Date: Tue, 28 Oct 2008 09:16:35 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r184402 - head/sys/security/mac_partition Message-ID: <200810280916.m9S9GZDX088760@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Tue Oct 28 09:16:34 2008 New Revision: 184402 URL: http://svn.freebsd.org/changeset/base/184402 Log: Extended comment on why we consider a partition relabel request of "0" to be a no-op request, and why this might have to change if we want to allow leaving a partition someday. Obtained from: TrustedBSD Project MFC after: 3 days Modified: head/sys/security/mac_partition/mac_partition.c Modified: head/sys/security/mac_partition/mac_partition.c ============================================================================== --- head/sys/security/mac_partition/mac_partition.c Tue Oct 28 09:12:13 2008 (r184401) +++ head/sys/security/mac_partition/mac_partition.c Tue Oct 28 09:16:34 2008 (r184402) @@ -114,7 +114,13 @@ partition_cred_check_relabel(struct ucre error = 0; - /* Treat "0" as a no-op request. */ + /* + * Treat "0" as a no-op request because it reflects an unset + * partition label. If we ever want to support switching back to an + * unpartitioned state for a process, we'll need to differentiate the + * "not in a partition" and "no partition defined during internalize" + * conditions. + */ if (SLOT(newlabel) != 0) { /* * Require BSD privilege in order to change the partition.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810280916.m9S9GZDX088760>