D54833.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D54833.diff
View Options

	diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
	--- a/sys/security/mac/mac_policy.h
	+++ b/sys/security/mac/mac_policy.h
	@@ -436,6 +436,8 @@
	struct prison pr, struct label prlabel);
	typedef void (mpo_prison_created_t)(struct ucred cred,
	struct prison pr, struct label prlabel);
	+typedef void (mpo_prison_cleanup_t)(struct ucred cred,
	+ struct prison pr, struct label prlabel);
	typedef void (mpo_prison_attached_t)(struct ucred cred,
	struct prison pr, struct label prlabel, struct proc *p,
	struct label *proclabel);
	@@ -909,6 +911,7 @@
	mpo_prison_check_set_t mpo_prison_check_set;
	mpo_prison_check_remove_t mpo_prison_check_remove;
	mpo_prison_created_t mpo_prison_created;
	+ mpo_prison_cleanup_t mpo_prison_cleanup;
	mpo_prison_attached_t mpo_prison_attached;

	mpo_priv_check_t mpo_priv_check;
	diff --git a/sys/security/mac/mac_prison.c b/sys/security/mac/mac_prison.c
	--- a/sys/security/mac/mac_prison.c
	+++ b/sys/security/mac/mac_prison.c
	@@ -94,6 +94,10 @@
	mac_prison_destroy(struct prison *pr)
	{
	mtx_assert(&pr->pr_mtx, MA_OWNED);
	+
	+ /* Symmetry with prison_created */
	+ MAC_POLICY_PERFORM_NOSLEEP(prison_cleanup, curthread->td_ucred, pr,
	+ pr->pr_label);
	mac_prison_label_free(pr->pr_label);
	pr->pr_label = NULL;
	}
	diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
	--- a/sys/security/mac_stub/mac_stub.c
	+++ b/sys/security/mac_stub/mac_stub.c
	@@ -914,6 +914,13 @@

	}

	+static void
	+stub_prison_cleanup(struct ucred cred, struct prison pr,
	+ struct label *prlabel)
	+{
	+
	+}
	+
	static void
	stub_prison_attached(struct ucred cred, struct prison pr,
	struct label prlabel, struct proc p, struct label *proclabel)
	@@ -1923,6 +1930,7 @@
	.mpo_prison_check_set = stub_prison_check_set,
	.mpo_prison_check_remove = stub_prison_check_remove,
	.mpo_prison_created = stub_prison_created,
	+ .mpo_prison_cleanup = stub_prison_cleanup,
	.mpo_prison_attached = stub_prison_attached,

	.mpo_priv_check = stub_priv_check,
	diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
	--- a/sys/security/mac_test/mac_test.c
	+++ b/sys/security/mac_test/mac_test.c
	@@ -1737,6 +1737,16 @@
	COUNTER_INC(prison_created);
	}

	+COUNTER_DECL(prison_cleanup);
	+static void
	+test_prison_cleanup(struct ucred cred, struct prison pr,
	+ struct label *prlabel)
	+{
	+
	+ LABEL_CHECK(prlabel, MAGIC_PRISON);
	+ COUNTER_INC(prison_cleanup);
	+}
	+
	COUNTER_DECL(prison_attached);
	static void
	test_prison_attached(struct ucred cred, struct prison pr,
	@@ -3378,6 +3388,7 @@
	.mpo_prison_check_set = test_prison_check_set,
	.mpo_prison_check_remove = test_prison_check_remove,
	.mpo_prison_created = test_prison_created,
	+ .mpo_prison_cleanup = test_prison_cleanup,
	.mpo_prison_attached = test_prison_attached,

	.mpo_proc_check_debug = test_proc_check_debug,

File Metadata

Mime Type: text/plain
Expires: Tue, Jan 27, 2:22 AM (14 h, 48 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28048495
Default Alt Text: D54833.diff (2 KB)

D54833.diffNo OneTemporaryActions

D54833.diffView Options

File Metadata

Event Timeline

D54833.diff
No OneTemporary
Actions

D54833.diff
View Options