Paths

Table of Contentst

Differential D53960

libjail: extend struct handlers to included MAC labels
ClosedPublic
Actions

Authored by kevans on Nov 27 2025, 6:38 PM.

Tags

None

Referenced Files

	F153190516: D53960.id167202.diff
	Sun, Apr 19, 5:12 PM

	Unknown Object (File)
	Sat, Apr 11, 2:29 AM

	Unknown Object (File)
	Thu, Apr 9, 12:48 AM

	Unknown Object (File)
	Wed, Apr 8, 5:28 AM

	Unknown Object (File)
	Mar 13 2026, 1:08 PM

	Unknown Object (File)
	Feb 27 2026, 1:26 PM

	Unknown Object (File)
	Feb 16 2026, 8:32 PM

	Unknown Object (File)
	Feb 16 2026, 1:52 PM

View All 37 Files

Subscribers

Details

Reviewers

csjp
olce
jamie

Group Reviewers

Commits

rGdb3b39f063d9: libjail: extend struct handlers to included MAC labels

Summary

MAC label handling is a little special; to avoid being too disruptive,
we allocate a mac_t * here for the value so that we can mac_prepare()
or mac_from_text() into. As a result, we need:

A custom free() handler to avoid leaking the *jp_value
A custom jailparam_get() handler to mac_prepare() the mac_t and populate the iove properly, so that the kernel doesn't have to do something funky like copyin, dereference, copyin again.
A custom jailparam_set() handler to similarly populate the iovec properly.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kevans created this revision.Nov 27 2025, 6:38 PM

Herald added a subscriber: imp. · View Herald TranscriptNov 27 2025, 6:38 PM

kevans requested review of this revision.Nov 27 2025, 6:38 PM

Harbormaster completed remote builds in B68899: Diff 167202.Nov 27 2025, 6:38 PM

kevans added a parent revision: D53959: libjail: start refactoring struct ioctl support.Nov 27 2025, 6:38 PM

jamie accepted this revision.Dec 2 2025, 4:29 AM

This revision is now accepted and ready to land.Dec 2 2025, 4:29 AM

kevans added a child revision: D54067: jail: document the mac.label parameter.Dec 4 2025, 3:50 AM

Only skimmed over it, but seems good except for one typo.

lib/libjail/jail.c
1308

kevans marked an inline comment as done.Dec 23 2025, 12:22 AM

Closed by commit rGdb3b39f063d9: libjail: extend struct handlers to included MAC labels (authored by kevans). · Explain WhyJan 16 2026, 12:25 AM

This revision was automatically updated to reflect the committed changes.

kevans added a commit: rGdb3b39f063d9: libjail: extend struct handlers to included MAC labels.

Revision Contents
Changeset List

Path

Size

lib/

libjail/

192 lines

Diff 169824

lib/libjail/jail.c

Loading...