Date: Mon, 18 Nov 2002 07:34:13 -0800 (PST) From: Brian Feldman <green@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 21231 for review Message-ID: <200211181534.gAIFYDjj098240@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=21231 Change 21231 by green@green_laptop_2 on 2002/11/18 07:33:28 Possibly print more vnode info on what causes demotion in mac_lomac. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#42 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#42 (text+ko) ==== @@ -503,8 +503,9 @@ static int maybe_demote(struct mac_lomac *subjlabel, struct mac_lomac *objlabel, - const char *actionname, const char *objname) + const char *actionname, const char *objname, struct vnode *vpq) { + struct vattr va; static const char xxx[] = "<<XXX>>"; struct mac_lomac_proc *subj = PSLOT(&curthread->td_proc->p_label); char *subjlabeltext, *objlabeltext, *subjtext, *text; @@ -572,10 +573,21 @@ free(text, M_MACLOMAC); } pgid = p->p_pgrp->pg_id; /* XXX could be stale? */ - log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to" - " level %s after %s a level-%s %s\n", - subjlabeltext, p->p_pid, pgid, curthread->td_ucred->cr_uid, - p->p_comm, subjtext, actionname, objlabeltext, objname); + if (vpq != NULL && VOP_GETATTR(vpq, &va, curthread->td_ucred, + curthread) == 0) { + log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to" + " level %s after %s a level-%s %s (inode=%ld, " + "mountpount=%s)\n", + subjlabeltext, p->p_pid, pgid, curthread->td_ucred->cr_uid, + p->p_comm, subjtext, actionname, objlabeltext, objname, + va.va_fileid, vpq->v_mount->mnt_stat.f_mntonname); + } else { + log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to" + " level %s after %s a level-%s %s\n", + subjlabeltext, p->p_pid, pgid, curthread->td_ucred->cr_uid, + p->p_comm, subjtext, actionname, objlabeltext, objname); + } + if (subjlabeltext != xxx) free(subjlabeltext, M_MACLOMAC); if (objlabeltext != xxx) @@ -1537,7 +1549,7 @@ */ if (mac_lomac_enabled && revocation_enabled && !mac_lomac_dominate_single(obj, source)) - (void)maybe_demote(source, obj, "executing", "file"); + (void)maybe_demote(source, obj, "executing", "file", vp); } static int @@ -1816,7 +1828,7 @@ obj = SLOT((pipelabel)); if (!mac_lomac_dominate_single(obj, subj)) - return (maybe_demote(subj, obj, "reading", "pipe")); + return (maybe_demote(subj, obj, "reading", "pipe", NULL)); return (0); } @@ -2198,7 +2210,7 @@ } if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { if (!mac_lomac_dominate_single(obj, subj)) - return (maybe_demote(subj, obj, "mapping", "file")); + return (maybe_demote(subj, obj, "mapping", "file", vp)); } return (0); @@ -2286,7 +2298,7 @@ obj = SLOT(label); if (!mac_lomac_dominate_single(obj, subj)) - return (maybe_demote(subj, obj, "reading", "file")); + return (maybe_demote(subj, obj, "reading", "file", vp)); return (0); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211181534.gAIFYDjj098240>