D47599.id.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D47599.id.diff
View Options

	diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
	--- a/sys/security/mac_do/mac_do.c
	+++ b/sys/security/mac_do/mac_do.c
	@@ -410,15 +410,6 @@
	return (0);
	}

	-static int
	-mac_do_prison_remove(void obj, void data __unused)
	-{
	- struct prison *pr = obj;
	-
	- remove_rules(pr);
	- return (0);
	-}
	-
	static int
	mac_do_prison_check(void obj, void data)
	{
	@@ -447,19 +438,26 @@
	return (error);
	}

	+/*
	+ * OSD jail methods.
	+ *
	+ * There is no PR_METHOD_REMOVE, as OSD storage is destroyed by the common jail
	+ * code (see prison_cleanup()), which triggers a run of our dealloc_osd()
	+ * destructor.
	+ */
	+static const osd_method_t osd_methods[PR_MAXMETHOD] = {
	+ [PR_METHOD_CREATE] = mac_do_prison_create,
	+ [PR_METHOD_GET] = mac_do_prison_get,
	+ [PR_METHOD_SET] = mac_do_prison_set,
	+ [PR_METHOD_CHECK] = mac_do_prison_check,
	+};
	+
	static void
	init(struct mac_policy_conf *mpc)
	{
	- static osd_method_t methods[PR_MAXMETHOD] = {
	- [PR_METHOD_CREATE] = mac_do_prison_create,
	- [PR_METHOD_GET] = mac_do_prison_get,
	- [PR_METHOD_SET] = mac_do_prison_set,
	- [PR_METHOD_CHECK] = mac_do_prison_check,
	- [PR_METHOD_REMOVE] = mac_do_prison_remove,
	- };
	struct prison *pr;

	- mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, methods);
	+ mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, osd_methods);
	rules0 = alloc_rules();
	sx_slock(&allprison_lock);
	TAILQ_FOREACH(pr, &allprison, pr_list)