Page MenuHomeFreeBSD
Differential D47603

MAC/do: Remove the 'prison0' special cases in the common paths
ClosedPublic
Actions

Authored by olce on Nov 15 2024, 5:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, May 11, 9:54 PM
Unknown Object (File)
Mon, May 11, 9:17 PM
Unknown Object (File)
Mon, May 11, 8:48 PM
Unknown Object (File)
Sat, Apr 18, 11:56 AM
Unknown Object (File)
Apr 15 2026, 12:13 PM
Unknown Object (File)
Apr 10 2026, 6:00 AM
Unknown Object (File)
Apr 7 2026, 1:09 PM
Unknown Object (File)
Apr 6 2026, 7:03 PM
View All 96 Files
Subscribers
emaste
imp
jlduran
lwhsu

Details

Reviewers
bapt
Commits
rGae2ee5470d9d: MAC/do: Remove the 'prison0' special cases in the common paths
rGbeb5603c51e0: MAC/do: Remove the 'prison0' special cases in the common paths
Summary

This revision is part of a series. Click on the Stack tab below to see the context.
This series has also been squeezed into D47633 to provide an overall view.

Commit message:
The rules on 'prison0' are initialized in init(), now using
set_empty_rules().

Until the jail is destroyed, they can never be uninitialized by a call
to osd_jail_del(), since the only chain to call it is
mac_do_prison_set() -> remove_rules() -> osd_jail_del(), and
mac_do_prison_set() (method PR_METHOD_SET) can never be called on
'prison0'. This guarantees that find_rules() always find a valid
'rules' pointer to return.

There's no need to do anything special in destroy() for 'prison0', as
osd_jail_deregister() now takes care of it.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 60594
Build 57478: arc lint + arc unit

Event Timeline

olce created this revision.Nov 15 2024, 5:07 PM
Herald added a subscriber: imp. · View Herald TranscriptNov 15 2024, 5:07 PM
olce requested review of this revision.Nov 15 2024, 5:07 PM
Harbormaster completed remote builds in B60594: Diff 146536.Nov 15 2024, 5:07 PM
olce edited the summary of this revision. (Show Details)Nov 15 2024, 10:44 PM
olce added a parent revision: D47602: MAC/do: Enable changing 'security.mac.do.rules' from a jail.Nov 15 2024, 10:47 PM
olce added a child revision: D47604: MAC/do: Move destroy() to a better place.
olce added a reviewer: bapt.Nov 15 2024, 10:49 PM
olce added subscribers: lwhsu, emaste.Nov 15 2024, 10:52 PM
olce added a subscriber: jlduran.Nov 18 2024, 8:51 AM
bapt accepted this revision.Nov 19 2024, 8:02 AM
This revision is now accepted and ready to land.Nov 19 2024, 8:02 AM
Closed by commit rGbeb5603c51e0: MAC/do: Remove the 'prison0' special cases in the common paths (authored by olce). · Explain WhyDec 16 2024, 2:46 PM
This revision was automatically updated to reflect the committed changes.
olce added a commit: rGbeb5603c51e0: MAC/do: Remove the 'prison0' special cases in the common paths.
olce added a commit: rGae2ee5470d9d: MAC/do: Remove the 'prison0' special cases in the common paths.Apr 3 2025, 7:35 PM

Revision Contents
Changeset List

PathSize
sys/
security/
mac_do/
27 lines

Diff 146536

View Options

sys/security/mac_do/mac_do.c

Loading...