PERFORCE change 15347 for review
Robert Watson
rwatson at freebsd.org
Thu Aug 1 02:41:27 GMT 2002
On Wed, 31 Jul 2002, Brian Feldman wrote:
> http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15347
>
> Change 15347 by green at green_laptop_2 on 2002/07/31 14:31:24
>
> mac_cred_canexec() no longer exists; use mac_check_vnode_exec().
Hmm. I see the problem you're trying to address by making these locking
changes (proc lock ordering relationship to vnode locks), but I'm not sure
the result of the changes is correct either. Releasing the proc lock here
may have undesirable consequences, since we're in the middle of a process
credential change...
>
> Affected files ...
>
> .. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#28 edit
>
> Differences ...
>
> ==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#28 (text+ko) ====
>
> @@ -398,10 +398,12 @@
> attr.va_gid;
>
> #ifdef MAC
> + PROC_UNLOCK(p);
> vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td);
> will_transition = mac_execve_will_transition(oldcred, imgp->vp);
> credential_changing |= will_transition;
> VOP_UNLOCK(imgp->vp, 0, td);
> + PROC_LOCK(p);
> #endif
>
> if (credential_changing &&
> @@ -438,11 +440,13 @@
> change_egid(newcred, attr.va_gid);
> #ifdef MAC
> if (will_transition) {
> + PROC_UNLOCK(p);
> vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td);
> mac_execve_transition(oldcred, newcred, imgp->vp);
> VOP_UNLOCK(imgp->vp, 0, td);
> + PROC_LOCK(p);
> }
> -#endif
> +#endif /* MAC */
> /*
> * Implement correct POSIX saved-id behavior.
> */
>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list