CVS commit: src/sys

Fri, 02 Oct 2009 15:46:22 -0700 

Module Name:    src
Committed By:   elad
Date:           Fri Oct  2 22:46:18 UTC 2009

Modified Files:
        src/sys/kern: kern_resource.c
        src/sys/secmodel/suser: secmodel_suser.c

Log Message:
Stick nice policy in its own subsystem and call the listener "resource"
rather than "rlimit"...


To generate a diff of this commit:
cvs rdiff -u -r1.153 -r1.154 src/sys/kern/kern_resource.c
cvs rdiff -u -r1.6 -r1.7 src/sys/secmodel/suser/secmodel_suser.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/kern_resource.c
diff -u src/sys/kern/kern_resource.c:1.153 src/sys/kern/kern_resource.c:1.154
--- src/sys/kern/kern_resource.c:1.153	Fri Oct  2 22:38:45 2009
+++ src/sys/kern/kern_resource.c	Fri Oct  2 22:46:18 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_resource.c,v 1.153 2009/10/02 22:38:45 elad Exp $	*/
+/*	$NetBSD: kern_resource.c,v 1.154 2009/10/02 22:46:18 elad Exp $	*/
 
 /*-
  * Copyright (c) 1982, 1986, 1991, 1993
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_resource.c,v 1.153 2009/10/02 22:38:45 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_resource.c,v 1.154 2009/10/02 22:46:18 elad Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -69,38 +69,66 @@
 static pool_cache_t	plimit_cache;
 static pool_cache_t	pstats_cache;
 
-static kauth_listener_t	rlimit_listener;
+static kauth_listener_t	resource_listener;
 
 static int
-rlimit_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+resource_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
     void *arg0, void *arg1, void *arg2, void *arg3)
 {
 	struct proc *p;
 	int result;
-	enum kauth_process_req req;
 
 	result = KAUTH_RESULT_DEFER;
 	p = arg0;
-	req = (enum kauth_process_req)(unsigned long)arg1;
 
-	if (action != KAUTH_PROCESS_RLIMIT)
-		return result;
+	switch (action) {
+	case KAUTH_PROCESS_NICE:
+		if (kauth_cred_geteuid(cred) != kauth_cred_geteuid(p->p_cred) &&
+                    kauth_cred_getuid(cred) != kauth_cred_geteuid(p->p_cred)) {
+                        break;
+                }
 
-	if (req == KAUTH_REQ_PROCESS_RLIMIT_SET) {
-		struct rlimit *new_rlimit;
-		u_long which;
+                if ((u_long)arg1 >= p->p_nice)
+                        result = KAUTH_RESULT_ALLOW;
 
-		if ((p != curlwp->l_proc) &&
-		    (proc_uidmatch(cred, p->p_cred) != 0))
-			return result;
+		break;
+
+	case KAUTH_PROCESS_RLIMIT: {
+		enum kauth_process_req req;
 
-		new_rlimit = arg2;
-		which = (u_long)arg3;
+		req = (enum kauth_process_req)(unsigned long)arg1;
 
-		if (new_rlimit->rlim_max <= p->p_rlimit[which].rlim_max)
+		switch (req) {
+		case KAUTH_REQ_PROCESS_RLIMIT_GET:
 			result = KAUTH_RESULT_ALLOW;
-	} else if (req == KAUTH_REQ_PROCESS_RLIMIT_GET) {
-		result = KAUTH_RESULT_ALLOW;
+			break;
+
+		case KAUTH_REQ_PROCESS_RLIMIT_SET: {
+			struct rlimit *new_rlimit;
+			u_long which;
+
+			if ((p != curlwp->l_proc) &&
+			    (proc_uidmatch(cred, p->p_cred) != 0))
+				break;
+
+			new_rlimit = arg2;
+			which = (u_long)arg3;
+
+			if (new_rlimit->rlim_max <= p->p_rlimit[which].rlim_max)
+				result = KAUTH_RESULT_ALLOW;
+
+			break;
+			}
+
+		default:
+			break;
+		}
+
+		break;
+	}
+
+	default:
+		break;
 	}
 
 	return result;
@@ -115,8 +143,8 @@
 	pstats_cache = pool_cache_init(sizeof(struct pstats), 0, 0, 0,
 	    "pstatspl", NULL, IPL_NONE, NULL, NULL, NULL);
 
-	rlimit_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
-	    rlimit_listener_cb, NULL);
+	resource_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+	    resource_listener_cb, NULL);
 }
 
 /*

Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.6 src/sys/secmodel/suser/secmodel_suser.c:1.7
--- src/sys/secmodel/suser/secmodel_suser.c:1.6	Fri Oct  2 22:38:45 2009
+++ src/sys/secmodel/suser/secmodel_suser.c	Fri Oct  2 22:46:18 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.6 2009/10/02 22:38:45 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.7 2009/10/02 22:46:18 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.6 2009/10/02 22:38:45 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.7 2009/10/02 22:46:18 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -645,19 +645,7 @@
 		break;
 
 	case KAUTH_PROCESS_NICE:
-		if (isroot) {
-			result = KAUTH_RESULT_ALLOW;
-			break;
-		}
-
-		if (kauth_cred_geteuid(cred) !=
-		    kauth_cred_geteuid(p->p_cred) &&
-		    kauth_cred_getuid(cred) !=
-		    kauth_cred_geteuid(p->p_cred)) {
-			break;
-		}
-
-		if ((u_long)arg1 >= p->p_nice)
+		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 
 		break;

Reply via email to