Date: Wed, 27 Jan 1999 15:43:19 -0800 (PST) From: Sean Eric Fagan <sef@kithrup.com> To: nate@mt.sri.com Cc: current@FreeBSD.ORG, julian@whistle.com Subject: Re: "JAIL" code headed for -current. Message-ID: <199901272343.PAA06079@kithrup.com> In-Reply-To: <199901272333.QAA24533@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>But then we're still having an API change that doesn't have to be there.
No, it's not.
If you change suser() to:
int
suser(uc, ac)
struct ucred *uc;
u_short *ac; {
return JAILsuser(0, uc, ac);
}
then suser() continues to have the same semantics and calling convention; you
can speed this up a bit by having:
#define suser(a,b) JAILsuser(0, a, b)
in <sys/ucred.h> (where suser's prototype is).
Then you can simply change the calls from suser() to JAILsuser() as needed.
(Actually, JAILsuser is a bad name, really, since this could also be used to
move to a more-capability-based mechanism, with the "jail" being simply one
set of resources to compare the requested capability against. But that's just
a thought that has occurred to me, and I haven't spent any time making it
coherent ;).)
Doing it this way should result in a superset, and minimal source code
changes; doing it with just the stub routine would result in minimal binary
impact as well.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901272343.PAA06079>