On 7/19/2022 10:26 AM, Konstantin Belousov wrote:
On Mon, Jul 18, 2022 at 10:06:57PM +0000, Allan Jude wrote:
The branch main has been updated by allanjude:
URL:
https://cgit.FreeBSD.org/src/commit/?id=4e2121c10afc3d9273368eae776fe31d0c68ba6a
commit 4e2121c10afc3d9273368eae776fe31d0c68ba6a
Author: Mitchell Horne <mho...@freebsd.org>
AuthorDate: 2022-07-18 21:25:00 +0000
Commit: Allan Jude <allanj...@freebsd.org>
CommitDate: 2022-07-18 22:06:22 +0000
mac_ddb: add some validation functions
These global objects are easy to validate, so provide the helper
functions to do so and include these commands in the allow lists.
Reviewed by: markj
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35372
---
sys/security/mac_ddb/mac_ddb.c | 101 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 101 insertions(+)
+static int
+db_show_vnet_valid(db_expr_t addr, bool have_addr, db_expr_t count, char
*modif)
+{
+ VNET_ITERATOR_DECL(vnet);
+
+ if (!have_addr)
+ return (0);
+
+ VNET_FOREACH(vnet) {
+ if ((void *)vnet == (void *)addr)
+ return (0);
+ }
+
+ return (EACCES);
+}
This seems to break non-VNET builds:
/usr/home/kostik/work/DEV/src/sys/security/mac_ddb/mac_ddb.c:200:15: error: use
of undeclared identifier 'vnet'; did you mean 'int'?
if ((void *)vnet == (void *)addr)
^~~~
int
/usr/home/kostik/work/DEV/src/sys/security/mac_ddb/mac_ddb.c:200:15: error:
expected expression
2 errors generated.
--- mac_ddb.o ---
*** [mac_ddb.o] Error code 1
I reached out to Mitchell, but he hasn't gotten back to me yet (he is on
vacation), so I've committed a fix.
--
Allan Jude
