PERFORCE change 110796 for review

Robert Watson rwatson at FreeBSD.org
Fri Dec 1 05:01:20 PST 2006 

http://perforce.freebsd.org/chv.cgi?CH=110796

Change 110796 by rwatson at rwatson_zoo on 2006/12/01 12:59:05

	Revert branch-local changes in priv.h.

Affected files ...

.. //depot/projects/trustedbsd/priv/sys/sys/priv.h#10 integrate

Differences ...

==== //depot/projects/trustedbsd/priv/sys/sys/priv.h#10 (text+ko) ====

@@ -26,7 +26,7 @@
  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $FreeBSD$
+ * $FreeBSD: src/sys/sys/priv.h,v 1.1 2006/11/06 13:37:18 rwatson Exp $
  */
 
 /*
@@ -48,7 +48,10 @@
  * When adding a new privilege, remember to determine if it's appropriate for
  * use in jail, and update the privilege switch in kern_jail.c as necessary.
  */
-/* Track beginning of privilege list. */
+
+/*
+ * Track beginning of privilege list.
+ */
 #define	_PRIV_LOWEST	0
 
 /*
@@ -380,9 +383,8 @@
 #define	PRIV_VM86_INTCALL	650/* Allow invoking vm86 int handlers. */
 
 /*
- * Set of reserved privilege values, which will be allocated to code
- * as needed, in order to avoid renumbering later privileges due to
- * insertion.
+ * Set of reserved privilege values, which will be allocated to code as
+ * needed, in order to avoid renumbering later privileges due to insertion.
  */
 #define	_PRIV_RESERVED0		660
 #define	_PRIV_RESERVED1		661
@@ -402,11 +404,11 @@
 #define	_PRIV_RESERVED15	675
 
 /*
- * Define a set of valid privilege numbers that can be used by
- * loadable modules that don't yet have privilege reservations.
- * Ideally, these should not be used, since their meaning is opaque
- * to any policies that are aware of specific privileges, such as
- * jail, and as such may be arbitrarily denied.
+ * Define a set of valid privilege numbers that can be used by loadable
+ * modules that don't yet have privilege reservations.  Ideally, these should
+ * not be used, since their meaning is opaque to any policies that are aware
+ * of specific privileges, such as jail, and as such may be arbitrarily
+ * denied.
  */
 #define	PRIV_MODULE0		700
 #define	PRIV_MODULE1		701
@@ -433,7 +435,8 @@
 /*
  * Validate that a named privilege is known by the privilege system.  Invalid
  * privileges presented to the privilege system by a priv_check interface
- * will result in a panic.
+ * will result in a panic.  This is only approximate due to sparse allocation
+ * of the privilege space.
  */
 #define	PRIV_VALID(x)	((x) > _PRIV_LOWEST && (x) < _PRIV_HIGHEST)

More information about the trustedbsd-cvs mailing list