From owner-cvs-all@FreeBSD.ORG Thu Jul 31 16:59:12 2008 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 67A611065670; Thu, 31 Jul 2008 16:59:12 +0000 (UTC) (envelope-from csjp@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 5753D8FC13; Thu, 31 Jul 2008 16:59:12 +0000 (UTC) (envelope-from csjp@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m6VGxCRk018876; Thu, 31 Jul 2008 16:59:12 GMT (envelope-from csjp@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m6VGxC2R018875; Thu, 31 Jul 2008 16:59:12 GMT (envelope-from csjp@repoman.freebsd.org) Message-Id: <200807311659.m6VGxC2R018875@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to csjp@repoman.freebsd.org using -f From: "Christian S.J. Peron" Date: Thu, 31 Jul 2008 16:57:41 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: src/sys/kern vfs_cache.c src/sys/security/audit audit_bsm_klib.c src/sys/sys vnode.h X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2008 16:59:12 -0000 csjp 2008-07-31 16:57:41 UTC FreeBSD src repository Modified files: sys/kern vfs_cache.c sys/security/audit audit_bsm_klib.c sys/sys vnode.h Log: SVN rev 181060 on 2008-07-31 16:57:41Z by csjp Currently, BSM audit pathname token generation for chrooted or jailed processes are not producing absolute pathname tokens. It is required that audited pathnames are generated relative to the global root mount point. This modification changes our implementation of audit_canon_path(9) and introduces a new function: vn_fullpath_global(9) which performs a vnode -> pathname translation relative to the global mount point based on the contents of the name cache. Much like vn_fullpath, vn_fullpath_global is a wrapper function which called vn_fullpath1. Further, the string parsing routines have been converted to use the sbuf(9) framework. This change also removes the conditional acquisition of Giant, since the vn_fullpath1 method will not dip into file system dependent code. The vnode locking was modified to use vhold()/vdrop() instead the vref() and vrele(). This will modify the hold count instead of modifying the user count. This makes more sense since it's the kernel that requires the reference to the vnode. This also makes sure that the vnode does not get recycled we hold the reference to it. [1] Discussed with: rwatson Reviewed by: kib [1] MFC after: 2 weeks Revision Changes Path 1.122 +26 -0 src/sys/kern/vfs_cache.c 1.17 +93 -55 src/sys/security/audit/audit_bsm_klib.c 1.337 +2 -0 src/sys/sys/vnode.h