Date: Mon, 28 Sep 2009 20:36:53 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: John Baldwin <jhb@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Jamie Gritton <jamie@freebsd.org> Subject: Re: svn commit: r197584 - head/sys/rpc/rpcsec_gss Message-ID: <alpine.BSF.2.00.0909282035440.20605@fledge.watson.org> In-Reply-To: <200909281511.25338.jhb@freebsd.org> References: <200909281855.n8SItTDF062998@svn.freebsd.org> <200909281511.25338.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Sep 2009, John Baldwin wrote: > ============================================================================== >> --- head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Mon Sep 28 18:54:26 2009 > (r197583) >> +++ head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Mon Sep 28 18:55:29 2009 > (r197584) >> @@ -449,6 +449,8 @@ rpc_gss_svc_getcred(struct svc_req *req, >> cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid; >> cr->cr_rgid = cr->cr_svgid = uc->gid; >> crsetgroups(cr, uc->gidlen, uc->gidlist); >> + cr->cr_prison = &prison0; >> + prison_hold(cr->cr_prison); >> *crp = crhold(cr); >> >> return (TRUE); > > FYI, it would be nice if prison_hold() returned a pointer to the prison as > you can then do what crhold() does above: > > cr->cr_prison = prison_hold(&prison0); > > I prefer combining the refcount and assignment into one step with the goal > of avoiding outright assignments that don't go via foo_hold() or fooref() > for refcounted objects. In the long-term, explicit references to proc0, prison0, thread0, filedesc0, ... all make me rather nervous. I'd rather that all these things were linked to either the credentials of the file system mount, the user thread, or perhaps gssd in some cases. From the perspective if virtualization, the file system mount credential seems the most likely candidate. Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0909282035440.20605>