diff options
| author |   itojun <itojun@openbsd.org> | 2003-06-16 06:36:40 +0000 |
|---|---|---|
| committer | itojun <itojun@openbsd.org> | 2003-06-16 06:36:40 +0000 |
| commit | cd1e39b59e15fb65a1ae03ebde716ef9fc29dd7f (patch) | |
| tree | 3bb16ac32c4655e410047a9e0953f9c996c82c1e /sys/dev/systrace.c | |
| parent | add supported device; (diff) | |
| download | wireguard-openbsd-cd1e39b59e15fb65a1ae03ebde716ef9fc29dd7f.tar.xz wireguard-openbsd-cd1e39b59e15fb65a1ae03ebde716ef9fc29dd7f.zip | |
- limited number of processes per systrace
- escape fixes for special characters
markus, sturm ok. from provos
Diffstat (limited to 'sys/dev/systrace.c')
| -rw-r--r-- | sys/dev/systrace.c | 47 |
1 files changed, 43 insertions, 4 deletions
diff --git a/sys/dev/systrace.c b/sys/dev/systrace.c index 04cdb3dfa8e..d31b6914da3 100644 --- a/sys/dev/systrace.c +++ b/sys/dev/systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.c,v 1.29 2003/03/28 12:40:01 henning Exp $ */ +/* $OpenBSD: systrace.c,v 1.30 2003/06/16 06:36:40 itojun Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -139,6 +139,7 @@ void systrace_closepolicy(struct fsystrace *, struct str_policy *); int systrace_insert_process(struct fsystrace *, struct proc *); struct str_policy *systrace_newpolicy(struct fsystrace *, int); int systrace_msg_child(struct fsystrace *, struct str_process *, pid_t); +int systrace_msg_policyfree(struct fsystrace *, struct str_policy *); int systrace_msg_ask(struct fsystrace *, struct str_process *, int, size_t, register_t []); int systrace_msg_result(struct fsystrace *, struct str_process *, @@ -1374,8 +1375,23 @@ systrace_newpolicy(struct fsystrace *fst, int maxents) struct str_policy *pol; int i; - if (fst->npolicies > SYSTR_MAX_POLICIES && !fst->issuser) - return (NULL); + if (fst->npolicies > SYSTR_MAX_POLICIES && !fst->issuser) { + struct str_policy *tmp; + + /* Try to find a policy for freeing */ + TAILQ_FOREACH(tmp, &fst->policies, next) { + if (tmp->refcount == 1) + break; + } + + if (tmp == NULL) + return (NULL); + + /* Notify userland about freed policy */ + systrace_msg_policyfree(fst, tmp); + /* Free this policy */ + systrace_closepolicy(fst, tmp); + } pol = pool_get(&systr_policy_pl, PR_NOWAIT); if (pol == NULL) @@ -1490,7 +1506,7 @@ systrace_make_msg(struct str_process *strp, int type) while (1) { st = tsleep(strp, PWAIT | PCATCH, "systrmsg", 0); if (st != 0) - return (EINTR); + return (ERESTART); /* If we detach, then everything is permitted */ if ((strp = curproc->p_systrace) == NULL) return (0); @@ -1531,3 +1547,26 @@ systrace_msg_child(struct fsystrace *fst, struct str_process *strp, pid_t npid) return (0); } + +int +systrace_msg_policyfree(struct fsystrace *fst, struct str_policy *strpol) +{ + struct str_process *nstrp; + struct str_message *msg; + + nstrp = pool_get(&systr_proc_pl, PR_WAITOK); + memset(nstrp, 0, sizeof(struct str_process)); + + DPRINTF(("%s: free %d\n", __func__, strpol->nr)); + + msg = &nstrp->msg; + + msg->msg_type = SYSTR_MSG_POLICYFREE; + msg->msg_policy = strpol->nr; + + TAILQ_INSERT_TAIL(&fst->messages, nstrp, msg_next); + + systrace_wakeup(fst); + + return (0); +} |