Date: Wed, 1 May 2002 15:30:33 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 10607 for review Message-ID: <200205012230.g41MUXX02383@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10607 Change 10607 by rwatson@rwatson_curry on 2002/05/01 15:30:03 Call mac_create_socket_from_socket() instead of mac_create_socket() when we derive an acceptable socket from a listen socket. Previously, we created the new socket label from the credential cached in the old socket. Now we leave that up to individual policies, which now generally derive it from the old socket label. For existing policies, this results in the same material endpoint, but improves flexibility as well as pushing us in the direction of peer credentials. Affected files ... ... //depot/projects/trustedbsd/mac/sys/kern/uipc_socket2.c#16 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/uipc_socket2.c#16 (text+ko) ==== @@ -249,7 +249,7 @@ so->so_timeo = head->so_timeo; so->so_cred = crhold(head->so_cred); #ifdef MAC - mac_create_socket(so->so_cred, so); + mac_create_socket_from_socket(head, so); #endif if (soreserve(so, head->so_snd.sb_hiwat, head->so_rcv.sb_hiwat) || (*so->so_proto->pr_usrreqs->pru_attach)(so, 0, NULL)) { To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205012230.g41MUXX02383>