diff options
| author | Konstantin Belousov <kib@FreeBSD.org> | 2022-07-18 16:39:17 +0000 |
|---|---|---|
| committer | Konstantin Belousov <kib@FreeBSD.org> | 2022-08-02 18:11:09 +0000 |
| commit | c6d31b8306eb708441c61c33bcf886ecad268a16 (patch) | |
| tree | 3e61512a31b669d0e150722644eed72dd95516f5 /sys/security | |
| parent | 4a5ec55af6d0bfa659f67483e346d55f90ba0856 (diff) | |
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index c017b481c7fa..5efcfe385cd5 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -532,9 +532,7 @@ maybe_demote(struct mac_lomac *subjlabel, struct mac_lomac *objlabel, subj->mac_lomac.ml_rangelow = objlabel->ml_single; subj->mac_lomac.ml_rangehigh = objlabel->ml_single; subj->mac_lomac.ml_flags |= MAC_LOMAC_FLAG_UPDATE; - thread_lock(curthread); - curthread->td_flags |= TDF_ASTPENDING | TDF_MACPEND; - thread_unlock(curthread); + ast_sched(curthread, TDA_MAC); /* * Avoid memory allocation while holding a mutex; cache the label. @@ -594,13 +592,25 @@ try_relabel(struct mac_lomac *from, struct mac_lomac *to) } } +static void +ast_mac(struct thread *td, int tda __unused) +{ + mac_thread_userret(td); +} + /* * Policy module operations. */ static void -lomac_init(struct mac_policy_conf *conf) +lomac_init(struct mac_policy_conf *conf __unused) { + ast_register(TDA_MAC, ASTR_ASTF_REQUIRED, 0, ast_mac); +} +static void +lomac_fini(struct mac_policy_conf *conf __unused) +{ + ast_deregister(TDA_MAC); } /* @@ -2898,6 +2908,7 @@ lomac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, static struct mac_policy_ops lomac_ops = { .mpo_init = lomac_init, + .mpo_destroy = lomac_fini, .mpo_bpfdesc_check_receive = lomac_bpfdesc_check_receive, .mpo_bpfdesc_create = lomac_bpfdesc_create, |