considerably simplifies the code, as now changing rules on a jail
amounts to just changing the OSD pointer.

Also, this is to increase potential concurrency in preparation for
incoming fixes about enforcing rules. Indeed, keeping these changes
relatively simple requires rules assigned to a jail to slightly outlive
resetting them, which is most easily done by just operating on pointers
to separate rules objects.

The (negligible) price to pay for this change is that setting rules on
a jail now systematically needs to allocate memory (and also that the
OSD slot needs to be accessed twice, once to get the old rules to free
them and another one to set the rules, which was already the case before
when memory had to be allocated).

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 60589
Build 57473: arc lint + arc unit

Event Timeline

olce created this revision.Fri, Nov 15, 5:06 PM
Herald added a subscriber: imp. · View Herald TranscriptFri, Nov 15, 5:06 PM
olce requested review of this revision.Fri, Nov 15, 5:06 PM
Harbormaster completed remote builds in B60589: Diff 146531.Fri, Nov 15, 5:06 PM
olce edited the summary of this revision. (Show Details)Fri, Nov 15, 10:44 PM
olce added a parent revision: D47597: MAC/do: Factor out setting/destroying rule structures.Fri, Nov 15, 10:47 PM
olce added a child revision: D47599: MAC/do: Remove PR_METHOD_REMOVE method.
olce added a reviewer: bapt.Fri, Nov 15, 10:49 PM
olce added subscribers: lwhsu, emaste.Fri, Nov 15, 10:51 PM
olce added a subscriber: jlduran.Mon, Nov 18, 8:51 AM
bapt accepted this revision.Tue, Nov 19, 7:58 AM

I can see now the comment from D47598 is now useless :D

This revision is now accepted and ready to land.Tue, Nov 19, 7:58 AM
olce added a comment.Wed, Nov 20, 12:17 PM
In D47598#1086937, @bapt wrote:

I can see now the comment from D47598 is now useless :D

Well, not completely if my answer there can convince you that casting to void is actually useful (to humans).

Revision Contents
Changeset List

PathSize
sys/
security/
mac_do/
173 lines

Diff 146531

View Options

sys/security/mac_do/mac_do.c

Loading...