On Mon, 28 Sep 2009, John Baldwin wrote:
==============================================================================
--- head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Mon Sep 28 18:54:26 2009
(r197583)
+++ head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Mon Sep 28 18:55:29 2009
(r197584)
@@ -449,6 +449,8 @@ rpc_gss_svc_getcred(struct svc_req *req,
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid;
cr->cr_rgid = cr->cr_svgid = uc->gid;
crsetgroups(cr, uc->gidlen, uc->gidlist);
+ cr->cr_prison = &prison0;
+ prison_hold(cr->cr_prison);
*crp = crhold(cr);
return (TRUE);
FYI, it would be nice if prison_hold() returned a pointer to the prison as
you can then do what crhold() does above:
cr->cr_prison = prison_hold(&prison0);
I prefer combining the refcount and assignment into one step with the goal
of avoiding outright assignments that don't go via foo_hold() or fooref()
for refcounted objects.
In the long-term, explicit references to proc0, prison0, thread0, filedesc0,
... all make me rather nervous. I'd rather that all these things were linked
to either the credentials of the file system mount, the user thread, or
perhaps gssd in some cases. From the perspective if virtualization, the file
system mount credential seems the most likely candidate.
Robert
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
