diff options
| author | Kyle Evans <kevans@FreeBSD.org> | 2026-02-14 04:19:18 +0000 |
|---|---|---|
| committer | Kyle Evans <kevans@FreeBSD.org> | 2026-02-14 04:20:52 +0000 |
| commit | 99e138f20a9bad8276e9ebbb1e155daadf201272 (patch) | |
| tree | b1b1ea3bed8c464730951a0769d5588240d67e11 /sys/security/mac | |
| parent | 07c4eb506be45a4b836665e14ad63034ef3d573a (diff) | |
Diffstat (limited to 'sys/security/mac')
| -rw-r--r-- | sys/security/mac/mac_policy.h | 3 | ||||
| -rw-r--r-- | sys/security/mac/mac_prison.c | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 0078138d472f..a080d8cc4b8b 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -436,6 +436,8 @@ typedef int (*mpo_prison_check_remove_t)(struct ucred *cred, struct prison *pr, struct label *prlabel); typedef void (*mpo_prison_created_t)(struct ucred *cred, struct prison *pr, struct label *prlabel); +typedef void (*mpo_prison_cleanup_t)(struct ucred *cred, + struct prison *pr); typedef void (*mpo_prison_attached_t)(struct ucred *cred, struct prison *pr, struct label *prlabel, struct proc *p, struct label *proclabel); @@ -909,6 +911,7 @@ struct mac_policy_ops { mpo_prison_check_set_t mpo_prison_check_set; mpo_prison_check_remove_t mpo_prison_check_remove; mpo_prison_created_t mpo_prison_created; + mpo_prison_cleanup_t mpo_prison_cleanup; mpo_prison_attached_t mpo_prison_attached; mpo_priv_check_t mpo_priv_check; diff --git a/sys/security/mac/mac_prison.c b/sys/security/mac/mac_prison.c index 68ffd7a3cda3..810160994f7b 100644 --- a/sys/security/mac/mac_prison.c +++ b/sys/security/mac/mac_prison.c @@ -94,6 +94,9 @@ void mac_prison_destroy(struct prison *pr) { mtx_assert(&pr->pr_mtx, MA_OWNED); + + /* Symmetry with prison_created */ + MAC_POLICY_PERFORM_NOSLEEP(prison_cleanup, curthread->td_ucred, pr); mac_prison_label_free(pr->pr_label); pr->pr_label = NULL; } |