Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 10 Jan 2009 21:20:04 GMT
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        freebsd-jail@FreeBSD.org
Subject:   Re: kern/89528: [jail] [patch] impossible to kill a jail
Message-ID:  <200901102120.n0ALK4Ts094874@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR kern/89528; it has been noted by GNATS.

From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/89528: [jail] [patch] impossible to kill a jail
Date: Sat, 10 Jan 2009 21:11:01 +0000 (UTC)

 Before I am going to look it up another few times, this is the commit
 referenced by Andrew Thompson at Fri, 7 Dec 2007 20:21:09 +1300.
 
 Can also be looked up as SVN r174280 these days.
 
 -- 
 Bjoern A. Zeeb                      The greatest risk is not taking one.
 
 ---------- Forwarded message ----------
 Date: Wed, 5 Dec 2007 01:22:03 +0000 (UTC)
 From: Andrew Thompson <thompsa@FreeBSD.org>
 To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
 Subject: cvs commit: src/sys/kern kern_conf.c
 
 thompsa     2007-12-05 01:22:03 UTC
 
    FreeBSD src repository
 
    Modified files:
      sys/kern             kern_conf.c
    Log:
    Apply a workaround for the unkillable jail problem where some devices created
    within the jail are never freed. si_cred is only used by the MAC framework so
    make the cred reference conditional on it being compiled in, this is not a fix
    and will need to be reviewed for any new consumers of si_cred.
 
    This will quell some user complaint when using jails with a default kernel.
 
    Reviewed by:    rwatson
    MFC after:      3 days
 
    Revision  Changes    Path
    1.209     +2 -0      src/sys/kern/kern_conf.c
 
 Index: sys/kern/kern_conf.c
 ===================================================================
 --- sys/kern/kern_conf.c        (revision 174279)
 +++ sys/kern/kern_conf.c        (revision 174280)
 @@ -608,9 +608,11 @@ make_dev_credv(int flags, struct cdevsw *devsw,
 in
          }
 
          dev->si_flags |= SI_NAMED;
 +#ifdef MAC
          if (cr != NULL)
                  dev->si_cred = crhold(cr);
          else
 +#endif
                  dev->si_cred = NULL;
          dev->si_uid = uid;
          dev->si_gid = gid;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901102120.n0ALK4Ts094874>