From owner-p4-projects@FreeBSD.ORG Thu Nov 6 13:49:03 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 7FE9B16A4D0; Thu, 6 Nov 2003 13:49:03 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31CDA16A4CE for ; Thu, 6 Nov 2003 13:49:03 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 294F043FF3 for ; Thu, 6 Nov 2003 13:49:02 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id hA6Ln2XJ067044 for ; Thu, 6 Nov 2003 13:49:02 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.9/8.12.9/Submit) id hA6Ln1aL067041 for perforce@freebsd.org; Thu, 6 Nov 2003 13:49:01 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 6 Nov 2003 13:49:01 -0800 (PST) Message-Id: <200311062149.hA6Ln1aL067041@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 41599 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 21:49:04 -0000 http://perforce.freebsd.org/chv.cgi?CH=41599 Change 41599 by rwatson@rwatson_paprika on 2003/11/06 13:48:08 Store struct label pointer in struct devfsdirent, struct mount, and struct vnode, rather than storing the struct label directly in these structures. Use the UMA zone as a source of labels. This means that changing the number of label slots won't break the ABI, and can eventually become a boot-time tunable. Currently, UMA is underexercised to prevent repeated initialization. Affected files ... .. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs.h#12 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#65 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#424 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_system.c#5 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_vfs.c#5 edit .. //depot/projects/trustedbsd/mac/sys/sys/mount.h#28 edit .. //depot/projects/trustedbsd/mac/sys/sys/vnode.h#60 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs.h#12 (text+ko) ==== @@ -159,7 +159,7 @@ mode_t de_mode; uid_t de_uid; gid_t de_gid; - struct label de_label; + struct label *de_label; struct timespec de_atime; struct timespec de_mtime; struct timespec de_ctime; ==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#65 (text+ko) ==== @@ -340,7 +340,7 @@ NDFREE(ndp, NDF_ONLY_PNBUF); #ifdef MAC mac_init_vnode_label(&interplabel); - mac_copy_vnode_label(&ndp->ni_vp->v_label, &interplabel); + mac_copy_vnode_label(ndp->ni_vp->v_label, &interplabel); interplabelvalid = 1; #endif vput(ndp->ni_vp); ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#424 (text+ko) ==== @@ -756,7 +756,7 @@ mac_init_vnode_label(&intlabel); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - mac_copy_vnode_label(&vp->v_label, &intlabel); + mac_copy_vnode_label(vp->v_label, &intlabel); VOP_UNLOCK(vp, 0, td); break; @@ -840,7 +840,7 @@ goto out; mac_init_vnode_label(&intlabel); - mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel); + mac_copy_vnode_label(nd.ni_vp->v_label, &intlabel); error = mac_externalize_vnode_label(&intlabel, elements, buffer, mac.m_buflen); @@ -895,7 +895,7 @@ goto out; mac_init_vnode_label(&intlabel); - mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel); + mac_copy_vnode_label(nd.ni_vp->v_label, &intlabel); error = mac_externalize_vnode_label(&intlabel, elements, buffer, mac.m_buflen); NDFREE(&nd, 0); ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_system.c#5 (text+ko) ==== @@ -120,7 +120,7 @@ if (!mac_enforce_kld) return (0); - MAC_CHECK(check_kld_load, cred, vp, &vp->v_label); + MAC_CHECK(check_kld_load, cred, vp, vp->v_label); return (error); } @@ -176,7 +176,7 @@ return (0); MAC_CHECK(check_system_acct, cred, vp, - vp != NULL ? &vp->v_label : NULL); + vp != NULL ? vp->v_label : NULL); return (error); } @@ -230,7 +230,7 @@ if (!mac_enforce_system) return (0); - MAC_CHECK(check_system_swapon, cred, vp, &vp->v_label); + MAC_CHECK(check_system_swapon, cred, vp, vp->v_label); return (error); } @@ -244,7 +244,7 @@ if (!mac_enforce_system) return (0); - MAC_CHECK(check_system_swapoff, cred, vp, &vp->v_label); + MAC_CHECK(check_system_swapoff, cred, vp, vp->v_label); return (error); } ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_vfs.c#5 (text+ko) ==== @@ -100,24 +100,52 @@ static int mac_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, struct label *intlabel); +static struct label * +mac_devfsdirent_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_devfsdirent_label, label); + MAC_DEBUG_COUNTER_INC(&nmacdevfsdirents); + return (label); +} + void mac_init_devfsdirent(struct devfs_dirent *de) { - mac_init_label(&de->de_label); - MAC_PERFORM(init_devfsdirent_label, &de->de_label); - MAC_DEBUG_COUNTER_INC(&nmacdevfsdirents); + de->de_label = mac_devfsdirent_label_alloc(); +} + +static struct label * +mac_mount_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_mount_label, label); + MAC_DEBUG_COUNTER_INC(&nmacmounts); + return (label); +} + +static struct label * +mac_mount_fs_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_mount_fs_label, label); + MAC_DEBUG_COUNTER_INC(&nmacmounts); + return (label); } void mac_init_mount(struct mount *mp) { - mac_init_label(&mp->mnt_mntlabel); - mac_init_label(&mp->mnt_fslabel); - MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel); - MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel); - MAC_DEBUG_COUNTER_INC(&nmacmounts); + mp->mnt_mntlabel = mac_mount_label_alloc(); + mp->mnt_fslabel = mac_mount_fs_label_alloc(); } void @@ -129,31 +157,67 @@ MAC_DEBUG_COUNTER_INC(&nmacvnodes); } +static struct label * +mac_vnode_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_vnode_label, label); + MAC_DEBUG_COUNTER_INC(&nmacvnodes); + return (label); +} + void mac_init_vnode(struct vnode *vp) { - mac_init_vnode_label(&vp->v_label); + vp->v_label = mac_vnode_label_alloc(); +} + +static void +mac_devfsdirent_label_free(struct label *label) +{ + + MAC_PERFORM(destroy_devfsdirent_label, label); + mac_labelzone_free(label); + MAC_DEBUG_COUNTER_DEC(&nmacdevfsdirents); } void mac_destroy_devfsdirent(struct devfs_dirent *de) { - MAC_PERFORM(destroy_devfsdirent_label, &de->de_label); - mac_destroy_label(&de->de_label); - MAC_DEBUG_COUNTER_DEC(&nmacdevfsdirents); + mac_devfsdirent_label_free(de->de_label); + de->de_label = NULL; +} + +static void +mac_mount_label_free(struct label *label) +{ + + MAC_PERFORM(destroy_mount_label, label); + mac_labelzone_free(label); + MAC_DEBUG_COUNTER_DEC(&nmacmounts); +} + +static void +mac_mount_fs_label_free(struct label *label) +{ + + MAC_PERFORM(destroy_mount_fs_label, label); + mac_labelzone_free(label); + MAC_DEBUG_COUNTER_DEC(&nmacmounts); } void mac_destroy_mount(struct mount *mp) { - MAC_PERFORM(destroy_mount_label, &mp->mnt_mntlabel); - MAC_PERFORM(destroy_mount_fs_label, &mp->mnt_fslabel); - mac_destroy_label(&mp->mnt_fslabel); - mac_destroy_label(&mp->mnt_mntlabel); - MAC_DEBUG_COUNTER_DEC(&nmacmounts); + mac_mount_fs_label_free(mp->mnt_fslabel); + mp->mnt_fslabel = NULL; + mac_mount_label_free(mp->mnt_mntlabel); + mp->mnt_mntlabel = NULL; } void @@ -165,11 +229,21 @@ MAC_DEBUG_COUNTER_DEC(&nmacvnodes); } +static void +mac_vnode_label_free(struct label *label) +{ + + MAC_PERFORM(destroy_vnode_label, label); + mac_labelzone_free(label); + MAC_DEBUG_COUNTER_DEC(&nmacvnodes); +} + void mac_destroy_vnode(struct vnode *vp) { - mac_destroy_vnode_label(&vp->v_label); + mac_vnode_label_free(vp->v_label); + vp->v_label = NULL; } void @@ -205,8 +279,8 @@ struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, - &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, de->de_label, vp, + vp->v_label); } void @@ -214,8 +288,8 @@ struct vnode *vp) { - MAC_PERFORM(associate_vnode_devfs, mp, &mp->mnt_fslabel, de, - &de->de_label, vp, &vp->v_label); + MAC_PERFORM(associate_vnode_devfs, mp, mp->mnt_fslabel, de, + de->de_label, vp, vp->v_label); } int @@ -225,8 +299,8 @@ ASSERT_VOP_LOCKED(vp, "mac_associate_vnode_extattr"); - MAC_CHECK(associate_vnode_extattr, mp, &mp->mnt_fslabel, vp, - &vp->v_label); + MAC_CHECK(associate_vnode_extattr, mp, mp->mnt_fslabel, vp, + vp->v_label); return (error); } @@ -235,8 +309,8 @@ mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp) { - MAC_PERFORM(associate_vnode_singlelabel, mp, &mp->mnt_fslabel, vp, - &vp->v_label); + MAC_PERFORM(associate_vnode_singlelabel, mp, mp->mnt_fslabel, vp, + vp->v_label); } int @@ -259,8 +333,8 @@ } else if (error) return (error); - MAC_CHECK(create_vnode_extattr, cred, mp, &mp->mnt_fslabel, - dvp, &dvp->v_label, vp, &vp->v_label, cnp); + MAC_CHECK(create_vnode_extattr, cred, mp, mp->mnt_fslabel, + dvp, dvp->v_label, vp, vp->v_label, cnp); if (error) { VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread); @@ -294,7 +368,7 @@ } else if (error) return (error); - MAC_CHECK(setlabel_vnode_extattr, cred, vp, &vp->v_label, intlabel); + MAC_CHECK(setlabel_vnode_extattr, cred, vp, vp->v_label, intlabel); if (error) { VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread); @@ -319,7 +393,7 @@ if (!mac_enforce_process && !mac_enforce_fs) return; - MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label, + MAC_PERFORM(execve_transition, old, new, vp, vp->v_label, interpvnodelabel, imgp, imgp->execlabel); } @@ -335,7 +409,7 @@ return (0); result = 0; - MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label, + MAC_BOOLEAN(execve_will_transition, ||, old, vp, vp->v_label, interpvnodelabel, imgp, imgp->execlabel); return (result); @@ -351,7 +425,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode); + MAC_CHECK(check_vnode_access, cred, vp, vp->v_label, acc_mode); return (error); } @@ -365,7 +439,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_chdir, cred, dvp, &dvp->v_label); + MAC_CHECK(check_vnode_chdir, cred, dvp, dvp->v_label); return (error); } @@ -379,7 +453,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_chroot, cred, dvp, &dvp->v_label); + MAC_CHECK(check_vnode_chroot, cred, dvp, dvp->v_label); return (error); } @@ -394,7 +468,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_create, cred, dvp, &dvp->v_label, cnp, vap); + MAC_CHECK(check_vnode_create, cred, dvp, dvp->v_label, cnp, vap); return (error); } @@ -410,8 +484,8 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_delete, cred, dvp, &dvp->v_label, vp, - &vp->v_label, cnp); + MAC_CHECK(check_vnode_delete, cred, dvp, dvp->v_label, vp, + vp->v_label, cnp); return (error); } @@ -426,7 +500,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_deleteacl, cred, vp, &vp->v_label, type); + MAC_CHECK(check_vnode_deleteacl, cred, vp, vp->v_label, type); return (error); } @@ -441,7 +515,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label, + MAC_CHECK(check_vnode_deleteextattr, cred, vp, vp->v_label, attrnamespace, name); return (error); } @@ -457,7 +531,7 @@ if (!mac_enforce_process && !mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label, imgp, + MAC_CHECK(check_vnode_exec, cred, vp, vp->v_label, imgp, imgp->execlabel); return (error); @@ -473,7 +547,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_getacl, cred, vp, &vp->v_label, type); + MAC_CHECK(check_vnode_getacl, cred, vp, vp->v_label, type); return (error); } @@ -488,7 +562,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_getextattr, cred, vp, &vp->v_label, + MAC_CHECK(check_vnode_getextattr, cred, vp, vp->v_label, attrnamespace, name, uio); return (error); } @@ -505,8 +579,8 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_link, cred, dvp, &dvp->v_label, vp, - &vp->v_label, cnp); + MAC_CHECK(check_vnode_link, cred, dvp, dvp->v_label, vp, + vp->v_label, cnp); return (error); } @@ -521,7 +595,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label, + MAC_CHECK(check_vnode_listextattr, cred, vp, vp->v_label, attrnamespace); return (error); } @@ -537,7 +611,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_lookup, cred, dvp, &dvp->v_label, cnp); + MAC_CHECK(check_vnode_lookup, cred, dvp, dvp->v_label, cnp); return (error); } @@ -551,7 +625,7 @@ if (!mac_enforce_fs || !mac_enforce_vm) return (0); - MAC_CHECK(check_vnode_mmap, cred, vp, &vp->v_label, prot); + MAC_CHECK(check_vnode_mmap, cred, vp, vp->v_label, prot); return (error); } @@ -565,7 +639,7 @@ if (!mac_enforce_fs || !mac_enforce_vm) return; - MAC_PERFORM(check_vnode_mmap_downgrade, cred, vp, &vp->v_label, + MAC_PERFORM(check_vnode_mmap_downgrade, cred, vp, vp->v_label, &result); *prot = result; @@ -581,7 +655,7 @@ if (!mac_enforce_fs || !mac_enforce_vm) return (0); - MAC_CHECK(check_vnode_mprotect, cred, vp, &vp->v_label, prot); + MAC_CHECK(check_vnode_mprotect, cred, vp, vp->v_label, prot); return (error); } @@ -595,7 +669,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode); + MAC_CHECK(check_vnode_open, cred, vp, vp->v_label, acc_mode); return (error); } @@ -611,7 +685,7 @@ return (0); MAC_CHECK(check_vnode_poll, active_cred, file_cred, vp, - &vp->v_label); + vp->v_label); return (error); } @@ -628,7 +702,7 @@ return (0); MAC_CHECK(check_vnode_read, active_cred, file_cred, vp, - &vp->v_label); + vp->v_label); return (error); } @@ -643,7 +717,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_readdir, cred, dvp, &dvp->v_label); + MAC_CHECK(check_vnode_readdir, cred, dvp, dvp->v_label); return (error); } @@ -657,7 +731,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_readlink, cred, vp, &vp->v_label); + MAC_CHECK(check_vnode_readlink, cred, vp, vp->v_label); return (error); } @@ -669,7 +743,7 @@ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_relabel"); - MAC_CHECK(check_vnode_relabel, cred, vp, &vp->v_label, newlabel); + MAC_CHECK(check_vnode_relabel, cred, vp, vp->v_label, newlabel); return (error); } @@ -686,8 +760,8 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_rename_from, cred, dvp, &dvp->v_label, vp, - &vp->v_label, cnp); + MAC_CHECK(check_vnode_rename_from, cred, dvp, dvp->v_label, vp, + vp->v_label, cnp); return (error); } @@ -703,8 +777,8 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_rename_to, cred, dvp, &dvp->v_label, vp, - vp != NULL ? &vp->v_label : NULL, samedir, cnp); + MAC_CHECK(check_vnode_rename_to, cred, dvp, dvp->v_label, vp, + vp != NULL ? vp->v_label : NULL, samedir, cnp); return (error); } @@ -718,7 +792,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_revoke, cred, vp, &vp->v_label); + MAC_CHECK(check_vnode_revoke, cred, vp, vp->v_label); return (error); } @@ -733,7 +807,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_setacl, cred, vp, &vp->v_label, type, acl); + MAC_CHECK(check_vnode_setacl, cred, vp, vp->v_label, type, acl); return (error); } @@ -748,7 +822,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_setextattr, cred, vp, &vp->v_label, + MAC_CHECK(check_vnode_setextattr, cred, vp, vp->v_label, attrnamespace, name, uio); return (error); } @@ -763,7 +837,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_setflags, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_vnode_setflags, cred, vp, vp->v_label, flags); return (error); } @@ -777,7 +851,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_setmode, cred, vp, &vp->v_label, mode); + MAC_CHECK(check_vnode_setmode, cred, vp, vp->v_label, mode); return (error); } @@ -792,7 +866,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_setowner, cred, vp, &vp->v_label, uid, gid); + MAC_CHECK(check_vnode_setowner, cred, vp, vp->v_label, uid, gid); return (error); } @@ -807,7 +881,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime, + MAC_CHECK(check_vnode_setutimes, cred, vp, vp->v_label, atime, mtime); return (error); } @@ -824,7 +898,7 @@ return (0); MAC_CHECK(check_vnode_stat, active_cred, file_cred, vp, - &vp->v_label); + vp->v_label); return (error); } @@ -840,7 +914,7 @@ return (0); MAC_CHECK(check_vnode_write, active_cred, file_cred, vp, - &vp->v_label); + vp->v_label); return (error); } @@ -849,23 +923,23 @@ mac_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *newlabel) { - MAC_PERFORM(relabel_vnode, cred, vp, &vp->v_label, newlabel); + MAC_PERFORM(relabel_vnode, cred, vp, vp->v_label, newlabel); } void mac_create_mount(struct ucred *cred, struct mount *mp) { - MAC_PERFORM(create_mount, cred, mp, &mp->mnt_mntlabel, - &mp->mnt_fslabel); + MAC_PERFORM(create_mount, cred, mp, mp->mnt_mntlabel, + mp->mnt_fslabel); } void mac_create_root_mount(struct ucred *cred, struct mount *mp) { - MAC_PERFORM(create_root_mount, cred, mp, &mp->mnt_mntlabel, - &mp->mnt_fslabel); + MAC_PERFORM(create_root_mount, cred, mp, mp->mnt_mntlabel, + mp->mnt_fslabel); } int @@ -876,7 +950,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_mount_stat, cred, mount, &mount->mnt_mntlabel); + MAC_CHECK(check_mount_stat, cred, mount, mount->mnt_mntlabel); return (error); } @@ -886,7 +960,7 @@ const char *fullpath) { - MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label, + MAC_PERFORM(create_devfs_device, mp, dev, de, de->de_label, fullpath); } @@ -895,8 +969,8 @@ struct devfs_dirent *dd, struct devfs_dirent *de, const char *fullpath) { - MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, - &de->de_label, fullpath); + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, dd->de_label, de, + de->de_label, fullpath); } void @@ -905,7 +979,7 @@ { MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, - &de->de_label, fullpath); + de->de_label, fullpath); } /* ==== //depot/projects/trustedbsd/mac/sys/sys/mount.h#28 (text+ko) ==== @@ -41,7 +41,6 @@ #include #ifdef _KERNEL #include -#include #include #include #endif @@ -144,8 +143,8 @@ time_t mnt_time; /* last time written*/ int mnt_iosize_max; /* max size for clusters, etc */ struct netexport *mnt_export; /* export list */ - struct label mnt_mntlabel; /* MAC label for the mount */ - struct label mnt_fslabel; /* MAC label for the fs */ + struct label *mnt_mntlabel; /* MAC label for the mount */ + struct label *mnt_fslabel; /* MAC label for the fs */ int mnt_nvnodelistsize; /* # of vnodes on this mount */ }; #endif /* _KERNEL */ ==== //depot/projects/trustedbsd/mac/sys/sys/vnode.h#60 (text+ko) ==== @@ -44,7 +44,6 @@ #include #include -#include #include #include #include @@ -153,7 +152,7 @@ struct vnode *v_dd; /* c .. vnode */ u_long v_ddid; /* c .. capability identifier */ struct vpollinfo *v_pollinfo; /* p Poll events */ - struct label v_label; /* MAC label for vnode */ + struct label *v_label; /* MAC label for vnode */ #ifdef DEBUG_LOCKS const char *filename; /* Source file doing locking */ int line; /* Line number doing locking */