Date: Wed, 7 Aug 2002 05:45:00 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 15637 for review Message-ID: <200208071245.g77Cj0Nk074160@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15637 Change 15637 by rwatson@rwatson_tislabs on 2002/08/07 05:44:19 Teach the accounting system to cache the credential used for file system activity. This permits accounting to operate with a high integrity credential when logging data on low-integrity processes (et al). The credential will be preserved in the same manner as normal accounting configuration information when disk space runs low (etc). Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_acct.c#7 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_acct.c#7 (text+ko) ==== @@ -86,8 +86,10 @@ * Accounting vnode pointer, saved vnode pointer, and flags for each. */ static struct vnode *acctp; +static struct ucred *acctcred; static int acctflags; static struct vnode *savacctp; +static struct ucred *savacctcred; static int savacctflags; /* @@ -155,8 +157,10 @@ callout_stop(&acctwatch_callout); error = vn_close((acctp != NULLVP ? acctp : savacctp), (acctp != NULLVP ? acctflags : savacctflags), - td->td_ucred, td); + (acctcred != NOCRED ? acctcred : savacctcred), td); acctp = savacctp = NULLVP; + crfree(acctcred != NOCRED ? acctcred : savacctcred); + acctcred = savacctcred = NOCRED; } if (SCARG(uap, path) == NULL) goto done2; @@ -166,6 +170,7 @@ * free space watcher. */ acctp = nd.ni_vp; + acctcred = crhold(td->td_ucred); acctflags = flags; callout_init(&acctwatch_callout, 0); acctwatch(NULL); @@ -260,9 +265,9 @@ /* * Write the accounting information to the file. */ - VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); + VOP_LEASE(vp, td, acctcred, LEASE_WRITE); return (vn_rdwr(UIO_WRITE, vp, (caddr_t)&acct, sizeof (acct), - (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, td->td_ucred, + (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, acctcred, (int *)0, td)); } @@ -320,23 +325,29 @@ if (savacctp != NULLVP) { if (savacctp->v_type == VBAD) { - (void) vn_close(savacctp, savacctflags, NOCRED, NULL); + (void) vn_close(savacctp, savacctflags, savacctcred, + NULL); savacctp = NULLVP; + savacctcred = NOCRED; return; } (void)VFS_STATFS(savacctp->v_mount, &sb, (struct thread *)0); if (sb.f_bavail > acctresume * sb.f_blocks / 100) { acctp = savacctp; + acctcred = savacctcred; acctflags = savacctflags; savacctp = NULLVP; + savacctcred = NOCRED; log(LOG_NOTICE, "Accounting resumed\n"); } } else { if (acctp == NULLVP) return; if (acctp->v_type == VBAD) { - (void) vn_close(acctp, acctflags, NOCRED, NULL); + (void) vn_close(acctp, acctflags, acctcred, NULL); acctp = NULLVP; + crfree(acctcred); + acctcred = NOCRED; return; } (void)VFS_STATFS(acctp->v_mount, &sb, (struct thread *)0); @@ -344,6 +355,7 @@ savacctp = acctp; savacctflags = acctflags; acctp = NULLVP; + acctcred = NOCRED; log(LOG_NOTICE, "Accounting suspended\n"); } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208071245.g77Cj0Nk074160>