From owner-p4-projects Mon Nov 18 7:37:10 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 792DD37B404; Mon, 18 Nov 2002 07:37:07 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0DF9B37B401 for ; Mon, 18 Nov 2002 07:37:07 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F07F43E77 for ; Mon, 18 Nov 2002 07:37:06 -0800 (PST) (envelope-from green@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gAIFYDmV098243 for ; Mon, 18 Nov 2002 07:34:13 -0800 (PST) (envelope-from green@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gAIFYDjj098240 for perforce@freebsd.org; Mon, 18 Nov 2002 07:34:13 -0800 (PST) Date: Mon, 18 Nov 2002 07:34:13 -0800 (PST) Message-Id: <200211181534.gAIFYDjj098240@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 21231 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=21231 Change 21231 by green@green_laptop_2 on 2002/11/18 07:33:28 Possibly print more vnode info on what causes demotion in mac_lomac. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#42 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#42 (text+ko) ==== @@ -503,8 +503,9 @@ static int maybe_demote(struct mac_lomac *subjlabel, struct mac_lomac *objlabel, - const char *actionname, const char *objname) + const char *actionname, const char *objname, struct vnode *vpq) { + struct vattr va; static const char xxx[] = "<>"; struct mac_lomac_proc *subj = PSLOT(&curthread->td_proc->p_label); char *subjlabeltext, *objlabeltext, *subjtext, *text; @@ -572,10 +573,21 @@ free(text, M_MACLOMAC); } pgid = p->p_pgrp->pg_id; /* XXX could be stale? */ - log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to" - " level %s after %s a level-%s %s\n", - subjlabeltext, p->p_pid, pgid, curthread->td_ucred->cr_uid, - p->p_comm, subjtext, actionname, objlabeltext, objname); + if (vpq != NULL && VOP_GETATTR(vpq, &va, curthread->td_ucred, + curthread) == 0) { + log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to" + " level %s after %s a level-%s %s (inode=%ld, " + "mountpount=%s)\n", + subjlabeltext, p->p_pid, pgid, curthread->td_ucred->cr_uid, + p->p_comm, subjtext, actionname, objlabeltext, objname, + va.va_fileid, vpq->v_mount->mnt_stat.f_mntonname); + } else { + log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to" + " level %s after %s a level-%s %s\n", + subjlabeltext, p->p_pid, pgid, curthread->td_ucred->cr_uid, + p->p_comm, subjtext, actionname, objlabeltext, objname); + } + if (subjlabeltext != xxx) free(subjlabeltext, M_MACLOMAC); if (objlabeltext != xxx) @@ -1537,7 +1549,7 @@ */ if (mac_lomac_enabled && revocation_enabled && !mac_lomac_dominate_single(obj, source)) - (void)maybe_demote(source, obj, "executing", "file"); + (void)maybe_demote(source, obj, "executing", "file", vp); } static int @@ -1816,7 +1828,7 @@ obj = SLOT((pipelabel)); if (!mac_lomac_dominate_single(obj, subj)) - return (maybe_demote(subj, obj, "reading", "pipe")); + return (maybe_demote(subj, obj, "reading", "pipe", NULL)); return (0); } @@ -2198,7 +2210,7 @@ } if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { if (!mac_lomac_dominate_single(obj, subj)) - return (maybe_demote(subj, obj, "mapping", "file")); + return (maybe_demote(subj, obj, "mapping", "file", vp)); } return (0); @@ -2286,7 +2298,7 @@ obj = SLOT(label); if (!mac_lomac_dominate_single(obj, subj)) - return (maybe_demote(subj, obj, "reading", "file")); + return (maybe_demote(subj, obj, "reading", "file", vp)); return (0); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message