Date: Tue, 20 Feb 2001 22:39:57 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/compat/linprocfs linprocfs_misc.c src/sys/compat/linux linux_mib.c src/sys/compat/svr4 svr4_misc.c src/sys/kern init_main.c kern_exit.c kern_fork.c kern_jail.c kern_ktrace.c kern_mib.c kern_proc.c kern_prot.c sysv_msg.c sysv_sem.c ... Message-ID: <200102210639.f1L6dvw85339@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2001/02/20 22:39:57 PST
Modified files:
sys/compat/linprocfs linprocfs_misc.c
sys/compat/linux linux_mib.c
sys/compat/svr4 svr4_misc.c
sys/kern init_main.c kern_exit.c kern_fork.c
kern_jail.c kern_ktrace.c kern_mib.c
kern_proc.c kern_prot.c sysv_msg.c
sysv_sem.c sysv_shm.c tty_pty.c
uipc_socket.c uipc_usrreq.c
vfs_syscalls.c
sys/miscfs/procfs procfs_status.c
sys/net if.c if.h rtsock.c
sys/netinet in.h in_pcb.c tcp_usrreq.c udp_usrreq.c
sys/sys capability.h jail.h proc.h systm.h
ucred.h
Log:
o Move per-process jail pointer (p->pr_prison) to inside of the subject
credential structure, ucred (cr->cr_prison).
o Allow jail inheritence to be a function of credential inheritence.
o Abstract prison structure reference counting behind pr_hold() and
pr_free(), invoked by the similarly named credential reference
management functions, removing this code from per-ABI fork/exit code.
o Modify various jail() functions to use struct ucred arguments instead
of struct proc arguments.
o Introduce jailed() function to determine if a credential is jailed,
rather than directly checking pointers all over the place.
o Convert PRISON_CHECK() macro to prison_check() function.
o Move jail() function prototypes to jail.h.
o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the
flag in the process flags field itself.
o Eliminate that "const" qualifier from suser/p_can/etc to reflect
mutex use.
Notes:
o Some further cleanup of the linux/jail code is still required.
o It's now possible to consider resolving some of the process vs
credential based permission checking confusion in the socket code.
o Mutex protection of struct prison is still not present, and is
required to protect the reference count plus some fields in the
structure.
Reviewed by: freebsd-arch
Obtained from: TrustedBSD Project
Revision Changes Path
1.20 +2 -2 src/sys/compat/linprocfs/linprocfs_misc.c
1.10 +7 -6 src/sys/compat/linux/linux_mib.c
1.25 +1 -10 src/sys/compat/svr4/svr4_misc.c
1.157 +2 -4 src/sys/kern/init_main.c
1.118 +1 -10 src/sys/kern/kern_exit.c
1.100 +1 -6 src/sys/kern/kern_fork.c
1.10 +68 -19 src/sys/kern/kern_jail.c
1.49 +4 -2 src/sys/kern/kern_ktrace.c
1.39 +4 -4 src/sys/kern/kern_mib.c
1.87 +5 -1 src/sys/kern/kern_proc.c
1.75 +30 -19 src/sys/kern/kern_prot.c
1.30 +6 -6 src/sys/kern/sysv_msg.c
1.32 +5 -5 src/sys/kern/sysv_sem.c
1.53 +7 -7 src/sys/kern/sysv_shm.c
1.84 +3 -3 src/sys/kern/tty_pty.c
1.90 +2 -2 src/sys/kern/uipc_socket.c
1.63 +3 -2 src/sys/kern/uipc_usrreq.c
1.178 +3 -2 src/sys/kern/vfs_syscalls.c
1.27 +3 -3 src/sys/miscfs/procfs/procfs_status.c
1.103 +4 -2 src/sys/net/if.c
1.61 +1 -3 src/sys/net/if.h
1.51 +4 -2 src/sys/net/rtsock.c
1.53 +1 -4 src/sys/netinet/in.h
1.77 +11 -10 src/sys/netinet/in_pcb.c
1.54 +5 -2 src/sys/netinet/tcp_usrreq.c
1.85 +6 -3 src/sys/netinet/udp_usrreq.c
1.5 +2 -2 src/sys/sys/capability.h
1.11 +18 -2 src/sys/sys/jail.h
1.152 +2 -3 src/sys/sys/proc.h
1.135 +3 -4 src/sys/sys/systm.h
1.21 +2 -1 src/sys/sys/ucred.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102210639.f1L6dvw85339>