diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-02-21 06:39:57 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-02-21 06:39:57 +0000 |
commit | ab5676fc870d2d819cf41120313443182db079cf (patch) | |
tree | 3ed13007d645ee25bab52d52b6aba08f7f0bcf1e /sys/kern/sysv_shm.c | |
parent | 17bdecb1829f632354d48f743f10ff707edded9c (diff) | |
download | FreeBSD-src-ab5676fc870d2d819cf41120313443182db079cf.zip FreeBSD-src-ab5676fc870d2d819cf41120313443182db079cf.tar.gz |
o Move per-process jail pointer (p->pr_prison) to inside of the subject
credential structure, ucred (cr->cr_prison).
o Allow jail inheritence to be a function of credential inheritence.
o Abstract prison structure reference counting behind pr_hold() and
pr_free(), invoked by the similarly named credential reference
management functions, removing this code from per-ABI fork/exit code.
o Modify various jail() functions to use struct ucred arguments instead
of struct proc arguments.
o Introduce jailed() function to determine if a credential is jailed,
rather than directly checking pointers all over the place.
o Convert PRISON_CHECK() macro to prison_check() function.
o Move jail() function prototypes to jail.h.
o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the
flag in the process flags field itself.
o Eliminate that "const" qualifier from suser/p_can/etc to reflect
mutex use.
Notes:
o Some further cleanup of the linux/jail code is still required.
o It's now possible to consider resolving some of the process vs
credential based permission checking confusion in the socket code.
o Mutex protection of struct prison is still not present, and is
required to protect the reference count plus some fields in the
structure.
Reviewed by: freebsd-arch
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/kern/sysv_shm.c')
-rw-r--r-- | sys/kern/sysv_shm.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sys/kern/sysv_shm.c b/sys/kern/sysv_shm.c index 19efaf9..3bfd49a 100644 --- a/sys/kern/sysv_shm.c +++ b/sys/kern/sysv_shm.c @@ -229,7 +229,7 @@ shmdt(p, uap) struct shmmap_state *shmmap_s; int i; - if (!jail_sysvipc_allowed && p->p_prison != NULL) + if (!jail_sysvipc_allowed && jailed(p->p_ucred)) return (ENOSYS); shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm; @@ -266,7 +266,7 @@ shmat(p, uap) vm_size_t size; int rv; - if (!jail_sysvipc_allowed && p->p_prison != NULL) + if (!jail_sysvipc_allowed && jailed(p->p_ucred)) return (ENOSYS); shmmap_s = (struct shmmap_state *)p->p_vmspace->vm_shm; @@ -360,7 +360,7 @@ oshmctl(p, uap) struct shmid_ds *shmseg; struct oshmid_ds outbuf; - if (!jail_sysvipc_allowed && p->p_prison != NULL) + if (!jail_sysvipc_allowed && jailed(p->p_ucred)) return (ENOSYS); shmseg = shm_find_segment_by_shmid(uap->shmid); @@ -411,7 +411,7 @@ shmctl(p, uap) struct shmid_ds inbuf; struct shmid_ds *shmseg; - if (!jail_sysvipc_allowed && p->p_prison != NULL) + if (!jail_sysvipc_allowed && jailed(p->p_ucred)) return (ENOSYS); shmseg = shm_find_segment_by_shmid(uap->shmid); @@ -590,7 +590,7 @@ shmget(p, uap) { int segnum, mode, error; - if (!jail_sysvipc_allowed && p->p_prison != NULL) + if (!jail_sysvipc_allowed && jailed(p->p_ucred)) return (ENOSYS); mode = uap->shmflg & ACCESSPERMS; @@ -621,7 +621,7 @@ shmsys(p, uap) } */ *uap; { - if (!jail_sysvipc_allowed && p->p_prison != NULL) + if (!jail_sysvipc_allowed && jailed(p->p_ucred)) return (ENOSYS); if (uap->which >= sizeof(shmcalls)/sizeof(shmcalls[0])) |