MAC/do: Comment to explain the main invariant for configurations

Once visible, configuration structures must *never* change.

Spell that out in a comment to help future readers/contributors
understand the design.

Reviewed by:    bapt
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
This commit is contained in:
Olivier Certner
2026-04-29 19:11:34 +02:00
parent 31ef4ee2e3
commit 5bedb5e447
+5
View File
@@ -210,6 +210,11 @@ struct exec_paths {
int exec_path_count;
};
/*
* Once in use, i.e., being pointed to by a jail, a configuration structure MUST
* NEVER CHANGE (except for the 'use_count' field). This invariant is
* fundamental to correctness!
*/
struct conf {
struct rules rules;
struct exec_paths exec_paths;