diff options
| author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2003-06-16 06:36:41 +0000 |
|---|---|---|
| committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2003-06-16 06:36:41 +0000 |
| commit | f4fb20fba83a40f6cbc1953f195f979baeeb3740 (patch) | |
| tree | 1ded07d1d5e9e60694ee565e3120445083add775 /sys/dev | |
| parent | 9edeec56abbf5950aacf46d99f21ee8bc6c2fdfc (diff) | |
- limited number of processes per systrace
- escape fixes for special characters
markus, sturm ok. from provos
Diffstat (limited to 'sys/dev')
| -rw-r--r-- | sys/dev/systrace.c | 47 | ||||
| -rw-r--r-- | sys/dev/systrace.h | 16 |
2 files changed, 52 insertions, 11 deletions
diff --git a/sys/dev/systrace.c b/sys/dev/systrace.c index 04cdb3dfa8e..d31b6914da3 100644 --- a/sys/dev/systrace.c +++ b/sys/dev/systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.c,v 1.29 2003/03/28 12:40:01 henning Exp $ */ +/* $OpenBSD: systrace.c,v 1.30 2003/06/16 06:36:40 itojun Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -139,6 +139,7 @@ void systrace_closepolicy(struct fsystrace *, struct str_policy *); int systrace_insert_process(struct fsystrace *, struct proc *); struct str_policy *systrace_newpolicy(struct fsystrace *, int); int systrace_msg_child(struct fsystrace *, struct str_process *, pid_t); +int systrace_msg_policyfree(struct fsystrace *, struct str_policy *); int systrace_msg_ask(struct fsystrace *, struct str_process *, int, size_t, register_t []); int systrace_msg_result(struct fsystrace *, struct str_process *, @@ -1374,8 +1375,23 @@ systrace_newpolicy(struct fsystrace *fst, int maxents) struct str_policy *pol; int i; - if (fst->npolicies > SYSTR_MAX_POLICIES && !fst->issuser) - return (NULL); + if (fst->npolicies > SYSTR_MAX_POLICIES && !fst->issuser) { + struct str_policy *tmp; + + /* Try to find a policy for freeing */ + TAILQ_FOREACH(tmp, &fst->policies, next) { + if (tmp->refcount == 1) + break; + } + + if (tmp == NULL) + return (NULL); + + /* Notify userland about freed policy */ + systrace_msg_policyfree(fst, tmp); + /* Free this policy */ + systrace_closepolicy(fst, tmp); + } pol = pool_get(&systr_policy_pl, PR_NOWAIT); if (pol == NULL) @@ -1490,7 +1506,7 @@ systrace_make_msg(struct str_process *strp, int type) while (1) { st = tsleep(strp, PWAIT | PCATCH, "systrmsg", 0); if (st != 0) - return (EINTR); + return (ERESTART); /* If we detach, then everything is permitted */ if ((strp = curproc->p_systrace) == NULL) return (0); @@ -1531,3 +1547,26 @@ systrace_msg_child(struct fsystrace *fst, struct str_process *strp, pid_t npid) return (0); } + +int +systrace_msg_policyfree(struct fsystrace *fst, struct str_policy *strpol) +{ + struct str_process *nstrp; + struct str_message *msg; + + nstrp = pool_get(&systr_proc_pl, PR_WAITOK); + memset(nstrp, 0, sizeof(struct str_process)); + + DPRINTF(("%s: free %d\n", __func__, strpol->nr)); + + msg = &nstrp->msg; + + msg->msg_type = SYSTR_MSG_POLICYFREE; + msg->msg_policy = strpol->nr; + + TAILQ_INSERT_TAIL(&fst->messages, nstrp, msg_next); + + systrace_wakeup(fst); + + return (0); +} diff --git a/sys/dev/systrace.h b/sys/dev/systrace.h index ddafb5d9947..fafc68721a0 100644 --- a/sys/dev/systrace.h +++ b/sys/dev/systrace.h @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.h,v 1.13 2003/03/28 11:52:05 mickey Exp $ */ +/* $OpenBSD: systrace.h,v 1.14 2003/06/16 06:36:40 itojun Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -62,14 +62,16 @@ struct str_msg_child { pid_t new_pid; }; -#define SYSTR_MSG_ASK 1 -#define SYSTR_MSG_RES 2 -#define SYSTR_MSG_EMUL 3 -#define SYSTR_MSG_CHILD 4 -#define SYSTR_MSG_UGID 5 +#define SYSTR_MSG_ASK 1 +#define SYSTR_MSG_RES 2 +#define SYSTR_MSG_EMUL 3 +#define SYSTR_MSG_CHILD 4 +#define SYSTR_MSG_UGID 5 +#define SYSTR_MSG_POLICYFREE 6 #define SYSTR_MSG_NOPROCESS(x) \ - ((x)->msg.msg_type == SYSTR_MSG_CHILD) + ((x)->msg.msg_type == SYSTR_MSG_CHILD || \ + (x)->msg.msg_type == SYSTR_MSG_POLICYFREE) struct str_message { int msg_type; |