From owner-svn-src-head@FreeBSD.ORG Tue Oct 28 09:16:35 2008 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 45C98106566B; Tue, 28 Oct 2008 09:16:35 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 352E28FC1A; Tue, 28 Oct 2008 09:16:35 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id m9S9GZRt088761; Tue, 28 Oct 2008 09:16:35 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id m9S9GZDX088760; Tue, 28 Oct 2008 09:16:35 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <200810280916.m9S9GZDX088760@svn.freebsd.org> From: Robert Watson Date: Tue, 28 Oct 2008 09:16:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r184402 - head/sys/security/mac_partition X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2008 09:16:35 -0000 Author: rwatson Date: Tue Oct 28 09:16:34 2008 New Revision: 184402 URL: http://svn.freebsd.org/changeset/base/184402 Log: Extended comment on why we consider a partition relabel request of "0" to be a no-op request, and why this might have to change if we want to allow leaving a partition someday. Obtained from: TrustedBSD Project MFC after: 3 days Modified: head/sys/security/mac_partition/mac_partition.c Modified: head/sys/security/mac_partition/mac_partition.c ============================================================================== --- head/sys/security/mac_partition/mac_partition.c Tue Oct 28 09:12:13 2008 (r184401) +++ head/sys/security/mac_partition/mac_partition.c Tue Oct 28 09:16:34 2008 (r184402) @@ -114,7 +114,13 @@ partition_cred_check_relabel(struct ucre error = 0; - /* Treat "0" as a no-op request. */ + /* + * Treat "0" as a no-op request because it reflects an unset + * partition label. If we ever want to support switching back to an + * unpartitioned state for a process, we'll need to differentiate the + * "not in a partition" and "no partition defined during internalize" + * conditions. + */ if (SLOT(newlabel) != 0) { /* * Require BSD privilege in order to change the partition.