91421ba234
credential structure, ucred (cr->cr_prison). o Allow jail inheritence to be a function of credential inheritence. o Abstract prison structure reference counting behind pr_hold() and pr_free(), invoked by the similarly named credential reference management functions, removing this code from per-ABI fork/exit code. o Modify various jail() functions to use struct ucred arguments instead of struct proc arguments. o Introduce jailed() function to determine if a credential is jailed, rather than directly checking pointers all over the place. o Convert PRISON_CHECK() macro to prison_check() function. o Move jail() function prototypes to jail.h. o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the flag in the process flags field itself. o Eliminate that "const" qualifier from suser/p_can/etc to reflect mutex use. Notes: o Some further cleanup of the linux/jail code is still required. o It's now possible to consider resolving some of the process vs credential based permission checking confusion in the socket code. o Mutex protection of struct prison is still not present, and is required to protect the reference count plus some fields in the structure. Reviewed by: freebsd-arch Obtained from: TrustedBSD Project |
||
|---|---|---|
| .. | ||
| linux_file.c | ||
| linux_ioctl.c | ||
| linux_ioctl.h | ||
| linux_ipc.c | ||
| linux_ipc.h | ||
| linux_mib.c | ||
| linux_mib.h | ||
| linux_misc.c | ||
| linux_signal.c | ||
| linux_signal.h | ||
| linux_socket.c | ||
| linux_socket.h | ||
| linux_stats.c | ||
| linux_util.c | ||
| linux_util.h | ||