From ab5676fc870d2d819cf41120313443182db079cf Mon Sep 17 00:00:00 2001 From: rwatson Date: Wed, 21 Feb 2001 06:39:57 +0000 Subject: o Move per-process jail pointer (p->pr_prison) to inside of the subject credential structure, ucred (cr->cr_prison). o Allow jail inheritence to be a function of credential inheritence. o Abstract prison structure reference counting behind pr_hold() and pr_free(), invoked by the similarly named credential reference management functions, removing this code from per-ABI fork/exit code. o Modify various jail() functions to use struct ucred arguments instead of struct proc arguments. o Introduce jailed() function to determine if a credential is jailed, rather than directly checking pointers all over the place. o Convert PRISON_CHECK() macro to prison_check() function. o Move jail() function prototypes to jail.h. o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the flag in the process flags field itself. o Eliminate that "const" qualifier from suser/p_can/etc to reflect mutex use. Notes: o Some further cleanup of the linux/jail code is still required. o It's now possible to consider resolving some of the process vs credential based permission checking confusion in the socket code. o Mutex protection of struct prison is still not present, and is required to protect the reference count plus some fields in the structure. Reviewed by: freebsd-arch Obtained from: TrustedBSD Project --- sys/net/if.h | 2 -- 1 file changed, 2 deletions(-) (limited to 'sys/net/if.h') diff --git a/sys/net/if.h b/sys/net/if.h index bcc10ad..6cdaa53 100644 --- a/sys/net/if.h +++ b/sys/net/if.h @@ -265,8 +265,6 @@ __END_DECLS #ifdef _KERNEL struct proc; -int prison_if __P((struct proc *p, struct sockaddr *sa)); - /* XXX - this should go away soon. */ #include #endif -- cgit v1.1