Page MenuHomeFreeBSD
Differential D53960

libjail: extend struct handlers to included MAC labels
ClosedPublic
Actions

Authored by kevans on Nov 27 2025, 6:38 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, May 16, 4:00 AM
Unknown Object (File)
Sat, May 16, 4:00 AM
Unknown Object (File)
Sat, May 16, 3:58 AM
Unknown Object (File)
Thu, May 14, 8:12 AM
Unknown Object (File)
Wed, May 13, 9:24 PM
Unknown Object (File)
Wed, May 13, 5:42 PM
Unknown Object (File)
Wed, May 13, 5:42 PM
Unknown Object (File)
Mon, May 11, 11:30 AM
View All 49 Files
Subscribers
imp

Details

Reviewers
csjp
olce
jamie
Group Reviewers
Jails
Commits
rGdb3b39f063d9: libjail: extend struct handlers to included MAC labels
Summary

MAC label handling is a little special; to avoid being too disruptive,
we allocate a mac_t * here for the value so that we can mac_prepare()
or mac_from_text() into. As a result, we need:

  • A custom free() handler to avoid leaking the *jp_value
  • A custom jailparam_get() handler to mac_prepare() the mac_t and populate the iove properly, so that the kernel doesn't have to do something funky like copyin, dereference, copyin again.
  • A custom jailparam_set() handler to similarly populate the iovec properly.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
lib/
libjail/
192 lines

Diff 169824

View Options

lib/libjail/jail.c

Loading...