PERFORCE change 15425 for review
Chris Vance
cvance at tislabs.com
Fri Aug 2 13:46:59 GMT 2002
On Thu, 1 Aug 2002, Robert Watson wrote:
> On Thu, 1 Aug 2002, Chris Vance wrote:
[deleted]
> > + case MAC_SYSCALL:
> > + mpc->mpc_ops->mpo_mac_policy =
> > + mpe->mpe_function;
>
> Looks like you're missing a "break;" here. Should we rename mac_policy()
> to mac_syscall()?
Yes, I am. But nobody calls the destroy hook anyway :)
> > case MAC_DESTROY:
> > mpc->mpc_ops->mpo_destroy =
> > mpe->mpe_function;
> > @@ -3060,6 +3063,40 @@
> > return (error);
> > }
> >
> > +/*
> > + * MPSAFE
> > + */
> > +int
> > +mac_policy(struct thread *td, struct mac_policy_args *uap)
> > +{
> > + int error;
> > + char target[128]; /* TBD: should be MAX_MAXNAME or some such */
>
> We probably should define a MAC_POLICY_MAXNAME or something and use that,
> as well as bound the policy name provided by the policy to that length
> during registration.
I'll fix this monday.
> > + error = copyinstr(uap->policy, target, sizeof(target), NULL);
> > + if (error == ENAMETOOLONG) {
> > + return (EINVAL);
> > + }
>
> I would imagine it's OK to return the error verbatim..?
I wasn't sure what the standard practice for syscalls was, I didn't think
I've ever seen one return ENAMETOOLONG. It doesn't much matter to me.
chris.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list