Extended comment on why we consider a partition relabel request of "0" to

be a no-op request, and why this might have to change if we want to allow leaving a partition someday. Obtained from: TrustedBSD Project MFC after: 3 days
svn path=/head/; revision=184402
2008-10-28 09:16:34 +00:00 · 2008-10-28 09:16:34 +00:00 · 048e2d5899 · 2020-12-20 02:59:44 +00:00
commit 048e2d5899
parent 6c6c03be2d
1 changed files with 7 additions and 1 deletions
--- a/sys/security/mac_partition/mac_partition.c
+++ b/sys/security/mac_partition/mac_partition.c
@ -114,7 +114,13 @@ partition_cred_check_relabel(struct ucred *cred, struct label *newlabel)

 	error = 0;

-	/* Treat "0" as a no-op request. */
+	/*
+	 * Treat "0" as a no-op request because it reflects an unset
+	 * partition label.  If we ever want to support switching back to an
+	 * unpartitioned state for a process, we'll need to differentiate the
+	 * "not in a partition" and "no partition defined during internalize"
+	 * conditions.
+	 */
 	if (SLOT(newlabel) != 0) {
 		/*
 		 * Require BSD privilege in order to change the partition.