freebsd-skq/sys/fs/devfs
Ed Schouten f8f6146082 Improve nested jail awareness of devfs by handling credentials.
Now that we start to use credentials on character devices more often
(because of MPSAFE TTY), move the prison-checks that are in place in the
TTY code into devfs.

Instead of strictly comparing the prisons, use the more common
prison_check() function to compare credentials. This means that
pseudo-terminals are only visible in devfs by processes within the same
jail and parent jails.

Even though regular users in parent jails can now interact with
pseudo-terminals from child jails, this seems to be the right approach.
These processes are also capable of interacting with the jailed
processes anyway, through signals for example.

Reviewed by:	kib, rwatson (older version)
2009-06-20 14:50:32 +00:00
..
devfs_devs.c Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
devfs_int.h Struct cdev is always the member of the struct cdev_priv. When devfs 2008-06-16 17:34:59 +00:00
devfs_rule.c Get pointer to devfs_ruleset struct after garbage collection has been 2008-06-22 14:34:38 +00:00
devfs_vfsops.c Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
devfs_vnops.c Improve nested jail awareness of devfs by handling credentials. 2009-06-20 14:50:32 +00:00
devfs.h Remove the thread argument from the FSD (File-System Dependent) parts of 2009-05-11 15:33:26 +00:00