From 5bedb5e44757ba83dba9d618f5b951416cf44345 Mon Sep 17 00:00:00 2001 From: Olivier Certner Date: Wed, 29 Apr 2026 19:11:34 +0200 Subject: [PATCH] MAC/do: Comment to explain the main invariant for configurations Once visible, configuration structures must *never* change. Spell that out in a comment to help future readers/contributors understand the design. Reviewed by: bapt MFC after: 1 month Sponsored by: The FreeBSD Foundation Pull Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/38 --- sys/security/mac_do/mac_do.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 125054d1542..4e7a65ae2ca 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -210,6 +210,11 @@ struct exec_paths { int exec_path_count; }; +/* + * Once in use, i.e., being pointed to by a jail, a configuration structure MUST + * NEVER CHANGE (except for the 'use_count' field). This invariant is + * fundamental to correctness! + */ struct conf { struct rules rules; struct exec_paths exec_paths;