The following reply was made to PR kern/89528; it has been noted by GNATS.
From: Bjoern A. Zeeb b...@freebsd.org
To: bug-follo...@freebsd.org
Cc:
Subject: Re: kern/89528: [jail] [patch] impossible to kill a jail
Date: Sat, 10 Jan 2009 21:11:01 + (UTC)
Before I am going to look it up another few times, this is the commit
referenced by Andrew Thompson at Fri, 7 Dec 2007 20:21:09 +1300.
Can also be looked up as SVN r174280 these days.
--
Bjoern A. Zeeb The greatest risk is not taking one.
-- Forwarded message --
Date: Wed, 5 Dec 2007 01:22:03 + (UTC)
From: Andrew Thompson thom...@freebsd.org
To: src-committ...@freebsd.org, cvs-...@freebsd.org, cvs-...@freebsd.org
Subject: cvs commit: src/sys/kern kern_conf.c
thompsa 2007-12-05 01:22:03 UTC
FreeBSD src repository
Modified files:
sys/kern kern_conf.c
Log:
Apply a workaround for the unkillable jail problem where some devices
created
within the jail are never freed. si_cred is only used by the MAC framework
so
make the cred reference conditional on it being compiled in, this is not a
fix
and will need to be reviewed for any new consumers of si_cred.
This will quell some user complaint when using jails with a default kernel.
Reviewed by:rwatson
MFC after: 3 days
Revision ChangesPath
1.209 +2 -0 src/sys/kern/kern_conf.c
Index: sys/kern/kern_conf.c
===
--- sys/kern/kern_conf.c(revision 174279)
+++ sys/kern/kern_conf.c(revision 174280)
@@ -608,9 +608,11 @@ make_dev_credv(int flags, struct cdevsw *devsw,
in
}
dev-si_flags |= SI_NAMED;
+#ifdef MAC
if (cr != NULL)
dev-si_cred = crhold(cr);
else
+#endif
dev-si_cred = NULL;
dev-si_uid = uid;
dev-si_gid = gid;
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org