From nobody Mon Jun 29 19:25:34 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gpx7z3Fhpz6jjNK for ; Mon, 29 Jun 2026 19:25:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "YR1" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gpx7y6CRxz3ypS for ; Mon, 29 Jun 2026 19:25:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1782761134; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Zf3gwQqAsLCZlgonyy6rriuP+8hBpuCDK83vN8j11IQ=; b=pDw28E9sdM6NdvhE/P7a2Nu0IhDwr8w2VITYhCKWz6nLX1R3CsXlStZ0+lJ/8vpW4EP4I4 73I6EOAV3LWWQ6f5kwTTiCeoqaXZEYVaR+8Hv1NH1fJbUPecWrfCed8uD4qU21e9wk0LG0 jG177lDFzIJMZvjGHXnoi2P2YTxIgPH82+Rke/P605snQJ10NBbkp71Rhok3vPE99qSthw ZLz8MVHpHYSWQM2jeUn6m6CKOXj0H8B0LQD3CpcBcAKtFw8cWDxFd393ClN+c+so8Gbfoa IBUbzBHTpDAAMkdkVRlSg9fpiqcGOCDGZxTTqICvy6ItIlh2VZdh2wEdF7uHkQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1782761134; a=rsa-sha256; cv=none; b=okCD3xUCHSS0q1OWUGCz8J8+9Ym/UqPGhEgk0T5X2IFqAisD744DRahT6wB8tftpcBglaF LuMfuYFEJ1Wy40sdoR+D/X9vlsEovyOcSmcuIF1FYdtiVU9vogxq08LbGYSi7dQ5PVt2cz DuUONTGjDmeKBPLUaYdLIYox2WGk1cDUhgvW8nHgeYs166wVshla84jAK97TofeH70VbCu OLzonFQoXGaYjVB3w9jJLD2hhiyCSpajLBdM9r3ajXfYPYc5KGGoanflTO0XucheNbldv1 YSip6P337tMfBMZ/mc9RHKLKRl/hlVbV/gu2qAm6G5oUHrLHkGV29tOhvpMkNg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1782761134; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Zf3gwQqAsLCZlgonyy6rriuP+8hBpuCDK83vN8j11IQ=; b=JX5urZEnTX4JI7+klq7hP4dxcUOnGzc63vCTqNrCu17ehGf/Ub5tD1NRIUUwnJjz4m2z4z s6umdvfhPPXwLmBTRS2XHkp430/2YaHn1aKXCzWwBM1l1tIlGY//SwWqRI9KJ/zaeELZ1I frDuD4OguwvyRmxFY6EhkF9PgSqGpNi2kTjlXLP1lhksSVRDO7A4BwakM+jVdFX5XU5LIW ELEjAXq0EfYHkgiuVILAzlg+/ZwozykCsbuPVgvi17QZvM6cR861Z1Dt63Ek3/ZPeRVB2o C3GvVecZCfHDpbWAbuUe9AOoaqrXuOrFIJJjpsP2+MJJoT/HxnnzUOmPs+MOPg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gpx7y5B4Mz19Kw for ; Mon, 29 Jun 2026 19:25:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 22a95 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 29 Jun 2026 19:25:34 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 0ced25378ba9 - stable/15 - MAC/do: Make it style(9) compliant again List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 0ced25378ba98c597c5c7bf2f6411dbd3198351f Auto-Submitted: auto-generated Date: Mon, 29 Jun 2026 19:25:34 +0000 Message-Id: <6a42c6ae.22a95.669daea8@gitrepo.freebsd.org> The branch stable/15 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=0ced25378ba98c597c5c7bf2f6411dbd3198351f commit 0ced25378ba98c597c5c7bf2f6411dbd3198351f Author: Olivier Certner AuthorDate: 2026-03-23 11:45:17 +0000 Commit: Olivier Certner CommitDate: 2026-06-29 19:23:37 +0000 MAC/do: Make it style(9) compliant again Fix too long lines, declarations not at head of block, improper indentation and superfluous whitespace coming from the previous commit introducing the configurable executable paths feature. While here, fix some older improper comment formatting. Reviewed by: bapt Fixes: 6c3def74e2de ("MAC/do: Support multiple users and groups as single rule's targets") Fixes: 9818224174c4 ("MAC/do: Executable paths feature (GSoC 2025's final state)") MFC after: 1 month Sponsored by: The FreeBSD Foundation Pull Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/38 (cherry picked from commit f93cd891aefd839da869dcdb450d00050d5e701e) --- sys/security/mac_do/mac_do.c | 166 +++++++++++++++++++++++++------------------ 1 file changed, 96 insertions(+), 70 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index c24e14d7937b..c9fb7fc8774b 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -129,11 +129,15 @@ typedef uint16_t flags_t; #define MDF_MAY_REJ_SUPP (1u << 11) /* (t,gid) Some explicit ID (not MDF_CURRENT) has MDF_SUPP_MUST. */ #define MDF_EXPLICIT_SUPP_MUST (1u << 12) -/* (t,gid) Whether any target clause is about primary groups. Used during - * parsing only. */ +/* + * (t,gid) Whether any target clause is about primary groups. Used during + * parsing only. + */ #define MDF_HAS_PRIMARY_CLAUSE (1u << 13) -/* (t,gid) Whether any target clause is about supplementary groups. Used during - * parsing only. */ +/* + * (t,gid) Whether any target clause is about supplementary groups. Used during + * parsing only. + */ #define MDF_HAS_SUPP_CLAUSE (1u << 14) #define MDF_TYPE_GID_MASK (MDF_ANY_SUPP | MDF_MAY_REJ_SUPP | \ MDF_EXPLICIT_SUPP_MUST | MDF_HAS_PRIMARY_CLAUSE | MDF_HAS_SUPP_CLAUSE) @@ -238,7 +242,7 @@ check_type_and_id_flags(const id_type_t type, const flags_t flags) } break; default: - __assert_unreachable(); + __assert_unreachable(); } return; @@ -361,7 +365,8 @@ init_exec_paths(struct exec_paths *const exec_paths) static struct conf * alloc_conf(void) { - struct conf *const conf = malloc(sizeof(*conf), M_MAC_DO, M_WAITOK | M_ZERO); + struct conf *const conf = malloc(sizeof(*conf), M_MAC_DO, M_WAITOK | + M_ZERO); init_rules(&conf->rules); init_exec_paths(&conf->exec_paths); @@ -465,7 +470,8 @@ static void make_parse_error(struct parse_error **const parse_error, const size_t pos, const char *const fmt, ...) { - struct parse_error *const err = malloc(sizeof(*err), M_MAC_DO, M_WAITOK); + struct parse_error *const err = malloc(sizeof(*err), M_MAC_DO, + M_WAITOK); va_list ap; err->pos = pos; @@ -1081,7 +1087,7 @@ out: static int parse_exec_paths(const char *const string, struct exec_paths *const exec_paths, - struct parse_error **const parse_error) + struct parse_error **const parse_error) { const size_t len = strlen(string); char *copy, *p, *path; @@ -1091,8 +1097,8 @@ parse_exec_paths(const char *const string, struct exec_paths *const exec_paths, if (len >= EXEC_PATHS_MAXLEN) { make_parse_error(parse_error, 0, - "Exec path specification string is too long (%zu, max %u)", - len, EXEC_PATHS_MAXLEN - 1); + "Exec path specification string is too long (%zu, max %u)", + len, EXEC_PATHS_MAXLEN - 1); return (ENAMETOOLONG); } @@ -1105,26 +1111,30 @@ parse_exec_paths(const char *const string, struct exec_paths *const exec_paths, p = copy; while ((path = strsep_noblanks(&p, ":")) != NULL) { + size_t path_len; + if (*path == '\0') continue; if (exec_paths->exec_path_count >= MAX_EXEC_PATHS) { make_parse_error(parse_error, path - copy, - "Too many exec paths specified (max %d)", MAX_EXEC_PATHS); + "Too many exec paths specified (max %d)", + MAX_EXEC_PATHS); error = EINVAL; goto out; } - const size_t path_len = strlen(path); + path_len = strlen(path); if (path_len >= PATH_MAX) { make_parse_error(parse_error, path - copy, - "Exec paths too long (%zu, max %u)", - path_len, PATH_MAX - 1); + "Exec paths too long (%zu, max %u)", + path_len, PATH_MAX - 1); error = ENAMETOOLONG; goto out; } - strlcpy(exec_paths->exec_paths[exec_paths->exec_path_count], path, PATH_MAX); + strlcpy(exec_paths->exec_paths[exec_paths->exec_path_count], + path, PATH_MAX); exec_paths->exec_path_count++; } @@ -1289,7 +1299,8 @@ set_default_conf(struct prison *const pr) { struct conf *const conf = alloc_conf(); - strlcpy(conf->exec_paths.exec_paths_str, "/usr/bin/mdo", EXEC_PATHS_MAXLEN); + strlcpy(conf->exec_paths.exec_paths_str, "/usr/bin/mdo", + EXEC_PATHS_MAXLEN); strlcpy(conf->exec_paths.exec_paths[0], "/usr/bin/mdo", PATH_MAX); conf->exec_paths.exec_path_count = 1; @@ -1312,19 +1323,20 @@ clone_rules(struct rules *dst, struct rules *const src) STAILQ_INIT(&dst->head); STAILQ_FOREACH(src_rule, &src->head, r_entries) { - dst_rule = malloc(sizeof(*dst_rule), M_MAC_DO, M_WAITOK | M_ZERO); + dst_rule = malloc(sizeof(*dst_rule), M_MAC_DO, M_WAITOK | + M_ZERO); bcopy(src_rule, dst_rule, sizeof(*dst_rule)); if (src_rule->uids_nb > 0) { - dst_rule->uids = malloc(sizeof(*dst_rule->uids) * src_rule->uids_nb, - M_MAC_DO, M_WAITOK); + dst_rule->uids = malloc(sizeof(*dst_rule->uids) * + src_rule->uids_nb, M_MAC_DO, M_WAITOK); bcopy(src_rule->uids, dst_rule->uids, sizeof(*dst_rule->uids) * src_rule->uids_nb); } if (src_rule->gids_nb > 0) { - dst_rule->gids = malloc(sizeof(*dst_rule->gids) * src_rule->gids_nb, - M_MAC_DO, M_WAITOK); + dst_rule->gids = malloc(sizeof(*dst_rule->gids) * + src_rule->gids_nb, M_MAC_DO, M_WAITOK); bcopy(src_rule->gids, dst_rule->gids, sizeof(*dst_rule->gids) * src_rule->gids_nb); } @@ -1338,18 +1350,17 @@ clone_exec_paths(struct exec_paths *dst, struct exec_paths *const src) { bzero(dst, sizeof(*dst)); dst->exec_path_count = src->exec_path_count; - for (int i = 0; i < src->exec_path_count; i++) { + for (int i = 0; i < src->exec_path_count; i++) strlcpy(dst->exec_paths[i], src->exec_paths[i], - sizeof(dst->exec_paths[i])); - } + sizeof(dst->exec_paths[i])); strlcpy(dst->exec_paths_str, src->exec_paths_str, - sizeof(dst->exec_paths_str)); + sizeof(dst->exec_paths_str)); } -static int -parse_and_set_conf(struct prison *pr, const char *rules_string, - const char *exec_paths_string, struct parse_error **parse_error) +static int +parse_and_set_conf(struct prison *pr, const char *rules_string, + const char *exec_paths_string, struct parse_error **parse_error) { struct prison *ppr = NULL; struct conf *applicable_conf = NULL; @@ -1360,7 +1371,7 @@ parse_and_set_conf(struct prison *pr, const char *rules_string, *parse_error = NULL; need_applicable_conf = (rules_string == NULL || rules_string[0] == '\0' || - exec_paths_string == NULL || exec_paths_string[0] == '\0'); + exec_paths_string == NULL || exec_paths_string[0] == '\0'); if (need_applicable_conf) { applicable_conf = find_conf(pr, &ppr); @@ -1379,11 +1390,13 @@ parse_and_set_conf(struct prison *pr, const char *rules_string, clone_rules(&conf->rules, &applicable_conf->rules); if (exec_paths_string != NULL && exec_paths_string[0] != '\0') { - error = parse_exec_paths(exec_paths_string, &conf->exec_paths, parse_error); + error = parse_exec_paths(exec_paths_string, &conf->exec_paths, + parse_error); if (error != 0) goto out; } else if (applicable_conf != NULL) - clone_exec_paths(&conf->exec_paths, &applicable_conf->exec_paths); + clone_exec_paths(&conf->exec_paths, + &applicable_conf->exec_paths); set_conf(pr, conf); @@ -1470,12 +1483,12 @@ out: } SYSCTL_PROC(_security_mac_do, OID_AUTO, exec_paths, - CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE, - 0, 0, mac_do_sysctl_exec_paths, "A", - "Colon-separated list of allowed executables"); + CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE, + 0, 0, mac_do_sysctl_exec_paths, "A", + "Colon-separated list of allowed executables"); -SYSCTL_JAIL_PARAM_STRING(_mac_do, exec_paths, CTLFLAG_RW, EXEC_PATHS_MAXLEN, - "Jail MAC/do executable paths"); +SYSCTL_JAIL_PARAM_STRING(_mac_do, exec_paths, CTLFLAG_RW, EXEC_PATHS_MAXLEN, + "Jail MAC/do executable paths"); static int mac_do_jail_create(void *obj, void *data) @@ -1512,7 +1525,8 @@ mac_do_jail_get(void *obj, void *data) if (error != 0 && error != ENOENT) goto done; - error = vfs_setopts(opts, "mac.do.exec_paths", exec_paths->exec_paths_str); + error = vfs_setopts(opts, "mac.do.exec_paths", + exec_paths->exec_paths_str); if (error != 0 && error != ENOENT) goto done; @@ -1533,7 +1547,6 @@ _Static_assert(-1 != JAIL_SYS_DISABLE && -1 != JAIL_SYS_NEW && * We perform only cheap checks here, i.e., we do not really parse the rules * specification string, if any. */ - static int mac_do_jail_check(void *obj, void *data) { @@ -1560,14 +1573,17 @@ mac_do_jail_check(void *obj, void *data) * jail_set() calls vfs_getopts() itself later (they becoming * inconsistent wouldn't cause any security problem). */ - error = vfs_getopt(opts, "mac.do.rules", (void **)&rules_string, &rules_len); + + error = vfs_getopt(opts, "mac.do.rules", (void **)&rules_string, + &rules_len); if (error == ENOENT) rules_string = NULL; else { if (error != 0) return (error); if (rules_len == 0 || rules_string[rules_len - 1] != '\0') { - vfs_opterror(opts, "'mac.do.rules' not a proper string"); + vfs_opterror(opts, + "'mac.do.rules' not a proper string"); return (EINVAL); } if (rules_len > MAC_RULE_STRING_LEN) { @@ -1577,14 +1593,17 @@ mac_do_jail_check(void *obj, void *data) } /* Handle 'exec_paths' input */ - error = vfs_getopt(opts, "mac.do.exec_paths", (void **)&exec_paths_string, &exec_paths_len); + error = vfs_getopt(opts, "mac.do.exec_paths", + (void **)&exec_paths_string, &exec_paths_len); if (error == ENOENT) exec_paths_string = NULL; else { if (error != 0) return (error); - if (exec_paths_len == 0 || exec_paths_string[exec_paths_len - 1] != '\0') { - vfs_opterror(opts, "'mac.do.exec_paths' not a proper string"); + if (exec_paths_len == 0 || + exec_paths_string[exec_paths_len - 1] != '\0') { + vfs_opterror(opts, + "'mac.do.exec_paths' not a proper string"); return (EINVAL); } if (exec_paths_len > EXEC_PATHS_MAXLEN) { @@ -1594,12 +1613,13 @@ mac_do_jail_check(void *obj, void *data) } /* - * Be liberal, considering that an empty rule or exec paths specification - * is equivalent to no specification. - * This affects the JAIL_SYS_DISABLE and JAIL_SYS_INHERIT sanity checks below. + * Be liberal, considering that an empty rule or exec paths + * specification is equivalent to no specification. This affects the + * JAIL_SYS_DISABLE and JAIL_SYS_INHERIT sanity checks below. */ - has_rules = rules_string && rules_string[0] != '\0'; - has_exec_paths = exec_paths_string && exec_paths_string[0] != '\0'; + has_rules = rules_string != NULL && rules_string[0] != '\0'; + has_exec_paths = exec_paths_string != NULL && + exec_paths_string[0] != '\0'; /* Infer 'jsys' if needed */ if (jsys == -1) { @@ -1614,18 +1634,23 @@ mac_do_jail_check(void *obj, void *data) case JAIL_SYS_DISABLE: case JAIL_SYS_INHERIT: if (has_rules) { - vfs_opterror(opts, "'mac.do.rules' specified but should not be when mac.do is disabled or inherited"); + vfs_opterror(opts, + "'mac.do.rules' specified but should not be when " + "'mac.do' is 'disabled' or 'inherited'"); return (EINVAL); } if (has_exec_paths) { - vfs_opterror(opts, "'mac.do.exec_paths' specified but should not be when mac.do is disabled or inherited"); + vfs_opterror(opts, + "'mac.do.exec_paths' specified but should not be " + "when 'mac.do' is 'disabled' or 'inherited'"); return (EINVAL); } break; case JAIL_SYS_NEW: if (!has_rules && !has_exec_paths) { - vfs_opterror(opts, "mac.do set to 'new' but neither rules nor exec_paths specified"); + vfs_opterror(opts, "'mac.do' set to 'new' but neither " + "rules nor executable paths specified"); return (EINVAL); } /* Allow: rules only, exec_paths only (though exec_paths only is discouraged), or both */ @@ -1663,8 +1688,9 @@ mac_do_jail_set(void *obj, void *data) exec_paths_string = vfs_getopts(opts, "mac.do.exec_paths", &error); MPASS(error == 0 || error == ENOENT); - has_rules = (rules_string != NULL && rules_string[0] != '\0'); - has_exec_paths = (exec_paths_string != NULL && exec_paths_string[0] != '\0'); + has_rules = rules_string != NULL && rules_string[0] != '\0'; + has_exec_paths = exec_paths_string != NULL && + exec_paths_string[0] != '\0'; if (jsys == -1) { if (has_rules || has_exec_paths) @@ -1685,14 +1711,15 @@ mac_do_jail_set(void *obj, void *data) case JAIL_SYS_NEW: error = parse_and_set_conf(pr, - has_rules ? rules_string : NULL, - has_exec_paths ? exec_paths_string : NULL, - &parse_error); + has_rules ? rules_string : NULL, + has_exec_paths ? exec_paths_string : NULL, + &parse_error); if (error != 0) { if (parse_error != NULL) { - vfs_opterror(opts, "MAC/do: Parse error at index %zu: %s\n", - parse_error->pos, parse_error->msg); + vfs_opterror(opts, + "MAC/do: Parse error at index %zu: %s\n", + parse_error->pos, parse_error->msg); free_parse_error(parse_error); } @@ -1739,8 +1766,8 @@ struct mac_do_data_header { * indicates this header is uninitialized. */ int priv; - /* Rules to apply. */ - struct conf *conf; + /* The configuration that applies. */ + struct conf *conf; }; /* @@ -2235,7 +2262,11 @@ static int check_proc(void) { char *path, *to_free; - int error = EPERM; + struct conf *conf; + struct exec_paths *exec_paths; + struct prison *td_pr; + struct prison *pr; + int error; /* * Only grant privileges if requested by the right executable. @@ -2258,22 +2289,17 @@ check_proc(void) if (vn_fullpath_jail(curproc->p_textvp, &path, &to_free) != 0) return (EPERM); - struct conf *conf; - struct exec_paths *exec_paths; - struct prison *td_pr = curproc->p_ucred->cr_prison; - struct prison *pr; + error = EPERM; + td_pr = curproc->p_ucred->cr_prison; conf = find_conf(td_pr, &pr); exec_paths = &conf->exec_paths; - if (exec_paths->exec_path_count > 0) { - for (int i = 0; i < exec_paths->exec_path_count; i++) { + if (exec_paths->exec_path_count > 0) + for (int i = 0; i < exec_paths->exec_path_count; i++) if (strcmp(exec_paths->exec_paths[i], path) == 0) { error = 0; break; } - } - - } prison_unlock(pr);