svn commit: r184402 - head/sys/security/mac_partition
Robert Watson
rwatson at FreeBSD.org
Tue Oct 28 02:16:35 PDT 2008
Author: rwatson
Date: Tue Oct 28 09:16:34 2008
New Revision: 184402
URL: http://svn.freebsd.org/changeset/base/184402
Log:
Extended comment on why we consider a partition relabel request of "0" to
be a no-op request, and why this might have to change if we want to allow
leaving a partition someday.
Obtained from: TrustedBSD Project
MFC after: 3 days
Modified:
head/sys/security/mac_partition/mac_partition.c
Modified: head/sys/security/mac_partition/mac_partition.c
==============================================================================
--- head/sys/security/mac_partition/mac_partition.c Tue Oct 28 09:12:13 2008 (r184401)
+++ head/sys/security/mac_partition/mac_partition.c Tue Oct 28 09:16:34 2008 (r184402)
@@ -114,7 +114,13 @@ partition_cred_check_relabel(struct ucre
error = 0;
- /* Treat "0" as a no-op request. */
+ /*
+ * Treat "0" as a no-op request because it reflects an unset
+ * partition label. If we ever want to support switching back to an
+ * unpartitioned state for a process, we'll need to differentiate the
+ * "not in a partition" and "no partition defined during internalize"
+ * conditions.
+ */
if (SLOT(newlabel) != 0) {
/*
* Require BSD privilege in order to change the partition.
More information about the svn-src-head
mailing list