Re: [patch 1/3] lsm: add bsdjail module

From: Andrew Morton
Date: Wed Oct 06 2004 - 18:37:07 EST

Next message: YOSHIFUJI Hideaki / 吉藤英明: "Re: UDP recvmsg blocks after select(), 2.6 bug?"
Previous message: Hanna Linder: "Re: [PATCH 2.6] [2/12] chrp_pci.c replace pci_find_device with pci_get_device"
In reply to: Serge Hallyn: "Re: [patch 1/3] lsm: add bsdjail module"
Next in thread: Serge E. Hallyn: "Re: [patch 1/3] lsm: add bsdjail module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Serge Hallyn <serue@xxxxxxxxxx> wrote:
>
>
> Attached is a patch against the security Kconfig and Makefile to support
> bsdjail, as well as the bsdjail.c file itself. bsdjail offers
> functionality similar to (but more limited than) the vserver patch.

I don't recall anyone requesting this feature. Tell me why we should add
it to Linux?

> +
> +#define in_use(x) (x->jail_flags & IN_USE)
> +#define set_in_use(x) (x->jail_flags |= IN_USE)
> +
> +#define got_network(x) (x->jail_flags & (GOT_IPV4 | GOT_IPV6))
> +#define got_ipv4(x) (x->jail_flags & (GOT_IPV4))
> +#define got_ipv6(x) (x->jail_flags & (GOT_IPV6))
> +#define set_ipv4(x) (x->jail_flags |= GOT_IPV4)
> +#define set_ipv6(x) (x->jail_flags |= GOT_IPV6)
> +#define unset_got_ipv4(x) (x->jail_flags &= ~GOT_IPV4)
> +#define unset_got_ipv6(x) (x->jail_flags &= ~GOT_IPV6)
> +#define get_task_security(task) (task->security)
> +#define get_inode_security(inode) (inode->i_security)
> +#define get_sock_security(sock) (sock->sk_security)
> +#define get_file_security(file) (file->f_security)
> +#define get_ipc_security(ipc) (ipc->security)
> +#define jail_of(proc) (get_task_security(proc))
> +

The above tricks may make the code easier to type, but I find they make the
code harder for others to read, and that's more important. We prefer to
open-code such things.

> + if (tsec->root_pathname)
> + kfree(tsec->root_pathname);
> + if (tsec->ip4_addr_name)
> + kfree(tsec->ip4_addr_name);
> + if (tsec->ip6_addr_name)
> + kfree(tsec->ip6_addr_name);

kfree(0) is permitted. Some people like to do the double test anyway but I
don't think it adds much here.

> + set_task_security(task,NULL);

whitespace nit: In some places you have spaces after the commas and in
others you do not.

> + kref_put(&tsec->kref, release_jail);

This is the preferred style.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: YOSHIFUJI Hideaki / 吉藤英明: "Re: UDP recvmsg blocks after select(), 2.6 bug?"
Previous message: Hanna Linder: "Re: [PATCH 2.6] [2/12] chrp_pci.c replace pci_find_device with pci_get_device"
In reply to: Serge Hallyn: "Re: [patch 1/3] lsm: add bsdjail module"
Next in thread: Serge E. Hallyn: "Re: [patch 1/3] lsm: add bsdjail module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]