Re: git: 4e2121c10afc - main - mac_ddb: add some validation functions
Date: Tue, 19 Jul 2022 14:26:57 UTC
On Mon, Jul 18, 2022 at 10:06:57PM +0000, Allan Jude wrote:
> The branch main has been updated by allanjude:
>
> URL: https://cgit.FreeBSD.org/src/commit/?id=4e2121c10afc3d9273368eae776fe31d0c68ba6a
>
> commit 4e2121c10afc3d9273368eae776fe31d0c68ba6a
> Author: Mitchell Horne <mhorne@FreeBSD.org>
> AuthorDate: 2022-07-18 21:25:00 +0000
> Commit: Allan Jude <allanjude@FreeBSD.org>
> CommitDate: 2022-07-18 22:06:22 +0000
>
> mac_ddb: add some validation functions
>
> These global objects are easy to validate, so provide the helper
> functions to do so and include these commands in the allow lists.
>
> Reviewed by: markj
> Sponsored by: Juniper Networks, Inc.
> Sponsored by: Klara, Inc.
> Differential Revision: https://reviews.freebsd.org/D35372
> ---
> sys/security/mac_ddb/mac_ddb.c | 101 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 101 insertions(+)
> +static int
> +db_show_vnet_valid(db_expr_t addr, bool have_addr, db_expr_t count, char *modif)
> +{
> + VNET_ITERATOR_DECL(vnet);
> +
> + if (!have_addr)
> + return (0);
> +
> + VNET_FOREACH(vnet) {
> + if ((void *)vnet == (void *)addr)
> + return (0);
> + }
> +
> + return (EACCES);
> +}
This seems to break non-VNET builds:
/usr/home/kostik/work/DEV/src/sys/security/mac_ddb/mac_ddb.c:200:15: error: use of undeclared identifier 'vnet'; did you mean 'int'?
if ((void *)vnet == (void *)addr)
^~~~
int
/usr/home/kostik/work/DEV/src/sys/security/mac_ddb/mac_ddb.c:200:15: error: expected expression
2 errors generated.
--- mac_ddb.o ---
*** [mac_ddb.o] Error code 1