summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_exit.c
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-11-20 15:41:25 +0000
committerrwatson <rwatson@FreeBSD.org>2002-11-20 15:41:25 +0000
commit569048d3f90c1ad80a2befd6f45adeda27d5b370 (patch)
tree51776de3b9188cb829cfb48dbad3e46d3b37ed4e /sys/kern/kern_exit.c
parent8f7431caeb8e8d1dcbcc57542b08b0328692dbb3 (diff)
downloadFreeBSD-src-569048d3f90c1ad80a2befd6f45adeda27d5b370.zip
FreeBSD-src-569048d3f90c1ad80a2befd6f45adeda27d5b370.tar.gz
Introduce p_label, extensible security label storage for the MAC framework
in struct proc. While the process label is actually stored in the struct ucred pointed to by p_ucred, there is a need for transient storage that may be used when asynchronous (deferred) updates need to be performed on the "real" label for locking reasons. Unlike other label storage, this label has no locking semantics, relying on policies to provide their own protection for the label contents, meaning that a policy leaf mutex may be used, avoiding lock order issues. This permits policies that act based on historical process behavior (such as audit policies, the MAC Framework port of LOMAC, etc) can update process properties even when many existing locks are held without violating the lock order. No currently committed policies implement use of this label storage. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/kern/kern_exit.c')
-rw-r--r--sys/kern/kern_exit.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c
index 68bebfc..6f745a0 100644
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@@ -41,6 +41,7 @@
#include "opt_compat.h"
#include "opt_ktrace.h"
+#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -62,6 +63,7 @@
#include <sys/ptrace.h>
#include <sys/acct.h> /* for acct_process() function prototype */
#include <sys/filedesc.h>
+#include <sys/mac.h>
#include <sys/shm.h>
#include <sys/sem.h>
#include <sys/jail.h>
@@ -739,6 +741,9 @@ loop:
*/
vm_waitproc(p);
mtx_destroy(&p->p_mtx);
+#ifdef MAC
+ mac_destroy_proc(p);
+#endif
KASSERT(FIRST_THREAD_IN_PROC(p),
("wait1: no residual thread!"));
uma_zfree(proc_zone, p);
OpenPOWER on IntegriCloud