Extended comment on why we consider a partition relabel request of "0" to

be a no-op request, and why this might have to change if we want to allow
leaving a partition someday.

Obtained from:	TrustedBSD Project
MFC after:	3 days

1 files changed, 7 insertions, 1 deletions

diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c
index d684ea9c..425a188 100644
--- a/sys/security/mac_partition/mac_partition.c
+++ b/sys/security/mac_partition/mac_partition.c
@@ -114,7 +114,13 @@ partition_cred_check_relabel(struct ucred *cred, struct label *newlabel)
 
 	error = 0;
 
-	/* Treat "0" as a no-op request. */
+	/*
+	 * Treat "0" as a no-op request because it reflects an unset
+	 * partition label.  If we ever want to support switching back to an
+	 * unpartitioned state for a process, we'll need to differentiate the
+	 * "not in a partition" and "no partition defined during internalize"
+	 * conditions.
+	 */
 	if (SLOT(newlabel) != 0) {
 		/*
 		 * Require BSD privilege in order to change the partition.