mac_portacl(4) minor bugfix
Robert Watson
rwatson at FreeBSD.org
Mon Jan 26 02:11:02 GMT 2004
On Mon, 26 Jan 2004, Pawel Jakub Dawidek wrote:
> On Mon, Jan 26, 2004 at 12:16:57AM +0100, Simon L. Nielsen wrote:
> +> The simple way with a call to log() is quite easy to implement. The
> +> attached patch logs denied requests, but I couldn't see a way to get the
> +> pid of the caller, [...]
>
> You can always get PID from curproc->p_pid.
Although in a number of cases, MAC Framework entry points are passed
credentials for processes other than the one performing the operation. The
reason this occurs is because of asynchronous operations, where process
credentials are cached for later use. For example, with AIO, where a
kernel worker thread is performing the vnode operations. In the socket
bind case, I'm not aware of any situations where curproc isn't the right
proc, however.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Senior Research Scientist, McAfee Research
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list