Rewrite of revoke() system call available for testing - patch #2
dillon at apollo.backplane.com
Tue Mar 31 23:19:53 PDT 2009
I've rewritten the revoke() implementation. It is now able to
revoke any open file, not just devices. The root directory, current
directory, and jail root directory for a process cannot be revoked.
The patch needs testing:
The original revoke() was a horrible hack that basically blew away
the underlying vnode without giving the VFS much say in the matter,
and required a lot of code hacks to deal with the resulting mess.
The new revoke() actually replaces the open descriptors with a dummy
descriptor and close()s the revoked descriptors properly.
For testing purposes, opening up ssh, screen, and 'script' typescript
connections to/on the target machine helps exercise the controlling
<dillon at backplane.com>
More information about the Kernel