From nobody Mon Jun 29 19:25:41 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gpx864YqXz6jjTG for ; Mon, 29 Jun 2026 19:25:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "YR1" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gpx852Jvnz40Bg for ; Mon, 29 Jun 2026 19:25:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1782761141; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Bl0Ntow9P/FS9wxyV+q9+XLwXvuwIWKFcXw4nDW5Ujc=; b=KRb3kdj7bhCC+qiSTt6WhXxBaXSOY0U9FYFuTsFakEZX4WMaQNe3uwIfwMjxcYOMU/l/Sc 8jx/kUKWJRNuy2jp5i8XZmy9li1YnO4ENLeouMz7Ug8wp/PLSYWSwf13rAV/Te9c8oKGU5 RKtzFd946ke9rVblnTWaHBccbgUH0wOsBUYAe4YsKDne9Xzo/YiWLCZ6SkyQ0yLF2xHeQc 85VvDa2wVoCLjPGHmin/jdOZxBDzW5+t6zimAIL8NHiTrzUSzCAgfOoe8enzvX1MDn20MH jmuFcWHCCcopWj+ENz2JDA85cWGoBVJ/OFoe0iRLmB/cAWlm3vOnuGMOL2a+DQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1782761141; a=rsa-sha256; cv=none; b=YxvKW6+TaPsRh2+OZTIxG6KSrKcL2OtSMSfUtK9ipkvpd+v6RoPoqR2sjhEWUSd2NvpvTw 20kUR11Ae1RlHaRypN3fF5kxTjIXbuX4S5QR1pkWwoPZQTCO8ENq/tsxuwF/QTZ7aRexBh WBesVA68jY2hPW6MXy7DqGYv7GO3MeFXTTK61fUftCpDjbvoEwTGUmMV+OH0Dt99+uxxKp /8jOgCa8qU3S1aFfeuMcVc9vrtrT5TKnw0vnzXeXK/NNhB3SzPmVd7C3YDFYSts860chgd Zsnb5ZdGGOrbm2BOKM8+StUb+tqkYgPKHUQ4oH4hT457bi7fZQnCzkIZFx/IsQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1782761141; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Bl0Ntow9P/FS9wxyV+q9+XLwXvuwIWKFcXw4nDW5Ujc=; b=BBGLMRaJcsP/K5+YmbKOOAu/mNoyVrPeAYj+/quDpL0jcC+taglbf3NqBIeWvvo1mdCXhU shiyAnrXmHAHemh4jLfr+9b6QfYGdkXFqoe1ux2mV02ybrQpWgzjZ1+tCouUKJW5abZGyq 5mboTugm/FnhrOsXzHJqPlRZbotxhomPXXtsS9nzPQo+5JyD6updCIZAQFSPNMmkt+7SHN MDMrIrkgPyQ1dpwZcqUzAVcXge8nVUffpXreD9KQCYKJWeC86C9sLzGa9r3I4JjmdMT0A1 5Xyg9mfZDYrr1/5rhNSfefjBTM749c69q1Osgbt4p3dQjHLhrAHaAZ96GfRfSQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gpx851Kw7z19XW for ; Mon, 29 Jun 2026 19:25:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 21d81 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 29 Jun 2026 19:25:41 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 5398649fa0e3 - stable/15 - MAC/do: Rename size constants/variables to clear confusion with string lengths List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 5398649fa0e3d6d07403443671a8cea992b2c145 Auto-Submitted: auto-generated Date: Mon, 29 Jun 2026 19:25:41 +0000 Message-Id: <6a42c6b5.21d81.39c965fa@gitrepo.freebsd.org> The branch stable/15 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=5398649fa0e3d6d07403443671a8cea992b2c145 commit 5398649fa0e3d6d07403443671a8cea992b2c145 Author: Olivier Certner AuthorDate: 2026-03-23 16:13:37 +0000 Commit: Olivier Certner CommitDate: 2026-06-29 19:23:41 +0000 MAC/do: Rename size constants/variables to clear confusion with string lengths These constants represent buffer sizes in bytes, not string lengths. While here, move MAX in EXEC_PATHS_MAXLEN at start, like the other constants. While here, fix the prefix of the old MAC_RULE_STRING_LEN accordingly. No functional change. Reviewed by: bapt Fixes: 8aac90f18aef ("mac_do: add a new MAC/do policy and mdo(1) utility") Fixes: 9818224174c4 ("MAC/do: Executable paths feature (GSoC 2025's final state)") MFC after: 1 month Sponsored by: The FreeBSD Foundation Pull Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/38 (cherry picked from commit 28ebab7c3730105f06f982950e9aee4130469906) --- sys/security/mac_do/mac_do.c | 68 ++++++++++++++++++++++---------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index e31ba6904bde..bef29badc5ba 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -47,10 +47,10 @@ SYSCTL_INT(_security_mac_do, OID_AUTO, print_parse_error, CTLFLAG_RWTUN, static MALLOC_DEFINE(M_MAC_DO, "mac_do", "mac_do(4) security module"); -#define EXEC_PATHS_MAXLEN 2048 -#define MAX_EXEC_PATHS 8 +#define MAX_EXEC_PATHS_SIZE 2048 +#define MAX_EXEC_PATHS 8 -#define MAC_RULE_STRING_LEN 1024 +#define MAX_RULE_STRING_SIZE 1024 static unsigned osd_jail_slot; static unsigned osd_thread_slot; @@ -159,7 +159,7 @@ struct id_spec { /* * This limits the number of target clauses per type to 65535. With the current - * value of MAC_RULE_STRING_LEN (1024), this is way more than enough anyway. + * value of MAX_RULE_STRING_SIZE (1024), this is way more than enough anyway. */ typedef uint16_t id_nb_t; /* We only have a few IT_* types. */ @@ -180,12 +180,12 @@ struct rule { STAILQ_HEAD(rulehead, rule); struct rules { - char string[MAC_RULE_STRING_LEN]; + char string[MAX_RULE_STRING_SIZE]; struct rulehead head; }; struct exec_paths { - char exec_paths_str[EXEC_PATHS_MAXLEN]; + char exec_paths_str[MAX_EXEC_PATHS_SIZE]; char exec_paths[MAX_EXEC_PATHS][PATH_MAX]; int exec_path_count; }; @@ -355,14 +355,14 @@ toast_rules(struct rules *const rules) static void init_rules(struct rules *const rules) { - _Static_assert(MAC_RULE_STRING_LEN > 0, "MAC_RULE_STRING_LEN <= 0!"); + _Static_assert(MAX_RULE_STRING_SIZE > 0, "MAX_RULE_STRING_SIZE <= 0!"); STAILQ_INIT(&rules->head); } static void init_exec_paths(struct exec_paths *const exec_paths) { - _Static_assert(EXEC_PATHS_MAXLEN > 0, "EXEC_PATHS_MAXLEN <= 0!"); + _Static_assert(MAX_EXEC_PATHS_SIZE > 0, "MAX_EXEC_PATHS_SIZE <= 0!"); bzero(exec_paths, sizeof(*exec_paths)); exec_paths->exec_paths_str[0] = 0; } @@ -1036,7 +1036,7 @@ einval: * Must be called with '*parse_error' set to NULL. Returns 0 on success, with * '*rulesp' made to point to a 'struct rule' representing the rules. On error, * the returned value is non-zero and '*rulesp' is unchanged. If 'string' has - * length greater or equal to MAC_RULE_STRING_LEN, ENAMETOOLONG is returned. If + * length greater or equal to MAX_RULE_STRING_SIZE, ENAMETOOLONG is returned. If * it is not in the expected format, EINVAL is returned. If an error is * returned, '*parse_error' is set to point to a 'struct parse_error' giving an * error message for the problem. @@ -1064,10 +1064,10 @@ parse_rules(const char *const string, struct rules *const rules, char *copy, *p, *rule; int error = 0; - if (len >= MAC_RULE_STRING_LEN) { + if (len >= MAX_RULE_STRING_SIZE) { make_parse_error(parse_error, 0, "Rule specification string is too long (%zu, max %zu)", - len, MAC_RULE_STRING_LEN - 1); + len, MAX_RULE_STRING_SIZE - 1); return (ENAMETOOLONG); } @@ -1110,10 +1110,10 @@ parse_exec_paths(const char *const string, struct exec_paths *const exec_paths, char *copy, *p, *path; int error = 0; - if (len >= EXEC_PATHS_MAXLEN) { + if (len >= MAX_EXEC_PATHS_SIZE) { make_parse_error(parse_error, 0, "Exec path specification string is too long (%zu, max %u)", - len, EXEC_PATHS_MAXLEN - 1); + len, MAX_EXEC_PATHS_SIZE - 1); return (ENAMETOOLONG); } @@ -1317,7 +1317,7 @@ set_default_conf(struct prison *const pr) struct conf *const conf = alloc_conf(); strlcpy(conf->exec_paths.exec_paths_str, "/usr/bin/mdo", - EXEC_PATHS_MAXLEN); + MAX_EXEC_PATHS_SIZE); strlcpy(conf->exec_paths.exec_paths[0], "/usr/bin/mdo", PATH_MAX); conf->exec_paths.exec_path_count = 1; @@ -1430,7 +1430,7 @@ error: static int mac_do_sysctl_rules(SYSCTL_HANDLER_ARGS) { - char *const buf = malloc(MAC_RULE_STRING_LEN, M_MAC_DO, M_WAITOK); + char *const buf = malloc(MAX_RULE_STRING_SIZE, M_MAC_DO, M_WAITOK); struct prison *const td_pr = req->td->td_ucred->cr_prison; struct prison *pr; struct conf *conf; @@ -1438,10 +1438,10 @@ mac_do_sysctl_rules(SYSCTL_HANDLER_ARGS) int error; conf = find_conf(td_pr, &pr); - strlcpy(buf, conf->rules.string, MAC_RULE_STRING_LEN); + strlcpy(buf, conf->rules.string, MAX_RULE_STRING_SIZE); prison_unlock(pr); - error = sysctl_handle_string(oidp, buf, MAC_RULE_STRING_LEN, req); + error = sysctl_handle_string(oidp, buf, MAX_RULE_STRING_SIZE, req); if (error != 0 || req->newptr == NULL) goto out; @@ -1466,13 +1466,13 @@ SYSCTL_PROC(_security_mac_do, OID_AUTO, rules, SYSCTL_JAIL_PARAM_SYS_SUBNODE(mac, do, CTLFLAG_RW, "Jail MAC/do parameters"); -SYSCTL_JAIL_PARAM_STRING(_mac_do, rules, CTLFLAG_RW, MAC_RULE_STRING_LEN, +SYSCTL_JAIL_PARAM_STRING(_mac_do, rules, CTLFLAG_RW, MAX_RULE_STRING_SIZE, "Jail MAC/do rules"); static int mac_do_sysctl_exec_paths(SYSCTL_HANDLER_ARGS) { - char *const buf = malloc(EXEC_PATHS_MAXLEN, M_MAC_DO, M_WAITOK); + char *const buf = malloc(MAX_EXEC_PATHS_SIZE, M_MAC_DO, M_WAITOK); struct prison *const td_pr = req->td->td_ucred->cr_prison; struct prison *pr; struct conf *conf; @@ -1480,10 +1480,10 @@ mac_do_sysctl_exec_paths(SYSCTL_HANDLER_ARGS) int error; conf = find_conf(td_pr, &pr); - strlcpy(buf, conf->exec_paths.exec_paths_str, EXEC_PATHS_MAXLEN); + strlcpy(buf, conf->exec_paths.exec_paths_str, MAX_EXEC_PATHS_SIZE); prison_unlock(pr); - error = sysctl_handle_string(oidp, buf, EXEC_PATHS_MAXLEN, req); + error = sysctl_handle_string(oidp, buf, MAX_EXEC_PATHS_SIZE, req); if (error != 0 || req->newptr == NULL) goto out; @@ -1505,7 +1505,7 @@ SYSCTL_PROC(_security_mac_do, OID_AUTO, exec_paths, 0, 0, mac_do_sysctl_exec_paths, "A", "Colon-separated list of allowed executables"); -SYSCTL_JAIL_PARAM_STRING(_mac_do, exec_paths, CTLFLAG_RW, EXEC_PATHS_MAXLEN, +SYSCTL_JAIL_PARAM_STRING(_mac_do, exec_paths, CTLFLAG_RW, MAX_EXEC_PATHS_SIZE, "Jail MAC/do executable paths"); static int @@ -1570,7 +1570,7 @@ mac_do_jail_check(void *obj, void *data) { struct vfsoptlist *opts = data; char *rules_string, *exec_paths_string; - int error, jsys, rules_len = 0, exec_paths_len = 0; + int error, jsys, rules_size = 0, exec_paths_size = 0; bool has_rules, has_exec_paths; error = vfs_copyopt(opts, "mac.do", &jsys, sizeof(jsys)); @@ -1589,26 +1589,26 @@ mac_do_jail_check(void *obj, void *data) } /* - * We use vfs_getopt() below instead of vfs_getopts() to get the length. - * We perform the additional checks done by the latter here, even if - * jail_set() calls vfs_getopts() itself later (they becoming - * inconsistent wouldn't cause any security problem). + * We use vfs_getopt() below instead of vfs_getopts() to get the + * string's buffer size. We perform the additional checks done by the + * latter here, even if jail_set() calls vfs_getopts() itself later + * (they becoming inconsistent wouldn't cause any security problem). */ /* Rules. */ error = vfs_getopt(opts, "mac.do.rules", (void **)&rules_string, - &rules_len); + &rules_size); if (error == ENOENT) rules_string = NULL; else { if (error != 0) return (error); - if (rules_len == 0 || rules_string[rules_len - 1] != '\0') { + if (rules_size == 0 || rules_string[rules_size - 1] != '\0') { vfs_opterror(opts, "'mac.do.rules' not a proper string"); return (EINVAL); } - if (rules_len > MAC_RULE_STRING_LEN) { + if (rules_size > MAX_RULE_STRING_SIZE) { vfs_opterror(opts, "'mac.do.rules' too long"); return (ENAMETOOLONG); } @@ -1616,19 +1616,19 @@ mac_do_jail_check(void *obj, void *data) /* Executable paths. */ error = vfs_getopt(opts, "mac.do.exec_paths", - (void **)&exec_paths_string, &exec_paths_len); + (void **)&exec_paths_string, &exec_paths_size); if (error == ENOENT) exec_paths_string = NULL; else { if (error != 0) return (error); - if (exec_paths_len == 0 || - exec_paths_string[exec_paths_len - 1] != '\0') { + if (exec_paths_size == 0 || + exec_paths_string[exec_paths_size - 1] != '\0') { vfs_opterror(opts, "'mac.do.exec_paths' not a proper string"); return (EINVAL); } - if (exec_paths_len > EXEC_PATHS_MAXLEN) { + if (exec_paths_size > MAX_EXEC_PATHS_SIZE) { vfs_opterror(opts, "'mac.do.exec_paths' too long"); return (ENAMETOOLONG); }