PERFORCE change 41599 for review
Robert Watson
rwatson at FreeBSD.org
Thu Nov 6 21:49:01 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=41599
Change 41599 by rwatson at rwatson_paprika on 2003/11/06 13:48:08
Store struct label pointer in struct devfsdirent, struct mount,
and struct vnode, rather than storing the struct label directly
in these structures. Use the UMA zone as a source of labels.
This means that changing the number of label slots won't break
the ABI, and can eventually become a boot-time tunable.
Currently, UMA is underexercised to prevent repeated
initialization.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs.h#12 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#65 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#424 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_system.c#5 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_vfs.c#5 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mount.h#28 edit
.. //depot/projects/trustedbsd/mac/sys/sys/vnode.h#60 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs.h#12 (text+ko) ====
@@ -159,7 +159,7 @@
mode_t de_mode;
uid_t de_uid;
gid_t de_gid;
- struct label de_label;
+ struct label *de_label;
struct timespec de_atime;
struct timespec de_mtime;
struct timespec de_ctime;
==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#65 (text+ko) ====
@@ -340,7 +340,7 @@
NDFREE(ndp, NDF_ONLY_PNBUF);
#ifdef MAC
mac_init_vnode_label(&interplabel);
- mac_copy_vnode_label(&ndp->ni_vp->v_label, &interplabel);
+ mac_copy_vnode_label(ndp->ni_vp->v_label, &interplabel);
interplabelvalid = 1;
#endif
vput(ndp->ni_vp);
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#424 (text+ko) ====
@@ -756,7 +756,7 @@
mac_init_vnode_label(&intlabel);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- mac_copy_vnode_label(&vp->v_label, &intlabel);
+ mac_copy_vnode_label(vp->v_label, &intlabel);
VOP_UNLOCK(vp, 0, td);
break;
@@ -840,7 +840,7 @@
goto out;
mac_init_vnode_label(&intlabel);
- mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
+ mac_copy_vnode_label(nd.ni_vp->v_label, &intlabel);
error = mac_externalize_vnode_label(&intlabel, elements, buffer,
mac.m_buflen);
@@ -895,7 +895,7 @@
goto out;
mac_init_vnode_label(&intlabel);
- mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
+ mac_copy_vnode_label(nd.ni_vp->v_label, &intlabel);
error = mac_externalize_vnode_label(&intlabel, elements, buffer,
mac.m_buflen);
NDFREE(&nd, 0);
==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_system.c#5 (text+ko) ====
@@ -120,7 +120,7 @@
if (!mac_enforce_kld)
return (0);
- MAC_CHECK(check_kld_load, cred, vp, &vp->v_label);
+ MAC_CHECK(check_kld_load, cred, vp, vp->v_label);
return (error);
}
@@ -176,7 +176,7 @@
return (0);
MAC_CHECK(check_system_acct, cred, vp,
- vp != NULL ? &vp->v_label : NULL);
+ vp != NULL ? vp->v_label : NULL);
return (error);
}
@@ -230,7 +230,7 @@
if (!mac_enforce_system)
return (0);
- MAC_CHECK(check_system_swapon, cred, vp, &vp->v_label);
+ MAC_CHECK(check_system_swapon, cred, vp, vp->v_label);
return (error);
}
@@ -244,7 +244,7 @@
if (!mac_enforce_system)
return (0);
- MAC_CHECK(check_system_swapoff, cred, vp, &vp->v_label);
+ MAC_CHECK(check_system_swapoff, cred, vp, vp->v_label);
return (error);
}
==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_vfs.c#5 (text+ko) ====
@@ -100,24 +100,52 @@
static int mac_setlabel_vnode_extattr(struct ucred *cred,
struct vnode *vp, struct label *intlabel);
+static struct label *
+mac_devfsdirent_label_alloc(void)
+{
+ struct label *label;
+
+ label = mac_labelzone_alloc(M_WAITOK);
+ MAC_PERFORM(init_devfsdirent_label, label);
+ MAC_DEBUG_COUNTER_INC(&nmacdevfsdirents);
+ return (label);
+}
+
void
mac_init_devfsdirent(struct devfs_dirent *de)
{
- mac_init_label(&de->de_label);
- MAC_PERFORM(init_devfsdirent_label, &de->de_label);
- MAC_DEBUG_COUNTER_INC(&nmacdevfsdirents);
+ de->de_label = mac_devfsdirent_label_alloc();
+}
+
+static struct label *
+mac_mount_label_alloc(void)
+{
+ struct label *label;
+
+ label = mac_labelzone_alloc(M_WAITOK);
+ MAC_PERFORM(init_mount_label, label);
+ MAC_DEBUG_COUNTER_INC(&nmacmounts);
+ return (label);
+}
+
+static struct label *
+mac_mount_fs_label_alloc(void)
+{
+ struct label *label;
+
+ label = mac_labelzone_alloc(M_WAITOK);
+ MAC_PERFORM(init_mount_fs_label, label);
+ MAC_DEBUG_COUNTER_INC(&nmacmounts);
+ return (label);
}
void
mac_init_mount(struct mount *mp)
{
- mac_init_label(&mp->mnt_mntlabel);
- mac_init_label(&mp->mnt_fslabel);
- MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel);
- MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel);
- MAC_DEBUG_COUNTER_INC(&nmacmounts);
+ mp->mnt_mntlabel = mac_mount_label_alloc();
+ mp->mnt_fslabel = mac_mount_fs_label_alloc();
}
void
@@ -129,31 +157,67 @@
MAC_DEBUG_COUNTER_INC(&nmacvnodes);
}
+static struct label *
+mac_vnode_label_alloc(void)
+{
+ struct label *label;
+
+ label = mac_labelzone_alloc(M_WAITOK);
+ MAC_PERFORM(init_vnode_label, label);
+ MAC_DEBUG_COUNTER_INC(&nmacvnodes);
+ return (label);
+}
+
void
mac_init_vnode(struct vnode *vp)
{
- mac_init_vnode_label(&vp->v_label);
+ vp->v_label = mac_vnode_label_alloc();
+}
+
+static void
+mac_devfsdirent_label_free(struct label *label)
+{
+
+ MAC_PERFORM(destroy_devfsdirent_label, label);
+ mac_labelzone_free(label);
+ MAC_DEBUG_COUNTER_DEC(&nmacdevfsdirents);
}
void
mac_destroy_devfsdirent(struct devfs_dirent *de)
{
- MAC_PERFORM(destroy_devfsdirent_label, &de->de_label);
- mac_destroy_label(&de->de_label);
- MAC_DEBUG_COUNTER_DEC(&nmacdevfsdirents);
+ mac_devfsdirent_label_free(de->de_label);
+ de->de_label = NULL;
+}
+
+static void
+mac_mount_label_free(struct label *label)
+{
+
+ MAC_PERFORM(destroy_mount_label, label);
+ mac_labelzone_free(label);
+ MAC_DEBUG_COUNTER_DEC(&nmacmounts);
+}
+
+static void
+mac_mount_fs_label_free(struct label *label)
+{
+
+ MAC_PERFORM(destroy_mount_fs_label, label);
+ mac_labelzone_free(label);
+ MAC_DEBUG_COUNTER_DEC(&nmacmounts);
}
void
mac_destroy_mount(struct mount *mp)
{
- MAC_PERFORM(destroy_mount_label, &mp->mnt_mntlabel);
- MAC_PERFORM(destroy_mount_fs_label, &mp->mnt_fslabel);
- mac_destroy_label(&mp->mnt_fslabel);
- mac_destroy_label(&mp->mnt_mntlabel);
- MAC_DEBUG_COUNTER_DEC(&nmacmounts);
+ mac_mount_fs_label_free(mp->mnt_fslabel);
+ mp->mnt_fslabel = NULL;
+ mac_mount_label_free(mp->mnt_mntlabel);
+ mp->mnt_mntlabel = NULL;
}
void
@@ -165,11 +229,21 @@
MAC_DEBUG_COUNTER_DEC(&nmacvnodes);
}
+static void
+mac_vnode_label_free(struct label *label)
+{
+
+ MAC_PERFORM(destroy_vnode_label, label);
+ mac_labelzone_free(label);
+ MAC_DEBUG_COUNTER_DEC(&nmacvnodes);
+}
+
void
mac_destroy_vnode(struct vnode *vp)
{
- mac_destroy_vnode_label(&vp->v_label);
+ mac_vnode_label_free(vp->v_label);
+ vp->v_label = NULL;
}
void
@@ -205,8 +279,8 @@
struct vnode *vp)
{
- MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
- &vp->v_label);
+ MAC_PERFORM(update_devfsdirent, mp, de, de->de_label, vp,
+ vp->v_label);
}
void
@@ -214,8 +288,8 @@
struct vnode *vp)
{
- MAC_PERFORM(associate_vnode_devfs, mp, &mp->mnt_fslabel, de,
- &de->de_label, vp, &vp->v_label);
+ MAC_PERFORM(associate_vnode_devfs, mp, mp->mnt_fslabel, de,
+ de->de_label, vp, vp->v_label);
}
int
@@ -225,8 +299,8 @@
ASSERT_VOP_LOCKED(vp, "mac_associate_vnode_extattr");
- MAC_CHECK(associate_vnode_extattr, mp, &mp->mnt_fslabel, vp,
- &vp->v_label);
+ MAC_CHECK(associate_vnode_extattr, mp, mp->mnt_fslabel, vp,
+ vp->v_label);
return (error);
}
@@ -235,8 +309,8 @@
mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp)
{
- MAC_PERFORM(associate_vnode_singlelabel, mp, &mp->mnt_fslabel, vp,
- &vp->v_label);
+ MAC_PERFORM(associate_vnode_singlelabel, mp, mp->mnt_fslabel, vp,
+ vp->v_label);
}
int
@@ -259,8 +333,8 @@
} else if (error)
return (error);
- MAC_CHECK(create_vnode_extattr, cred, mp, &mp->mnt_fslabel,
- dvp, &dvp->v_label, vp, &vp->v_label, cnp);
+ MAC_CHECK(create_vnode_extattr, cred, mp, mp->mnt_fslabel,
+ dvp, dvp->v_label, vp, vp->v_label, cnp);
if (error) {
VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);
@@ -294,7 +368,7 @@
} else if (error)
return (error);
- MAC_CHECK(setlabel_vnode_extattr, cred, vp, &vp->v_label, intlabel);
+ MAC_CHECK(setlabel_vnode_extattr, cred, vp, vp->v_label, intlabel);
if (error) {
VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);
@@ -319,7 +393,7 @@
if (!mac_enforce_process && !mac_enforce_fs)
return;
- MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label,
+ MAC_PERFORM(execve_transition, old, new, vp, vp->v_label,
interpvnodelabel, imgp, imgp->execlabel);
}
@@ -335,7 +409,7 @@
return (0);
result = 0;
- MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label,
+ MAC_BOOLEAN(execve_will_transition, ||, old, vp, vp->v_label,
interpvnodelabel, imgp, imgp->execlabel);
return (result);
@@ -351,7 +425,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
+ MAC_CHECK(check_vnode_access, cred, vp, vp->v_label, acc_mode);
return (error);
}
@@ -365,7 +439,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_chdir, cred, dvp, &dvp->v_label);
+ MAC_CHECK(check_vnode_chdir, cred, dvp, dvp->v_label);
return (error);
}
@@ -379,7 +453,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_chroot, cred, dvp, &dvp->v_label);
+ MAC_CHECK(check_vnode_chroot, cred, dvp, dvp->v_label);
return (error);
}
@@ -394,7 +468,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_create, cred, dvp, &dvp->v_label, cnp, vap);
+ MAC_CHECK(check_vnode_create, cred, dvp, dvp->v_label, cnp, vap);
return (error);
}
@@ -410,8 +484,8 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_delete, cred, dvp, &dvp->v_label, vp,
- &vp->v_label, cnp);
+ MAC_CHECK(check_vnode_delete, cred, dvp, dvp->v_label, vp,
+ vp->v_label, cnp);
return (error);
}
@@ -426,7 +500,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_deleteacl, cred, vp, &vp->v_label, type);
+ MAC_CHECK(check_vnode_deleteacl, cred, vp, vp->v_label, type);
return (error);
}
@@ -441,7 +515,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label,
+ MAC_CHECK(check_vnode_deleteextattr, cred, vp, vp->v_label,
attrnamespace, name);
return (error);
}
@@ -457,7 +531,7 @@
if (!mac_enforce_process && !mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label, imgp,
+ MAC_CHECK(check_vnode_exec, cred, vp, vp->v_label, imgp,
imgp->execlabel);
return (error);
@@ -473,7 +547,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_getacl, cred, vp, &vp->v_label, type);
+ MAC_CHECK(check_vnode_getacl, cred, vp, vp->v_label, type);
return (error);
}
@@ -488,7 +562,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_getextattr, cred, vp, &vp->v_label,
+ MAC_CHECK(check_vnode_getextattr, cred, vp, vp->v_label,
attrnamespace, name, uio);
return (error);
}
@@ -505,8 +579,8 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_link, cred, dvp, &dvp->v_label, vp,
- &vp->v_label, cnp);
+ MAC_CHECK(check_vnode_link, cred, dvp, dvp->v_label, vp,
+ vp->v_label, cnp);
return (error);
}
@@ -521,7 +595,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label,
+ MAC_CHECK(check_vnode_listextattr, cred, vp, vp->v_label,
attrnamespace);
return (error);
}
@@ -537,7 +611,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_lookup, cred, dvp, &dvp->v_label, cnp);
+ MAC_CHECK(check_vnode_lookup, cred, dvp, dvp->v_label, cnp);
return (error);
}
@@ -551,7 +625,7 @@
if (!mac_enforce_fs || !mac_enforce_vm)
return (0);
- MAC_CHECK(check_vnode_mmap, cred, vp, &vp->v_label, prot);
+ MAC_CHECK(check_vnode_mmap, cred, vp, vp->v_label, prot);
return (error);
}
@@ -565,7 +639,7 @@
if (!mac_enforce_fs || !mac_enforce_vm)
return;
- MAC_PERFORM(check_vnode_mmap_downgrade, cred, vp, &vp->v_label,
+ MAC_PERFORM(check_vnode_mmap_downgrade, cred, vp, vp->v_label,
&result);
*prot = result;
@@ -581,7 +655,7 @@
if (!mac_enforce_fs || !mac_enforce_vm)
return (0);
- MAC_CHECK(check_vnode_mprotect, cred, vp, &vp->v_label, prot);
+ MAC_CHECK(check_vnode_mprotect, cred, vp, vp->v_label, prot);
return (error);
}
@@ -595,7 +669,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode);
+ MAC_CHECK(check_vnode_open, cred, vp, vp->v_label, acc_mode);
return (error);
}
@@ -611,7 +685,7 @@
return (0);
MAC_CHECK(check_vnode_poll, active_cred, file_cred, vp,
- &vp->v_label);
+ vp->v_label);
return (error);
}
@@ -628,7 +702,7 @@
return (0);
MAC_CHECK(check_vnode_read, active_cred, file_cred, vp,
- &vp->v_label);
+ vp->v_label);
return (error);
}
@@ -643,7 +717,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_readdir, cred, dvp, &dvp->v_label);
+ MAC_CHECK(check_vnode_readdir, cred, dvp, dvp->v_label);
return (error);
}
@@ -657,7 +731,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_readlink, cred, vp, &vp->v_label);
+ MAC_CHECK(check_vnode_readlink, cred, vp, vp->v_label);
return (error);
}
@@ -669,7 +743,7 @@
ASSERT_VOP_LOCKED(vp, "mac_check_vnode_relabel");
- MAC_CHECK(check_vnode_relabel, cred, vp, &vp->v_label, newlabel);
+ MAC_CHECK(check_vnode_relabel, cred, vp, vp->v_label, newlabel);
return (error);
}
@@ -686,8 +760,8 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_rename_from, cred, dvp, &dvp->v_label, vp,
- &vp->v_label, cnp);
+ MAC_CHECK(check_vnode_rename_from, cred, dvp, dvp->v_label, vp,
+ vp->v_label, cnp);
return (error);
}
@@ -703,8 +777,8 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_rename_to, cred, dvp, &dvp->v_label, vp,
- vp != NULL ? &vp->v_label : NULL, samedir, cnp);
+ MAC_CHECK(check_vnode_rename_to, cred, dvp, dvp->v_label, vp,
+ vp != NULL ? vp->v_label : NULL, samedir, cnp);
return (error);
}
@@ -718,7 +792,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_revoke, cred, vp, &vp->v_label);
+ MAC_CHECK(check_vnode_revoke, cred, vp, vp->v_label);
return (error);
}
@@ -733,7 +807,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_setacl, cred, vp, &vp->v_label, type, acl);
+ MAC_CHECK(check_vnode_setacl, cred, vp, vp->v_label, type, acl);
return (error);
}
@@ -748,7 +822,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_setextattr, cred, vp, &vp->v_label,
+ MAC_CHECK(check_vnode_setextattr, cred, vp, vp->v_label,
attrnamespace, name, uio);
return (error);
}
@@ -763,7 +837,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_setflags, cred, vp, &vp->v_label, flags);
+ MAC_CHECK(check_vnode_setflags, cred, vp, vp->v_label, flags);
return (error);
}
@@ -777,7 +851,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_setmode, cred, vp, &vp->v_label, mode);
+ MAC_CHECK(check_vnode_setmode, cred, vp, vp->v_label, mode);
return (error);
}
@@ -792,7 +866,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_setowner, cred, vp, &vp->v_label, uid, gid);
+ MAC_CHECK(check_vnode_setowner, cred, vp, vp->v_label, uid, gid);
return (error);
}
@@ -807,7 +881,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime,
+ MAC_CHECK(check_vnode_setutimes, cred, vp, vp->v_label, atime,
mtime);
return (error);
}
@@ -824,7 +898,7 @@
return (0);
MAC_CHECK(check_vnode_stat, active_cred, file_cred, vp,
- &vp->v_label);
+ vp->v_label);
return (error);
}
@@ -840,7 +914,7 @@
return (0);
MAC_CHECK(check_vnode_write, active_cred, file_cred, vp,
- &vp->v_label);
+ vp->v_label);
return (error);
}
@@ -849,23 +923,23 @@
mac_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *newlabel)
{
- MAC_PERFORM(relabel_vnode, cred, vp, &vp->v_label, newlabel);
+ MAC_PERFORM(relabel_vnode, cred, vp, vp->v_label, newlabel);
}
void
mac_create_mount(struct ucred *cred, struct mount *mp)
{
- MAC_PERFORM(create_mount, cred, mp, &mp->mnt_mntlabel,
- &mp->mnt_fslabel);
+ MAC_PERFORM(create_mount, cred, mp, mp->mnt_mntlabel,
+ mp->mnt_fslabel);
}
void
mac_create_root_mount(struct ucred *cred, struct mount *mp)
{
- MAC_PERFORM(create_root_mount, cred, mp, &mp->mnt_mntlabel,
- &mp->mnt_fslabel);
+ MAC_PERFORM(create_root_mount, cred, mp, mp->mnt_mntlabel,
+ mp->mnt_fslabel);
}
int
@@ -876,7 +950,7 @@
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_mount_stat, cred, mount, &mount->mnt_mntlabel);
+ MAC_CHECK(check_mount_stat, cred, mount, mount->mnt_mntlabel);
return (error);
}
@@ -886,7 +960,7 @@
const char *fullpath)
{
- MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label,
+ MAC_PERFORM(create_devfs_device, mp, dev, de, de->de_label,
fullpath);
}
@@ -895,8 +969,8 @@
struct devfs_dirent *dd, struct devfs_dirent *de, const char *fullpath)
{
- MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de,
- &de->de_label, fullpath);
+ MAC_PERFORM(create_devfs_symlink, cred, mp, dd, dd->de_label, de,
+ de->de_label, fullpath);
}
void
@@ -905,7 +979,7 @@
{
MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
- &de->de_label, fullpath);
+ de->de_label, fullpath);
}
/*
==== //depot/projects/trustedbsd/mac/sys/sys/mount.h#28 (text+ko) ====
@@ -41,7 +41,6 @@
#include <sys/queue.h>
#ifdef _KERNEL
#include <sys/lockmgr.h>
-#include <sys/_label.h>
#include <sys/_lock.h>
#include <sys/_mutex.h>
#endif
@@ -144,8 +143,8 @@
time_t mnt_time; /* last time written*/
int mnt_iosize_max; /* max size for clusters, etc */
struct netexport *mnt_export; /* export list */
- struct label mnt_mntlabel; /* MAC label for the mount */
- struct label mnt_fslabel; /* MAC label for the fs */
+ struct label *mnt_mntlabel; /* MAC label for the mount */
+ struct label *mnt_fslabel; /* MAC label for the fs */
int mnt_nvnodelistsize; /* # of vnodes on this mount */
};
#endif /* _KERNEL */
==== //depot/projects/trustedbsd/mac/sys/sys/vnode.h#60 (text+ko) ====
@@ -44,7 +44,6 @@
#include <sys/lockmgr.h>
#include <sys/queue.h>
-#include <sys/_label.h>
#include <sys/_lock.h>
#include <sys/lock.h>
#include <sys/_mutex.h>
@@ -153,7 +152,7 @@
struct vnode *v_dd; /* c .. vnode */
u_long v_ddid; /* c .. capability identifier */
struct vpollinfo *v_pollinfo; /* p Poll events */
- struct label v_label; /* MAC label for vnode */
+ struct label *v_label; /* MAC label for vnode */
#ifdef DEBUG_LOCKS
const char *filename; /* Source file doing locking */
int line; /* Line number doing locking */
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list