The branch main has been updated by olce:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=2b2c19b7f697cc88d4da3e8e13051139cd0a4f96

commit 2b2c19b7f697cc88d4da3e8e13051139cd0a4f96
Author:     Olivier Certner <o...@freebsd.org>
AuthorDate: 2024-07-03 15:00:43 +0000
Commit:     Olivier Certner <o...@freebsd.org>
CommitDate: 2024-12-16 14:42:36 +0000

    MAC/do: Re-order jail methods more logically, rename
    
    No functional change intended.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47606
---
 sys/security/mac_do/mac_do.c | 87 +++++++++++++++++++++++---------------------
 1 file changed, 45 insertions(+), 42 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 3327711fa9b9..78c05e9be260 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -337,40 +337,23 @@ SYSCTL_PROC(_security_mac_do, OID_AUTO, rules,
     0, 0, sysctl_rules, "A",
     "Rules");
 
-static int
-mac_do_prison_set(void *obj, void *data)
-{
-       struct prison *pr = obj;
-       struct vfsoptlist *opts = data;
-       char *rules_string;
-       int error, jsys, len;
-
-       error = vfs_copyopt(opts, "mdo", &jsys, sizeof(jsys));
-       if (error == ENOENT)
-               jsys = -1;
-       error = vfs_getopt(opts, "mdo.rules", (void **)&rules_string, &len);
-       if (error == ENOENT)
-               rules_string = "";
-       else
-               jsys = JAIL_SYS_NEW;
-       switch (jsys) {
-       case JAIL_SYS_INHERIT:
-               remove_rules(pr);
-               error = 0;
-               break;
-       case JAIL_SYS_NEW:
-               error = parse_and_set_rules(pr, rules_string);
-               break;
-       }
-       return (error);
-}
 
 SYSCTL_JAIL_PARAM_SYS_NODE(mdo, CTLFLAG_RW, "Jail MAC/do parameters");
 SYSCTL_JAIL_PARAM_STRING(_mdo, rules, CTLFLAG_RW, MAC_RULE_STRING_LEN,
     "Jail MAC/do rules");
 
+
 static int
-mac_do_prison_get(void *obj, void *data)
+mac_do_jail_create(void *obj, void *data __unused)
+{
+       struct prison *const pr = obj;
+
+       set_empty_rules(pr);
+       return (0);
+}
+
+static int
+mac_do_jail_get(void *obj, void *data)
 {
        struct prison *ppr, *pr = obj;
        struct vfsoptlist *opts = data;
@@ -391,16 +374,7 @@ done:
 }
 
 static int
-mac_do_prison_create(void *obj, void *data __unused)
-{
-       struct prison *const pr = obj;
-
-       set_empty_rules(pr);
-       return (0);
-}
-
-static int
-mac_do_prison_check(void *obj, void *data)
+mac_do_jail_check(void *obj, void *data)
 {
        struct vfsoptlist *opts = data;
        char *rules_string;
@@ -427,6 +401,34 @@ mac_do_prison_check(void *obj, void *data)
        return (error);
 }
 
+static int
+mac_do_jail_set(void *obj, void *data)
+{
+       struct prison *pr = obj;
+       struct vfsoptlist *opts = data;
+       char *rules_string;
+       int error, jsys, len;
+
+       error = vfs_copyopt(opts, "mdo", &jsys, sizeof(jsys));
+       if (error == ENOENT)
+               jsys = -1;
+       error = vfs_getopt(opts, "mdo.rules", (void **)&rules_string, &len);
+       if (error == ENOENT)
+               rules_string = "";
+       else
+               jsys = JAIL_SYS_NEW;
+       switch (jsys) {
+       case JAIL_SYS_INHERIT:
+               remove_rules(pr);
+               error = 0;
+               break;
+       case JAIL_SYS_NEW:
+               error = parse_and_set_rules(pr, rules_string);
+               break;
+       }
+       return (error);
+}
+
 /*
  * OSD jail methods.
  *
@@ -435,12 +437,13 @@ mac_do_prison_check(void *obj, void *data)
  * destructor.
  */
 static const osd_method_t osd_methods[PR_MAXMETHOD] = {
-       [PR_METHOD_CREATE] = mac_do_prison_create,
-       [PR_METHOD_GET] = mac_do_prison_get,
-       [PR_METHOD_SET] = mac_do_prison_set,
-       [PR_METHOD_CHECK] = mac_do_prison_check,
+       [PR_METHOD_CREATE] = mac_do_jail_create,
+       [PR_METHOD_GET] = mac_do_jail_get,
+       [PR_METHOD_CHECK] = mac_do_jail_check,
+       [PR_METHOD_SET] = mac_do_jail_set,
 };
 
+
 static void
 init(struct mac_policy_conf *mpc)
 {

Reply via email to