From owner-p4-projects Mon Aug 12 15:28: 5 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C96E537B401; Mon, 12 Aug 2002 15:27:58 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4214937B400; Mon, 12 Aug 2002 15:27:58 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3F0943E6A; Mon, 12 Aug 2002 15:27:56 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.4/8.12.4) with SMTP id g7CMRhOo069046; Mon, 12 Aug 2002 18:27:43 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Mon, 12 Aug 2002 18:27:43 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Brian Feldman Cc: Perforce Change Reviews Subject: Re: PERFORCE change 15878 for review In-Reply-To: <200208122052.g7CKq3Mw002958@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 12 Aug 2002, Brian Feldman wrote: > +void > +sebsd(KINFO *k, VARENT *ve) > +{ > + char buf[128]; > + struct mac_pid_data mpd; > + size_t datalen; > + VAR *v; > + > + strcpy(buf, "<>"); > + strcpy(mpd.mpd_name, "trustedbsd_sebsd"); > + mpd.mpd_data = buf; > + datalen = sizeof(buf); > + mpd.mpd_datalen = &datalen; > + (void)mac_get_pid(k->ki_p->ki_pid, &mpd, 1); > + v = ve->var; > + (void)printf("%*s", v->width, mpd.mpd_data); > +} This looks like it will do distinctly the wrong thing when applied to a core dump. You probably need to provide a way to disable printing of sebsd information when ps is running on a core rather than a live kernel, or you get the labels from the live kernel processes instead of the core. > -static void mac_cred_mmapped_drop_perms(struct thread *td, > +void mac_cred_mmapped_drop_perms(struct thread *td, > struct ucred *cred); This seems like a somewhat gratuitous change and is clearly unrelated to your commit message :-). > static void mac_cred_mmapped_drop_perms_recurse(struct thread *td, > struct ucred *cred, struct vm_map *map); > @@ -474,6 +474,10 @@ > mpc->mpc_ops->mpo_externalize = > mpe->mpe_function; > break; > + case MAC_EXTERNALIZE_PID: > + mpc->mpc_ops->mpo_externalize_pid = > + mpe->mpe_function; > + break; > case MAC_INTERNALIZE: > mpc->mpc_ops->mpo_internalize = > mpe->mpe_function; > @@ -2062,7 +2066,7 @@ > * memory space, and revoke access (in the least surprising ways we > * know) when necessary. The process lock is not held here. > */ > -static void > +void > mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred) > { > > @@ -2899,6 +2903,55 @@ > return (error); > } > > +#if 0 > +395 MSTD BSD { int __mac_get_pid(pid_t pid, > + struct mac_pid_data *mpd, size_t mpdcnt) }; > +#endif Don't put unparsable code in #if's, it breaks indent and other C parsing and analysis tools (such as lint). If you must put this information in, use a comment. > +int > +mac_get_pid(struct thread *td, struct mac_get_pid_args *uap) Once we get the new user<->kernel labeling API in, hopefully we can move to using that here. It will presumably look similar but be gratuitously different :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message