Mercurial > illumos > illumos-gate

changeset 11569:4fc0a82e09f7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6918265 priv_debug is too noisy to allow enabling it by default even in DEBUG builds
author Casper H.S. Dik <Casper.Dik@Sun.COM>
date Thu, 21 Jan 2010 13:54:02 +0100
parents 73d521803f1a
children 7dac6be29184
files usr/src/uts/common/os/exec.c usr/src/uts/common/os/policy.c usr/src/uts/common/os/priv.c usr/src/uts/common/syscall/ppriv.c
diffstat 4 files changed, 11 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/uts/common/os/exec.c	Tue Jan 19 23:02:22 2010 -0800
+++ b/usr/src/uts/common/os/exec.c	Thu Jan 21 13:54:02 2010 +0100
@@ -732,7 +732,7 @@
 			curthread->t_cred = cred;
 			crfree(oldcred);
 
-			if (priv_debug && priv_basic_test >= 0 &&
+			if (priv_basic_test >= 0 &&
 			    !PRIV_ISASSERT(&CR_IPRIV(newcred),
 			    priv_basic_test)) {
 				pid_t pid = pp->p_pid;
--- a/usr/src/uts/common/os/policy.c	Tue Jan 19 23:02:22 2010 -0800
+++ b/usr/src/uts/common/os/policy.c	Thu Jan 21 13:54:02 2010 +0100
@@ -63,11 +63,7 @@
  */
 #define	MAXPRIVSTACK		6
 
-#ifdef DEBUG
-int priv_debug = 1;
-#else
 int priv_debug = 0;
-#endif
 int priv_basic_test = -1;
 
 /*
--- a/usr/src/uts/common/os/priv.c	Tue Jan 19 23:02:22 2010 -0800
+++ b/usr/src/uts/common/os/priv.c	Thu Jan 21 13:54:02 2010 +0100
@@ -82,6 +82,11 @@
 void
 priv_init(void)
 {
+#ifdef DEBUG
+	int alloc_test_priv = 1;
+#else
+	int alloc_test_priv = priv_debug;
+#endif
 	rw_init(&privinfo_lock, NULL, RW_DRIVER, NULL);
 
 	PRIV_BASIC_ASSERT(priv_basic);
@@ -89,10 +94,11 @@
 	priv_fillset(&priv_fullset);
 
 	/*
-	 * When booting with priv_debug set, then we'll add an additional
-	 * basic privilege and we verify that it is always present in E.
+	 * When booting with priv_debug set or in a DEBUG kernel, then we'll
+	 * add an additional basic privilege and we verify that it is always
+	 * present in E.
 	 */
-	if (priv_debug == 1 &&
+	if (alloc_test_priv != 0 &&
 	    (priv_basic_test = priv_getbyname("basic_test", PRIV_ALLOC)) >= 0) {
 		priv_addset(priv_basic, priv_basic_test);
 	}
--- a/usr/src/uts/common/syscall/ppriv.c	Tue Jan 19 23:02:22 2010 -0800
+++ b/usr/src/uts/common/syscall/ppriv.c	Thu Jan 21 13:54:02 2010 +0100
@@ -187,7 +187,7 @@
 	 * if that has happened, then some programmer typically set the E/P to
 	 * empty. That is not portable.
 	 */
-	if ((type == PRIV_EFFECTIVE || type == PRIV_PERMITTED) && priv_debug &&
+	if ((type == PRIV_EFFECTIVE || type == PRIV_PERMITTED) &&
 	    priv_basic_test >= 0 && !PRIV_ISASSERT(target, priv_basic_test)) {
 		proc_t *p = curproc;
 		pid_t pid = p->p_pid;