cvs commit: src/sys/kern vfs_cache.c src/sys/security/audit audit_bsm_klib.c src/sys/sys vnode.h

Christian S.J. Peron csjp at FreeBSD.org
Thu Jul 31 16:59:12 UTC 2008


csjp        2008-07-31 16:57:41 UTC

  FreeBSD src repository

  Modified files:
    sys/kern             vfs_cache.c 
    sys/security/audit   audit_bsm_klib.c 
    sys/sys              vnode.h 
  Log:
  SVN rev 181060 on 2008-07-31 16:57:41Z by csjp
  
  Currently, BSM audit pathname token generation for chrooted or jailed
  processes are not producing absolute pathname tokens.  It is required
  that audited pathnames are generated relative to the global root mount
  point.  This modification changes our implementation of audit_canon_path(9)
  and introduces a new function: vn_fullpath_global(9) which performs a
  vnode -> pathname translation relative to the global mount point based
  on the contents of the name cache.  Much like vn_fullpath,
  vn_fullpath_global is a wrapper function which called vn_fullpath1.
  
  Further, the string parsing routines have been converted to use the
  sbuf(9) framework.  This change also removes the conditional acquisition
  of Giant, since the vn_fullpath1 method will not dip into file system
  dependent code.
  
  The vnode locking was modified to use vhold()/vdrop() instead the vref()
  and vrele().  This will modify the hold count instead of modifying the
  user count.  This makes more sense since it's the kernel that requires
  the reference to the vnode.  This also makes sure that the vnode does not
  get recycled we hold the reference to it. [1]
  
  Discussed with: rwatson
  Reviewed by:    kib [1]
  MFC after:      2 weeks
  
  Revision  Changes    Path
  1.122     +26 -0     src/sys/kern/vfs_cache.c
  1.17      +93 -55    src/sys/security/audit/audit_bsm_klib.c
  1.337     +2 -0      src/sys/sys/vnode.h


More information about the cvs-src mailing list