Add comment to the VLAN code about its integration with VIMAGE: we see what

the code is doing, we recognise the legitimacy of its goal, but we're not quite sure it's going about it the right way. More pondering is clearly required. Sponsored by: ADARA Networks, Inc. Discussed with: bz MFC after: 3 days
2012-01-05 11:24:22 +00:00 · 2012-01-05 11:24:22 +00:00 · 628c91bb51
commit 628c91bb51
parent 8952a0a413
1 changed files with 7 additions and 0 deletions
--- a/sys/net/if_vlan.c
+++ b/sys/net/if_vlan.c
@ -1597,6 +1597,13 @@ vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)

 	case SIOCSETVLAN:
 #ifdef VIMAGE
+		/*
+		 * XXXRW/XXXBZ: The goal in these checks is to allow a VLAN
+		 * interface to be delegated to a jail without allowing the
+		 * jail to change what underlying interface/VID it is
+		 * associated with.  We are not entirely convinced that this
+		 * is the right way to accomplish that goal policy goal.
+		 */
 		if (ifp->if_vnet != ifp->if_home_vnet) {
 			error = EPERM;
 			break;