PERFORCE change 52507 for review

Sat May 8 13:31:13 GMT 2004

http://perforce.freebsd.org/chv.cgi?CH=52507

Change 52507 by cvance at cvance_sony on 2004/05/08 06:30:25

	Fix up SEBSD branch after latest integ:
	  - vfs_mount call syntax error
	  - suser replaced with cap_check
	  - MAC framework now uses struct pipepair instead of struct pipe

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_file.c#9 edit
.. //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_stats.c#7 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_conf.c#8 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#31 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/pipe.h#9 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_file.c#9 (text+ko) ====

@@ -811,7 +811,7 @@
 		iov[3].iov_len = strlen(mntonname) + 1;
 		error = vfs_nmount(td, fsflags, &auio);
 	} else
-		error = vfs_mount(td, fstypename, mntonname, fsflags, fsdata
+		error = vfs_mount(td, fstypename, mntonname, fsflags, fsdata,
 		    NULL);
 	return (error);
 }

==== //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_stats.c#7 (text+ko) ====

@@ -268,7 +268,7 @@
 	linux_statfs.f_bavail = bsd_statfs->f_bavail;
 	linux_statfs.f_ffree = bsd_statfs->f_ffree;
 	linux_statfs.f_files = bsd_statfs->f_files;
-	if (suser(td)) {
+	if (cap_check(td, CAP_SYS_ADMIN)) {
 		linux_statfs.f_fsid.val[0] = 0;
 		linux_statfs.f_fsid.val[1] = 0;
 	} else {
@@ -317,7 +317,7 @@
 	linux_statfs.f_bavail = bsd_statfs->f_bavail;
 	linux_statfs.f_ffree = bsd_statfs->f_ffree;
 	linux_statfs.f_files = bsd_statfs->f_files;
-	if (suser(td)) {
+	if (cap_check(td, CAP_SYS_ADMIN)) {
 		linux_statfs.f_fsid.val[0] = 0;
 		linux_statfs.f_fsid.val[1] = 0;
 	} else {

==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_conf.c#8 (text+ko) ====

@@ -469,7 +469,7 @@
 	devunlock();
 }
 
-dev_t
+static dev_t
 make_dev_credv(struct cdevsw *devsw, int minornr, uid_t uid, gid_t gid, 
     struct ucred *cr, int perms, const char *fmt, ...)
 {

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#31 (text+ko) ====

@@ -284,13 +284,13 @@
 }
 
 static int
-pipe_has_perm(struct ucred *cred, struct pipe *pipe, access_vector_t perm)
+pipe_has_perm(struct ucred *cred, struct pipepair *pp, access_vector_t perm)
 {
 	struct task_security_struct *task;
 	struct vnode_security_struct *file;
 
 	task = SLOT(cred->cr_label);
-	file = SLOT(pipe->pipe_label);
+	file = SLOT(pp->pp_label);
 
 	/*
 	 * TBD: No audit information yet
@@ -1011,31 +1011,31 @@
 }
 
 static int
-sebsd_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+sebsd_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
     struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
 {
 
-	return (pipe_has_perm(cred, pipe, FIFO_FILE__IOCTL));
+	return (pipe_has_perm(cred, pp, FIFO_FILE__IOCTL));
 }
 
 static int
-sebsd_check_pipe_poll(struct ucred *cred, struct pipe *pipe,
+sebsd_check_pipe_poll(struct ucred *cred, struct pipepair *pp,
     struct label *pipelabel)
 {
 
-	return (pipe_has_perm(cred, pipe, FIFO_FILE__POLL));
+	return (pipe_has_perm(cred, pp, FIFO_FILE__POLL));
 }
 
 static int
-sebsd_check_pipe_read(struct ucred *cred, struct pipe *pipe,
+sebsd_check_pipe_read(struct ucred *cred, struct pipepair *pp,
     struct label *pipelabel)
 {
 
-	return (pipe_has_perm(cred, pipe, FIFO_FILE__READ));
+	return (pipe_has_perm(cred, pp, FIFO_FILE__READ));
 }
 
 static int
-sebsd_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
+sebsd_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
     struct label *pipelabel, struct label *newlabel)
 {
 	struct task_security_struct *task;
@@ -1068,19 +1068,19 @@
 }
 
 static int
-sebsd_check_pipe_stat(struct ucred *cred, struct pipe *pipe,
+sebsd_check_pipe_stat(struct ucred *cred, struct pipepair *pp,
     struct label *pipelabel)
 {
 
-	return (pipe_has_perm(cred, pipe, FIFO_FILE__GETATTR));
+	return (pipe_has_perm(cred, pp, FIFO_FILE__GETATTR));
 }
 
 static int
-sebsd_check_pipe_write(struct ucred *cred, struct pipe *pipe,
+sebsd_check_pipe_write(struct ucred *cred, struct pipe *pp,
     struct label *pipelabel)
 {
 
-	return (pipe_has_perm(cred, pipe, FIFO_FILE__WRITE));
+	return (pipe_has_perm(cred, pp, FIFO_FILE__WRITE));
 }
 
 static int

==== //depot/projects/trustedbsd/sebsd/sys/sys/pipe.h#9 (text+ko) ====

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

