[src/trunk]: src/sys Stick nice policy in its own subsystem and call the list...

[elad <elad%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/3fd8d9be2d46
branches:  trunk
changeset: 747828:3fd8d9be2d46
user:      elad <elad%NetBSD.org@localhost>
date:      Fri Oct 02 22:46:18 2009 +0000

description:
Stick nice policy in its own subsystem and call the listener "resource"
rather than "rlimit"...

diffstat:

 sys/kern/kern_resource.c            |  72 +++++++++++++++++++++++++-----------
 sys/secmodel/suser/secmodel_suser.c |  18 +-------
 2 files changed, 53 insertions(+), 37 deletions(-)

diffs (153 lines):

diff -r 857a75978d94 -r 3fd8d9be2d46 sys/kern/kern_resource.c
--- a/sys/kern/kern_resource.c  Fri Oct 02 22:38:45 2009 +0000
+++ b/sys/kern/kern_resource.c  Fri Oct 02 22:46:18 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_resource.c,v 1.153 2009/10/02 22:38:45 elad Exp $ */
+/*     $NetBSD: kern_resource.c,v 1.154 2009/10/02 22:46:18 elad Exp $ */
 
 /*-
  * Copyright (c) 1982, 1986, 1991, 1993
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_resource.c,v 1.153 2009/10/02 22:38:45 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_resource.c,v 1.154 2009/10/02 22:46:18 elad Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -69,38 +69,66 @@
 static pool_cache_t    plimit_cache;
 static pool_cache_t    pstats_cache;
 
-static kauth_listener_t        rlimit_listener;
+static kauth_listener_t        resource_listener;
 
 static int
-rlimit_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+resource_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
     void *arg0, void *arg1, void *arg2, void *arg3)
 {
        struct proc *p;
        int result;
-       enum kauth_process_req req;
 
        result = KAUTH_RESULT_DEFER;
        p = arg0;
-       req = (enum kauth_process_req)(unsigned long)arg1;
+
+       switch (action) {
+       case KAUTH_PROCESS_NICE:
+               if (kauth_cred_geteuid(cred) != kauth_cred_geteuid(p->p_cred) &&
+                    kauth_cred_getuid(cred) != kauth_cred_geteuid(p->p_cred)) {
+                        break;
+                }
+
+                if ((u_long)arg1 >= p->p_nice)
+                        result = KAUTH_RESULT_ALLOW;
 
-       if (action != KAUTH_PROCESS_RLIMIT)
-               return result;
+               break;
+
+       case KAUTH_PROCESS_RLIMIT: {
+               enum kauth_process_req req;
 
-       if (req == KAUTH_REQ_PROCESS_RLIMIT_SET) {
-               struct rlimit *new_rlimit;
-               u_long which;
+               req = (enum kauth_process_req)(unsigned long)arg1;
+
+               switch (req) {
+               case KAUTH_REQ_PROCESS_RLIMIT_GET:
+                       result = KAUTH_RESULT_ALLOW;
+                       break;
 
-               if ((p != curlwp->l_proc) &&
-                   (proc_uidmatch(cred, p->p_cred) != 0))
-                       return result;
+               case KAUTH_REQ_PROCESS_RLIMIT_SET: {
+                       struct rlimit *new_rlimit;
+                       u_long which;
+
+                       if ((p != curlwp->l_proc) &&
+                           (proc_uidmatch(cred, p->p_cred) != 0))
+                               break;
+
+                       new_rlimit = arg2;
+                       which = (u_long)arg3;
 
-               new_rlimit = arg2;
-               which = (u_long)arg3;
+                       if (new_rlimit->rlim_max <= p->p_rlimit[which].rlim_max)
+                               result = KAUTH_RESULT_ALLOW;
+
+                       break;
+                       }
 
-               if (new_rlimit->rlim_max <= p->p_rlimit[which].rlim_max)
-                       result = KAUTH_RESULT_ALLOW;
-       } else if (req == KAUTH_REQ_PROCESS_RLIMIT_GET) {
-               result = KAUTH_RESULT_ALLOW;
+               default:
+                       break;
+               }
+
+               break;
+       }
+
+       default:
+               break;
        }
 
        return result;
@@ -115,8 +143,8 @@
        pstats_cache = pool_cache_init(sizeof(struct pstats), 0, 0, 0,
            "pstatspl", NULL, IPL_NONE, NULL, NULL, NULL);
 
-       rlimit_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
-           rlimit_listener_cb, NULL);
+       resource_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+           resource_listener_cb, NULL);
 }
 
 /*
diff -r 857a75978d94 -r 3fd8d9be2d46 sys/secmodel/suser/secmodel_suser.c
--- a/sys/secmodel/suser/secmodel_suser.c       Fri Oct 02 22:38:45 2009 +0000
+++ b/sys/secmodel/suser/secmodel_suser.c       Fri Oct 02 22:46:18 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.6 2009/10/02 22:38:45 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.7 2009/10/02 22:46:18 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.6 2009/10/02 22:38:45 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.7 2009/10/02 22:46:18 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -645,19 +645,7 @@
                break;
 
        case KAUTH_PROCESS_NICE:
-               if (isroot) {
-                       result = KAUTH_RESULT_ALLOW;
-                       break;
-               }
-
-               if (kauth_cred_geteuid(cred) !=
-                   kauth_cred_geteuid(p->p_cred) &&
-                   kauth_cred_getuid(cred) !=
-                   kauth_cred_geteuid(p->p_cred)) {
-                       break;
-               }
-
-               if ((u_long)arg1 >= p->p_nice)
+               if (isroot)
                        result = KAUTH_RESULT_ALLOW;
 
                break;