mirror of
https://github.com/opnsense/src.git
synced 2026-06-05 14:54:21 -04:00
ae2ee5470d
The rules on 'prison0' are initialized in init(), now using
set_empty_rules().
Until the jail is destroyed, they can never be uninitialized by a call
to osd_jail_del(), since the only chain to call it is
mac_do_prison_set() -> remove_rules() -> osd_jail_del(), and
mac_do_prison_set() (method PR_METHOD_SET) can never be called on
'prison0'. This guarantees that find_rules() always find a valid
'rules' pointer to return.
There's no need to do anything special in destroy() for 'prison0', as
osd_jail_deregister() now takes care of it.
Reviewed by: bapt
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47603
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| audit | ||
| mac | ||
| mac_biba | ||
| mac_bsdextended | ||
| mac_ddb | ||
| mac_do | ||
| mac_ifoff | ||
| mac_ipacl | ||
| mac_lomac | ||
| mac_mls | ||
| mac_none | ||
| mac_ntpd | ||
| mac_partition | ||
| mac_pimd | ||
| mac_portacl | ||
| mac_priority | ||
| mac_seeotheruids | ||
| mac_stub | ||
| mac_test | ||
| mac_veriexec | ||
| mac_veriexec_parser | ||