git: 301eeb10dc19 - main - MAC/do: Remove PR_METHOD_REMOVE method

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Olivier Certner <olce_at_FreeBSD.org>
Date: Mon, 16 Dec 2024 14:45:46 UTC
The branch main has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=301eeb10dc197986b2b6261b064cbfe96333f7fb

commit 301eeb10dc197986b2b6261b064cbfe96333f7fb
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 12:22:35 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-12-16 14:42:34 +0000

    MAC/do: Remove PR_METHOD_REMOVE method
    
    It isn't really needed, since common jail code destroys jail OSD storage
    at jail destruction (via osd_jail_exit()), triggering our destructor
    dealloc_osd().  Leveraging this mechanism is arguably even better as it
    causes deallocation to always happen without the 'allprison_lock' lock.
    
    While here, make the static definition of 'methods' top-level, renaming
    it to 'osd_methods'.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47599
---
 sys/security/mac_do/mac_do.c | 32 +++++++++++++++-----------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 3f7964220ca4..ed4c984ff559 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -410,15 +410,6 @@ mac_do_prison_create(void *obj, void *data __unused)
 	return (0);
 }
 
-static int
-mac_do_prison_remove(void *obj, void *data __unused)
-{
-	struct prison *pr = obj;
-
-	remove_rules(pr);
-	return (0);
-}
-
 static int
 mac_do_prison_check(void *obj, void *data)
 {
@@ -447,19 +438,26 @@ mac_do_prison_check(void *obj, void *data)
 	return (error);
 }
 
+/*
+ * OSD jail methods.
+ *
+ * There is no PR_METHOD_REMOVE, as OSD storage is destroyed by the common jail
+ * code (see prison_cleanup()), which triggers a run of our dealloc_osd()
+ * destructor.
+ */
+static const osd_method_t osd_methods[PR_MAXMETHOD] = {
+	[PR_METHOD_CREATE] = mac_do_prison_create,
+	[PR_METHOD_GET] = mac_do_prison_get,
+	[PR_METHOD_SET] = mac_do_prison_set,
+	[PR_METHOD_CHECK] = mac_do_prison_check,
+};
+
 static void
 init(struct mac_policy_conf *mpc)
 {
-	static osd_method_t methods[PR_MAXMETHOD] = {
-		[PR_METHOD_CREATE] = mac_do_prison_create,
-		[PR_METHOD_GET] = mac_do_prison_get,
-		[PR_METHOD_SET] = mac_do_prison_set,
-		[PR_METHOD_CHECK] = mac_do_prison_check,
-		[PR_METHOD_REMOVE] = mac_do_prison_remove,
-	};
 	struct prison *pr;
 
-	mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, methods);
+	mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, osd_methods);
 	rules0 = alloc_rules();
 	sx_slock(&allprison_lock);
 	TAILQ_FOREACH(pr, &allprison, pr_list)