Date: Sun, 23 Jan 2011 15:25:12 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 188100 for review Message-ID: <201101231525.p0NFPC3C094504@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@188100?ac=10 Change 188100 by trasz@trasz_victim on 2011/01/23 15:24:14 Two "deny" rules that differ only by their "amount" value don't make sense. Prevent it. Affected files ... .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_rctl.c#15 edit Differences ... ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_rctl.c#15 (text+ko) ==== @@ -897,6 +897,7 @@ struct uidinfo *uip; struct prison *pr; struct loginclass *lc; + struct rctl_rule *rule2; int match; KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified")); @@ -905,9 +906,16 @@ return (EOPNOTSUPP); /* - * Make sure there are no duplicated rules. + * Make sure there are no duplicated rules. Also, for the "deny" + * rules, remove ones differing only by "amount". */ - rctl_rule_remove(rule); + if (rule->rr_action == RCTL_ACTION_DENY) { + rule2 = rctl_rule_duplicate(rule, M_WAITOK); + rule2->rr_amount = RCTL_AMOUNT_UNDEFINED; + rctl_rule_remove(rule2); + rctl_rule_release(rule2); + } else + rctl_rule_remove(rule); switch (rule->rr_subject_type) { case RCTL_SUBJECT_TYPE_PROCESS: @@ -916,9 +924,7 @@ rctl_container_add_rule(&p->p_container, rule); /* * In case of per-process rule, we don't have anything more - * to do. Also, there is no point in increasing reference - * count, as the per-process containers never have - * any subcontainers. + * to do. */ return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101231525.p0NFPC3C094504>