diff options
| author | rwatson <rwatson@FreeBSD.org> | 2005-04-18 13:36:57 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2005-04-18 13:36:57 +0000 |
| commit | 75030e30f64232f9490b244e2925b347d7bf669c (patch) | |
| tree | edb79f235bf4b33075b9d7e39ce462e142125e48 /sys/kern | |
| parent | 8694c5f46241d5fb117c7feed17f9896b6f9e730 (diff) | |
| download | FreeBSD-src-75030e30f64232f9490b244e2925b347d7bf669c.zip FreeBSD-src-75030e30f64232f9490b244e2925b347d7bf669c.tar.gz | |
Introduce p_canwait() and MAC Framework and MAC Policy entry points
mac_check_proc_wait(), which control the ability to wait4() specific
processes. This permits MAC policies to limit information flow from
children that have changed label, although has to be handled carefully
due to common programming expectations regarding the behavior of
wait4(). The cr_seeotheruids() check in p_canwait() is #if 0'd for
this reason.
The mac_stub and mac_test policies are updated to reflect these new
entry points.
Sponsored by: SPAWAR, SPARTA
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/kern_exit.c | 4 | ||||
| -rw-r--r-- | sys/kern/kern_prot.c | 31 |
2 files changed, 35 insertions, 0 deletions
diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c index e27e9b0..8b31e35 100644 --- a/sys/kern/kern_exit.c +++ b/sys/kern/kern_exit.c @@ -597,6 +597,10 @@ loop: PROC_UNLOCK(p); continue; } + if (p_canwait(td, p)) { + PROC_UNLOCK(p); + continue; + } /* * This special case handles a kthread spawned by linux_clone diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 56ec0dd..ebe4b18 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1800,6 +1800,37 @@ cr_canseesocket(struct ucred *cred, struct socket *so) return (0); } +/*- + * Determine whether td can wait for the exit of p. + * Returns: 0 for permitted, an errno value otherwise + * Locks: Sufficient locks to protect various components of td and p + * must be held. td must be curthread, and a lock must + * be held for p. + * References: td and p must be valid for the lifetime of the call + + */ +int +p_canwait(struct thread *td, struct proc *p) +{ + int error; + + KASSERT(td == curthread, ("%s: td not curthread", __func__)); + PROC_LOCK_ASSERT(p, MA_OWNED); + if ((error = prison_check(td->td_ucred, p->p_ucred))) + return (error); +#ifdef MAC + if ((error = mac_check_proc_wait(td->td_ucred, p))) + return (error); +#endif +#if 0 + /* XXXMAC: This could have odd effects on some shells. */ + if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) + return (error); +#endif + + return (0); +} + /* * Allocate a zeroed cred structure. * MPSAFE |
