svn commit: r197584 - head/sys/rpc/rpcsec_gss
Robert Watson
rwatson at FreeBSD.org
Mon Sep 28 19:36:53 UTC 2009
On Mon, 28 Sep 2009, John Baldwin wrote:
> ==============================================================================
>> --- head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Mon Sep 28 18:54:26 2009
> (r197583)
>> +++ head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Mon Sep 28 18:55:29 2009
> (r197584)
>> @@ -449,6 +449,8 @@ rpc_gss_svc_getcred(struct svc_req *req,
>> cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid;
>> cr->cr_rgid = cr->cr_svgid = uc->gid;
>> crsetgroups(cr, uc->gidlen, uc->gidlist);
>> + cr->cr_prison = &prison0;
>> + prison_hold(cr->cr_prison);
>> *crp = crhold(cr);
>>
>> return (TRUE);
>
> FYI, it would be nice if prison_hold() returned a pointer to the prison as
> you can then do what crhold() does above:
>
> cr->cr_prison = prison_hold(&prison0);
>
> I prefer combining the refcount and assignment into one step with the goal
> of avoiding outright assignments that don't go via foo_hold() or fooref()
> for refcounted objects.
In the long-term, explicit references to proc0, prison0, thread0, filedesc0,
... all make me rather nervous. I'd rather that all these things were linked
to either the credentials of the file system mount, the user thread, or
perhaps gssd in some cases. From the perspective if virtualization, the file
system mount credential seems the most likely candidate.
Robert
More information about the svn-src-all
mailing list