PERFORCE change 41599 for review

Robert Watson rwatson at FreeBSD.org
Thu Nov 6 21:49:01 GMT 2003


http://perforce.freebsd.org/chv.cgi?CH=41599

Change 41599 by rwatson at rwatson_paprika on 2003/11/06 13:48:08

	Store struct label pointer in struct devfsdirent, struct mount,
	and struct vnode, rather than storing the struct label directly
	in these structures.  Use the UMA zone as a source of labels.
	This means that changing the number of label slots won't break
	the ABI, and can eventually become a boot-time tunable.
	Currently, UMA is underexercised to prevent repeated
	initialization.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs.h#12 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#65 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#424 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_system.c#5 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_vfs.c#5 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mount.h#28 edit
.. //depot/projects/trustedbsd/mac/sys/sys/vnode.h#60 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs.h#12 (text+ko) ====

@@ -159,7 +159,7 @@
 	mode_t	de_mode;
 	uid_t	de_uid;
 	gid_t	de_gid;
-	struct label	de_label;
+	struct label	*de_label;
 	struct timespec de_atime;
 	struct timespec de_mtime;
 	struct timespec de_ctime;

==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#65 (text+ko) ====

@@ -340,7 +340,7 @@
 		NDFREE(ndp, NDF_ONLY_PNBUF);
 #ifdef MAC
 		mac_init_vnode_label(&interplabel);
-		mac_copy_vnode_label(&ndp->ni_vp->v_label, &interplabel);
+		mac_copy_vnode_label(ndp->ni_vp->v_label, &interplabel);
 		interplabelvalid = 1;
 #endif
 		vput(ndp->ni_vp);

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#424 (text+ko) ====

@@ -756,7 +756,7 @@
 		mac_init_vnode_label(&intlabel);
 
 		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
-		mac_copy_vnode_label(&vp->v_label, &intlabel);
+		mac_copy_vnode_label(vp->v_label, &intlabel);
 		VOP_UNLOCK(vp, 0, td);
 
 		break;
@@ -840,7 +840,7 @@
 		goto out;
 
 	mac_init_vnode_label(&intlabel);
-	mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
+	mac_copy_vnode_label(nd.ni_vp->v_label, &intlabel);
 	error = mac_externalize_vnode_label(&intlabel, elements, buffer,
 	    mac.m_buflen);
 
@@ -895,7 +895,7 @@
 		goto out;
 
 	mac_init_vnode_label(&intlabel);
-	mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
+	mac_copy_vnode_label(nd.ni_vp->v_label, &intlabel);
 	error = mac_externalize_vnode_label(&intlabel, elements, buffer,
 	    mac.m_buflen);
 	NDFREE(&nd, 0);

==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_system.c#5 (text+ko) ====

@@ -120,7 +120,7 @@
 	if (!mac_enforce_kld)
 		return (0);
 
-	MAC_CHECK(check_kld_load, cred, vp, &vp->v_label);
+	MAC_CHECK(check_kld_load, cred, vp, vp->v_label);
 
 	return (error);
 }
@@ -176,7 +176,7 @@
 		return (0);
 
 	MAC_CHECK(check_system_acct, cred, vp,
-	    vp != NULL ? &vp->v_label : NULL);
+	    vp != NULL ? vp->v_label : NULL);
 
 	return (error);
 }
@@ -230,7 +230,7 @@
 	if (!mac_enforce_system)
 		return (0);
 
-	MAC_CHECK(check_system_swapon, cred, vp, &vp->v_label);
+	MAC_CHECK(check_system_swapon, cred, vp, vp->v_label);
 	return (error);
 }
 
@@ -244,7 +244,7 @@
 	if (!mac_enforce_system)
 		return (0);
 
-	MAC_CHECK(check_system_swapoff, cred, vp, &vp->v_label);
+	MAC_CHECK(check_system_swapoff, cred, vp, vp->v_label);
 	return (error);
 }
 

==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_vfs.c#5 (text+ko) ====

@@ -100,24 +100,52 @@
 static int	mac_setlabel_vnode_extattr(struct ucred *cred,
 		    struct vnode *vp, struct label *intlabel);
 
+static struct label *
+mac_devfsdirent_label_alloc(void)
+{
+	struct label *label;
+
+	label = mac_labelzone_alloc(M_WAITOK);
+	MAC_PERFORM(init_devfsdirent_label, label);
+	MAC_DEBUG_COUNTER_INC(&nmacdevfsdirents);
+	return (label);
+}
+
 void
 mac_init_devfsdirent(struct devfs_dirent *de)
 {
 
-	mac_init_label(&de->de_label);
-	MAC_PERFORM(init_devfsdirent_label, &de->de_label);
-	MAC_DEBUG_COUNTER_INC(&nmacdevfsdirents);
+	de->de_label = mac_devfsdirent_label_alloc();
+}
+
+static struct label *
+mac_mount_label_alloc(void)
+{
+	struct label *label;
+
+	label = mac_labelzone_alloc(M_WAITOK);
+	MAC_PERFORM(init_mount_label, label);
+	MAC_DEBUG_COUNTER_INC(&nmacmounts);
+	return (label);
+}
+
+static struct label *
+mac_mount_fs_label_alloc(void)
+{
+	struct label *label;
+
+	label = mac_labelzone_alloc(M_WAITOK);
+	MAC_PERFORM(init_mount_fs_label, label);
+	MAC_DEBUG_COUNTER_INC(&nmacmounts);
+	return (label);
 }
 
 void
 mac_init_mount(struct mount *mp)
 {
 
-	mac_init_label(&mp->mnt_mntlabel);
-	mac_init_label(&mp->mnt_fslabel);
-	MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel);
-	MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel);
-	MAC_DEBUG_COUNTER_INC(&nmacmounts);
+	mp->mnt_mntlabel = mac_mount_label_alloc();
+	mp->mnt_fslabel = mac_mount_fs_label_alloc();
 }
 
 void
@@ -129,31 +157,67 @@
 	MAC_DEBUG_COUNTER_INC(&nmacvnodes);
 }
 
+static struct label *
+mac_vnode_label_alloc(void)
+{
+	struct label *label;
+
+	label = mac_labelzone_alloc(M_WAITOK);
+	MAC_PERFORM(init_vnode_label, label);
+	MAC_DEBUG_COUNTER_INC(&nmacvnodes);
+	return (label);
+}
+
 void
 mac_init_vnode(struct vnode *vp)
 {
 
-	mac_init_vnode_label(&vp->v_label);
+	vp->v_label = mac_vnode_label_alloc();
+}
+
+static void
+mac_devfsdirent_label_free(struct label *label)
+{
+
+	MAC_PERFORM(destroy_devfsdirent_label, label);
+	mac_labelzone_free(label);
+	MAC_DEBUG_COUNTER_DEC(&nmacdevfsdirents);
 }
 
 void
 mac_destroy_devfsdirent(struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(destroy_devfsdirent_label, &de->de_label);
-	mac_destroy_label(&de->de_label);
-	MAC_DEBUG_COUNTER_DEC(&nmacdevfsdirents);
+	mac_devfsdirent_label_free(de->de_label);
+	de->de_label = NULL;
+}
+
+static void
+mac_mount_label_free(struct label *label)
+{
+
+	MAC_PERFORM(destroy_mount_label, label);
+	mac_labelzone_free(label);
+	MAC_DEBUG_COUNTER_DEC(&nmacmounts);
+}
+
+static void
+mac_mount_fs_label_free(struct label *label)
+{
+
+	MAC_PERFORM(destroy_mount_fs_label, label);
+	mac_labelzone_free(label);
+	MAC_DEBUG_COUNTER_DEC(&nmacmounts);
 }
 
 void
 mac_destroy_mount(struct mount *mp)
 {
 
-	MAC_PERFORM(destroy_mount_label, &mp->mnt_mntlabel);
-	MAC_PERFORM(destroy_mount_fs_label, &mp->mnt_fslabel);
-	mac_destroy_label(&mp->mnt_fslabel);
-	mac_destroy_label(&mp->mnt_mntlabel);
-	MAC_DEBUG_COUNTER_DEC(&nmacmounts);
+	mac_mount_fs_label_free(mp->mnt_fslabel);
+	mp->mnt_fslabel = NULL;
+	mac_mount_label_free(mp->mnt_mntlabel);
+	mp->mnt_mntlabel = NULL;
 }
 
 void
@@ -165,11 +229,21 @@
 	MAC_DEBUG_COUNTER_DEC(&nmacvnodes);
 }
 
+static void
+mac_vnode_label_free(struct label *label)
+{
+
+	MAC_PERFORM(destroy_vnode_label, label);
+	mac_labelzone_free(label);
+	MAC_DEBUG_COUNTER_DEC(&nmacvnodes);
+}
+
 void
 mac_destroy_vnode(struct vnode *vp)
 {
 
-	mac_destroy_vnode_label(&vp->v_label);
+	mac_vnode_label_free(vp->v_label);
+	vp->v_label = NULL;
 }
 
 void
@@ -205,8 +279,8 @@
     struct vnode *vp)
 {
 
-	MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
-	    &vp->v_label);
+	MAC_PERFORM(update_devfsdirent, mp, de, de->de_label, vp,
+	    vp->v_label);
 }
 
 void
@@ -214,8 +288,8 @@
     struct vnode *vp)
 {
 
-	MAC_PERFORM(associate_vnode_devfs, mp, &mp->mnt_fslabel, de,
-	    &de->de_label, vp, &vp->v_label);
+	MAC_PERFORM(associate_vnode_devfs, mp, mp->mnt_fslabel, de,
+	    de->de_label, vp, vp->v_label);
 }
 
 int
@@ -225,8 +299,8 @@
 
 	ASSERT_VOP_LOCKED(vp, "mac_associate_vnode_extattr");
 
-	MAC_CHECK(associate_vnode_extattr, mp, &mp->mnt_fslabel, vp,
-	    &vp->v_label);
+	MAC_CHECK(associate_vnode_extattr, mp, mp->mnt_fslabel, vp,
+	    vp->v_label);
 
 	return (error);
 }
@@ -235,8 +309,8 @@
 mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp)
 {
 
-	MAC_PERFORM(associate_vnode_singlelabel, mp, &mp->mnt_fslabel, vp,
-	    &vp->v_label);
+	MAC_PERFORM(associate_vnode_singlelabel, mp, mp->mnt_fslabel, vp,
+	    vp->v_label);
 }
 
 int
@@ -259,8 +333,8 @@
 	} else if (error)
 		return (error);
 
-	MAC_CHECK(create_vnode_extattr, cred, mp, &mp->mnt_fslabel,
-	    dvp, &dvp->v_label, vp, &vp->v_label, cnp);
+	MAC_CHECK(create_vnode_extattr, cred, mp, mp->mnt_fslabel,
+	    dvp, dvp->v_label, vp, vp->v_label, cnp);
 
 	if (error) {
 		VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);
@@ -294,7 +368,7 @@
 	} else if (error)
 		return (error);
 
-	MAC_CHECK(setlabel_vnode_extattr, cred, vp, &vp->v_label, intlabel);
+	MAC_CHECK(setlabel_vnode_extattr, cred, vp, vp->v_label, intlabel);
 
 	if (error) {
 		VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);
@@ -319,7 +393,7 @@
 	if (!mac_enforce_process && !mac_enforce_fs)
 		return;
 
-	MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label,
+	MAC_PERFORM(execve_transition, old, new, vp, vp->v_label,
 	    interpvnodelabel, imgp, imgp->execlabel);
 }
 
@@ -335,7 +409,7 @@
 		return (0);
 
 	result = 0;
-	MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label,
+	MAC_BOOLEAN(execve_will_transition, ||, old, vp, vp->v_label,
 	    interpvnodelabel, imgp, imgp->execlabel);
 
 	return (result);
@@ -351,7 +425,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
+	MAC_CHECK(check_vnode_access, cred, vp, vp->v_label, acc_mode);
 	return (error);
 }
 
@@ -365,7 +439,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_chdir, cred, dvp, &dvp->v_label);
+	MAC_CHECK(check_vnode_chdir, cred, dvp, dvp->v_label);
 	return (error);
 }
 
@@ -379,7 +453,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_chroot, cred, dvp, &dvp->v_label);
+	MAC_CHECK(check_vnode_chroot, cred, dvp, dvp->v_label);
 	return (error);
 }
 
@@ -394,7 +468,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_create, cred, dvp, &dvp->v_label, cnp, vap);
+	MAC_CHECK(check_vnode_create, cred, dvp, dvp->v_label, cnp, vap);
 	return (error);
 }
 
@@ -410,8 +484,8 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_delete, cred, dvp, &dvp->v_label, vp,
-	    &vp->v_label, cnp);
+	MAC_CHECK(check_vnode_delete, cred, dvp, dvp->v_label, vp,
+	    vp->v_label, cnp);
 	return (error);
 }
 
@@ -426,7 +500,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_deleteacl, cred, vp, &vp->v_label, type);
+	MAC_CHECK(check_vnode_deleteacl, cred, vp, vp->v_label, type);
 	return (error);
 }
 
@@ -441,7 +515,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label,
+	MAC_CHECK(check_vnode_deleteextattr, cred, vp, vp->v_label,
 	    attrnamespace, name);
 	return (error);
 }
@@ -457,7 +531,7 @@
 	if (!mac_enforce_process && !mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label, imgp,
+	MAC_CHECK(check_vnode_exec, cred, vp, vp->v_label, imgp,
 	    imgp->execlabel);
 
 	return (error);
@@ -473,7 +547,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_getacl, cred, vp, &vp->v_label, type);
+	MAC_CHECK(check_vnode_getacl, cred, vp, vp->v_label, type);
 	return (error);
 }
 
@@ -488,7 +562,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_getextattr, cred, vp, &vp->v_label,
+	MAC_CHECK(check_vnode_getextattr, cred, vp, vp->v_label,
 	    attrnamespace, name, uio);
 	return (error);
 }
@@ -505,8 +579,8 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_link, cred, dvp, &dvp->v_label, vp,
-	    &vp->v_label, cnp);
+	MAC_CHECK(check_vnode_link, cred, dvp, dvp->v_label, vp,
+	    vp->v_label, cnp);
 	return (error);
 }
 
@@ -521,7 +595,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label,
+	MAC_CHECK(check_vnode_listextattr, cred, vp, vp->v_label,
 	    attrnamespace);
 	return (error);
 }
@@ -537,7 +611,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_lookup, cred, dvp, &dvp->v_label, cnp);
+	MAC_CHECK(check_vnode_lookup, cred, dvp, dvp->v_label, cnp);
 	return (error);
 }
 
@@ -551,7 +625,7 @@
 	if (!mac_enforce_fs || !mac_enforce_vm)
 		return (0);
 
-	MAC_CHECK(check_vnode_mmap, cred, vp, &vp->v_label, prot);
+	MAC_CHECK(check_vnode_mmap, cred, vp, vp->v_label, prot);
 	return (error);
 }
 
@@ -565,7 +639,7 @@
 	if (!mac_enforce_fs || !mac_enforce_vm)
 		return;
 
-	MAC_PERFORM(check_vnode_mmap_downgrade, cred, vp, &vp->v_label,
+	MAC_PERFORM(check_vnode_mmap_downgrade, cred, vp, vp->v_label,
 	    &result);
 
 	*prot = result;
@@ -581,7 +655,7 @@
 	if (!mac_enforce_fs || !mac_enforce_vm)
 		return (0);
 
-	MAC_CHECK(check_vnode_mprotect, cred, vp, &vp->v_label, prot);
+	MAC_CHECK(check_vnode_mprotect, cred, vp, vp->v_label, prot);
 	return (error);
 }
 
@@ -595,7 +669,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode);
+	MAC_CHECK(check_vnode_open, cred, vp, vp->v_label, acc_mode);
 	return (error);
 }
 
@@ -611,7 +685,7 @@
 		return (0);
 
 	MAC_CHECK(check_vnode_poll, active_cred, file_cred, vp,
-	    &vp->v_label);
+	    vp->v_label);
 
 	return (error);
 }
@@ -628,7 +702,7 @@
 		return (0);
 
 	MAC_CHECK(check_vnode_read, active_cred, file_cred, vp,
-	    &vp->v_label);
+	    vp->v_label);
 
 	return (error);
 }
@@ -643,7 +717,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_readdir, cred, dvp, &dvp->v_label);
+	MAC_CHECK(check_vnode_readdir, cred, dvp, dvp->v_label);
 	return (error);
 }
 
@@ -657,7 +731,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_readlink, cred, vp, &vp->v_label);
+	MAC_CHECK(check_vnode_readlink, cred, vp, vp->v_label);
 	return (error);
 }
 
@@ -669,7 +743,7 @@
 
 	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_relabel");
 
-	MAC_CHECK(check_vnode_relabel, cred, vp, &vp->v_label, newlabel);
+	MAC_CHECK(check_vnode_relabel, cred, vp, vp->v_label, newlabel);
 
 	return (error);
 }
@@ -686,8 +760,8 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_rename_from, cred, dvp, &dvp->v_label, vp,
-	    &vp->v_label, cnp);
+	MAC_CHECK(check_vnode_rename_from, cred, dvp, dvp->v_label, vp,
+	    vp->v_label, cnp);
 	return (error);
 }
 
@@ -703,8 +777,8 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_rename_to, cred, dvp, &dvp->v_label, vp,
-	    vp != NULL ? &vp->v_label : NULL, samedir, cnp);
+	MAC_CHECK(check_vnode_rename_to, cred, dvp, dvp->v_label, vp,
+	    vp != NULL ? vp->v_label : NULL, samedir, cnp);
 	return (error);
 }
 
@@ -718,7 +792,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_revoke, cred, vp, &vp->v_label);
+	MAC_CHECK(check_vnode_revoke, cred, vp, vp->v_label);
 	return (error);
 }
 
@@ -733,7 +807,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_setacl, cred, vp, &vp->v_label, type, acl);
+	MAC_CHECK(check_vnode_setacl, cred, vp, vp->v_label, type, acl);
 	return (error);
 }
 
@@ -748,7 +822,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_setextattr, cred, vp, &vp->v_label,
+	MAC_CHECK(check_vnode_setextattr, cred, vp, vp->v_label,
 	    attrnamespace, name, uio);
 	return (error);
 }
@@ -763,7 +837,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_setflags, cred, vp, &vp->v_label, flags);
+	MAC_CHECK(check_vnode_setflags, cred, vp, vp->v_label, flags);
 	return (error);
 }
 
@@ -777,7 +851,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_setmode, cred, vp, &vp->v_label, mode);
+	MAC_CHECK(check_vnode_setmode, cred, vp, vp->v_label, mode);
 	return (error);
 }
 
@@ -792,7 +866,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_setowner, cred, vp, &vp->v_label, uid, gid);
+	MAC_CHECK(check_vnode_setowner, cred, vp, vp->v_label, uid, gid);
 	return (error);
 }
 
@@ -807,7 +881,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime,
+	MAC_CHECK(check_vnode_setutimes, cred, vp, vp->v_label, atime,
 	    mtime);
 	return (error);
 }
@@ -824,7 +898,7 @@
 		return (0);
 
 	MAC_CHECK(check_vnode_stat, active_cred, file_cred, vp,
-	    &vp->v_label);
+	    vp->v_label);
 	return (error);
 }
 
@@ -840,7 +914,7 @@
 		return (0);
 
 	MAC_CHECK(check_vnode_write, active_cred, file_cred, vp,
-	    &vp->v_label);
+	    vp->v_label);
 
 	return (error);
 }
@@ -849,23 +923,23 @@
 mac_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *newlabel)
 {
 
-	MAC_PERFORM(relabel_vnode, cred, vp, &vp->v_label, newlabel);
+	MAC_PERFORM(relabel_vnode, cred, vp, vp->v_label, newlabel);
 }
 
 void
 mac_create_mount(struct ucred *cred, struct mount *mp)
 {
 
-	MAC_PERFORM(create_mount, cred, mp, &mp->mnt_mntlabel,
-	    &mp->mnt_fslabel);
+	MAC_PERFORM(create_mount, cred, mp, mp->mnt_mntlabel,
+	    mp->mnt_fslabel);
 }
 
 void
 mac_create_root_mount(struct ucred *cred, struct mount *mp)
 {
 
-	MAC_PERFORM(create_root_mount, cred, mp, &mp->mnt_mntlabel,
-	    &mp->mnt_fslabel);
+	MAC_PERFORM(create_root_mount, cred, mp, mp->mnt_mntlabel,
+	    mp->mnt_fslabel);
 }
 
 int
@@ -876,7 +950,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_mount_stat, cred, mount, &mount->mnt_mntlabel);
+	MAC_CHECK(check_mount_stat, cred, mount, mount->mnt_mntlabel);
 
 	return (error);
 }
@@ -886,7 +960,7 @@
     const char *fullpath)
 {
 
-	MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label,
+	MAC_PERFORM(create_devfs_device, mp, dev, de, de->de_label,
 	    fullpath);
 }
 
@@ -895,8 +969,8 @@
     struct devfs_dirent *dd, struct devfs_dirent *de, const char *fullpath)
 {
 
-	MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de,
-	    &de->de_label, fullpath);
+	MAC_PERFORM(create_devfs_symlink, cred, mp, dd, dd->de_label, de,
+	    de->de_label, fullpath);
 }
 
 void
@@ -905,7 +979,7 @@
 {
 
 	MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
-	    &de->de_label, fullpath);
+	    de->de_label, fullpath);
 }
 
 /*

==== //depot/projects/trustedbsd/mac/sys/sys/mount.h#28 (text+ko) ====

@@ -41,7 +41,6 @@
 #include <sys/queue.h>
 #ifdef _KERNEL
 #include <sys/lockmgr.h>
-#include <sys/_label.h>
 #include <sys/_lock.h>
 #include <sys/_mutex.h>
 #endif
@@ -144,8 +143,8 @@
 	time_t		mnt_time;		/* last time written*/
 	int		mnt_iosize_max;		/* max size for clusters, etc */
 	struct netexport *mnt_export;		/* export list */
-	struct label	mnt_mntlabel;		/* MAC label for the mount */
-	struct label	mnt_fslabel;		/* MAC label for the fs */
+	struct label	*mnt_mntlabel;		/* MAC label for the mount */
+	struct label	*mnt_fslabel;		/* MAC label for the fs */
 	int		mnt_nvnodelistsize;	/* # of vnodes on this mount */
 };
 #endif /* _KERNEL */

==== //depot/projects/trustedbsd/mac/sys/sys/vnode.h#60 (text+ko) ====

@@ -44,7 +44,6 @@
 #include <sys/lockmgr.h>
 
 #include <sys/queue.h>
-#include <sys/_label.h>
 #include <sys/_lock.h>
 #include <sys/lock.h>
 #include <sys/_mutex.h>
@@ -153,7 +152,7 @@
 	struct	vnode *v_dd;			/* c .. vnode */
 	u_long	v_ddid;				/* c .. capability identifier */
 	struct vpollinfo *v_pollinfo;		/* p Poll events */
-	struct label v_label;			/* MAC label for vnode */
+	struct label *v_label;			/* MAC label for vnode */
 #ifdef	DEBUG_LOCKS
 	const char *filename;			/* Source file doing locking */
 	int line;				/* Line number doing locking */
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list