PERFORCE change 15878 for review

Mon Aug 12 22:27:43 GMT 2002

On Mon, 12 Aug 2002, Brian Feldman wrote:

> +void
> +sebsd(KINFO *k, VARENT *ve)
> +{
> +	char buf[128];
> +	struct mac_pid_data mpd;
> +	size_t datalen;
> +	VAR *v;
> +
> +	strcpy(buf, "<<whoknows>>");
> +	strcpy(mpd.mpd_name, "trustedbsd_sebsd");
> +	mpd.mpd_data = buf;
> +	datalen = sizeof(buf);
> +	mpd.mpd_datalen = &datalen;
> +	(void)mac_get_pid(k->ki_p->ki_pid, &mpd, 1);
> +	v = ve->var;
> +	(void)printf("%*s", v->width, mpd.mpd_data);
> +}

This looks like it will do distinctly the wrong thing when applied to a
core dump.  You probably need to provide a way to disable printing of
sebsd information when ps is running on a core rather than a live kernel,
or you get the labels from the live kernel processes instead of the core.

> -static void	mac_cred_mmapped_drop_perms(struct thread *td,
> +void	mac_cred_mmapped_drop_perms(struct thread *td,
>  		    struct ucred *cred);

This seems like a somewhat gratuitous change and is clearly unrelated to
your commit message :-).

>  static void	mac_cred_mmapped_drop_perms_recurse(struct thread *td,
>  		    struct ucred *cred, struct vm_map *map);
> @@ -474,6 +474,10 @@
>  			mpc->mpc_ops->mpo_externalize =
>  			    mpe->mpe_function;
>  			break;
> +		case MAC_EXTERNALIZE_PID:
> +			mpc->mpc_ops->mpo_externalize_pid =
> +			    mpe->mpe_function;
> +			break;
>  		case MAC_INTERNALIZE:
>  			mpc->mpc_ops->mpo_internalize =
>  			    mpe->mpe_function;
> @@ -2062,7 +2066,7 @@
>   * memory space, and revoke access (in the least surprising ways we
>   * know) when necessary.  The process lock is not held here.
>   */
> -static void
> +void
>  mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
>  {
>  
> @@ -2899,6 +2903,55 @@
>  	return (error);
>  }
>  
> +#if 0
> +395     MSTD    BSD     { int __mac_get_pid(pid_t pid,
> +                                struct mac_pid_data *mpd, size_t mpdcnt) };
> +#endif

Don't put unparsable code in #if's, it breaks indent and other C parsing
and analysis tools (such as lint).  If you must put this information in,
use a comment.

> +int
> +mac_get_pid(struct thread *td, struct mac_get_pid_args *uap)

Once we get the new user<->kernel labeling API in, hopefully we can move
to using that here.  It will presumably look similar but be gratuitously
different :-).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Network Associates Laboratories

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message