From owner-p4-projects@FreeBSD.ORG Sat May 8 06:31:15 2004 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 178ED16A4D0; Sat, 8 May 2004 06:31:15 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB2CB16A4CE for ; Sat, 8 May 2004 06:31:14 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5464643D3F for ; Sat, 8 May 2004 06:31:14 -0700 (PDT) (envelope-from cvance@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i48DVEGe085544 for ; Sat, 8 May 2004 06:31:14 -0700 (PDT) (envelope-from cvance@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i48DVDff085433 for perforce@freebsd.org; Sat, 8 May 2004 06:31:13 -0700 (PDT) (envelope-from cvance@nailabs.com) Date: Sat, 8 May 2004 06:31:13 -0700 (PDT) Message-Id: <200405081331.i48DVDff085433@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to cvance@nailabs.com using -f From: Chris Vance To: Perforce Change Reviews Subject: PERFORCE change 52507 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 May 2004 13:31:15 -0000 http://perforce.freebsd.org/chv.cgi?CH=52507 Change 52507 by cvance@cvance_sony on 2004/05/08 06:30:25 Fix up SEBSD branch after latest integ: - vfs_mount call syntax error - suser replaced with cap_check - MAC framework now uses struct pipepair instead of struct pipe Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_file.c#9 edit .. //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_stats.c#7 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_conf.c#8 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#31 edit .. //depot/projects/trustedbsd/sebsd/sys/sys/pipe.h#9 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_file.c#9 (text+ko) ==== @@ -811,7 +811,7 @@ iov[3].iov_len = strlen(mntonname) + 1; error = vfs_nmount(td, fsflags, &auio); } else - error = vfs_mount(td, fstypename, mntonname, fsflags, fsdata + error = vfs_mount(td, fstypename, mntonname, fsflags, fsdata, NULL); return (error); } ==== //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_stats.c#7 (text+ko) ==== @@ -268,7 +268,7 @@ linux_statfs.f_bavail = bsd_statfs->f_bavail; linux_statfs.f_ffree = bsd_statfs->f_ffree; linux_statfs.f_files = bsd_statfs->f_files; - if (suser(td)) { + if (cap_check(td, CAP_SYS_ADMIN)) { linux_statfs.f_fsid.val[0] = 0; linux_statfs.f_fsid.val[1] = 0; } else { @@ -317,7 +317,7 @@ linux_statfs.f_bavail = bsd_statfs->f_bavail; linux_statfs.f_ffree = bsd_statfs->f_ffree; linux_statfs.f_files = bsd_statfs->f_files; - if (suser(td)) { + if (cap_check(td, CAP_SYS_ADMIN)) { linux_statfs.f_fsid.val[0] = 0; linux_statfs.f_fsid.val[1] = 0; } else { ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_conf.c#8 (text+ko) ==== @@ -469,7 +469,7 @@ devunlock(); } -dev_t +static dev_t make_dev_credv(struct cdevsw *devsw, int minornr, uid_t uid, gid_t gid, struct ucred *cr, int perms, const char *fmt, ...) { ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#31 (text+ko) ==== @@ -284,13 +284,13 @@ } static int -pipe_has_perm(struct ucred *cred, struct pipe *pipe, access_vector_t perm) +pipe_has_perm(struct ucred *cred, struct pipepair *pp, access_vector_t perm) { struct task_security_struct *task; struct vnode_security_struct *file; task = SLOT(cred->cr_label); - file = SLOT(pipe->pipe_label); + file = SLOT(pp->pp_label); /* * TBD: No audit information yet @@ -1011,31 +1011,31 @@ } static int -sebsd_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, +sebsd_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) { - return (pipe_has_perm(cred, pipe, FIFO_FILE__IOCTL)); + return (pipe_has_perm(cred, pp, FIFO_FILE__IOCTL)); } static int -sebsd_check_pipe_poll(struct ucred *cred, struct pipe *pipe, +sebsd_check_pipe_poll(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { - return (pipe_has_perm(cred, pipe, FIFO_FILE__POLL)); + return (pipe_has_perm(cred, pp, FIFO_FILE__POLL)); } static int -sebsd_check_pipe_read(struct ucred *cred, struct pipe *pipe, +sebsd_check_pipe_read(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { - return (pipe_has_perm(cred, pipe, FIFO_FILE__READ)); + return (pipe_has_perm(cred, pp, FIFO_FILE__READ)); } static int -sebsd_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, +sebsd_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, struct label *newlabel) { struct task_security_struct *task; @@ -1068,19 +1068,19 @@ } static int -sebsd_check_pipe_stat(struct ucred *cred, struct pipe *pipe, +sebsd_check_pipe_stat(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { - return (pipe_has_perm(cred, pipe, FIFO_FILE__GETATTR)); + return (pipe_has_perm(cred, pp, FIFO_FILE__GETATTR)); } static int -sebsd_check_pipe_write(struct ucred *cred, struct pipe *pipe, +sebsd_check_pipe_write(struct ucred *cred, struct pipe *pp, struct label *pipelabel) { - return (pipe_has_perm(cred, pipe, FIFO_FILE__WRITE)); + return (pipe_has_perm(cred, pp, FIFO_FILE__WRITE)); } static int ==== //depot/projects/trustedbsd/sebsd/sys/sys/pipe.h#9 (text+ko) ====