PERFORCE change 19018 for review
Brian Feldman
green at freebsd.org
Thu Oct 10 13:10:42 GMT 2002
http://perforce.freebsd.org/p4db/chv.cgi?CH=19018
Change 19018 by green at green_laptop_2 on 2002/10/10 06:10:03
Reinitialize root filesystem vnodes that exist before SEBSD is
initialized.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#36 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#36 (text+ko) ====
@@ -1089,12 +1089,31 @@
*/
static void
sebsd_create_root_mount(struct ucred *cred, struct mount *mp,
- struct mount *mntlabel, struct mount *fslabel)
+ struct label *mntlabel, struct label *fslabel)
{
+ struct vnode *vp, *nvp;
+
avc_init();
if (security_init()) {
panic("SEBSD: couldn't read policy file");
}
+ /*
+ * Go through all open vnodes and reload their labels.
+ */
+ mtx_lock(&mntvnode_mtx);
+ vp = TAILQ_FIRST(&mp->mnt_nvnodelist);
+ do {
+ nvp = TAILQ_NEXT(vp, v_nmntvnodes);
+ VI_LOCK(vp);
+ mtx_unlock(&mntvnode_mtx);
+ vn_lock(vp, LK_INTERLOCK | LK_EXCLUSIVE | LK_RETRY, curthread);
+ (void)sebsd_update_vnode_from_extattr(vp, &vp->v_label, mp,
+ fslabel);
+ VOP_UNLOCK(vp, 0, curthread);
+ mtx_lock(&mntvnode_mtx);
+ vp = nvp;
+ } while (vp != NULL);
+ mtx_unlock(&mntvnode_mtx);
}
static struct mac_policy_op_entry sebsd_ops[] = {
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list