PERFORCE change 188100 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Sun Jan 23 15:25:13 UTC 2011
http://p4web.freebsd.org/@@188100?ac=10
Change 188100 by trasz at trasz_victim on 2011/01/23 15:24:14
Two "deny" rules that differ only by their "amount" value don't make
sense. Prevent it.
Affected files ...
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_rctl.c#15 edit
Differences ...
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_rctl.c#15 (text+ko) ====
@@ -897,6 +897,7 @@
struct uidinfo *uip;
struct prison *pr;
struct loginclass *lc;
+ struct rctl_rule *rule2;
int match;
KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified"));
@@ -905,9 +906,16 @@
return (EOPNOTSUPP);
/*
- * Make sure there are no duplicated rules.
+ * Make sure there are no duplicated rules. Also, for the "deny"
+ * rules, remove ones differing only by "amount".
*/
- rctl_rule_remove(rule);
+ if (rule->rr_action == RCTL_ACTION_DENY) {
+ rule2 = rctl_rule_duplicate(rule, M_WAITOK);
+ rule2->rr_amount = RCTL_AMOUNT_UNDEFINED;
+ rctl_rule_remove(rule2);
+ rctl_rule_release(rule2);
+ } else
+ rctl_rule_remove(rule);
switch (rule->rr_subject_type) {
case RCTL_SUBJECT_TYPE_PROCESS:
@@ -916,9 +924,7 @@
rctl_container_add_rule(&p->p_container, rule);
/*
* In case of per-process rule, we don't have anything more
- * to do. Also, there is no point in increasing reference
- * count, as the per-process containers never have
- * any subcontainers.
+ * to do.
*/
return (0);
More information about the p4-projects
mailing list