From bd8a9c45aadccdf20e8889bc72fa8fe70fea56e6 Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Thu, 28 Dec 2006 22:02:59 +0000
Subject: [PATCH] Remove XXX comments about EA transaction support and provide
 a more general and detailed comment on the topic of EA transactions and
 kernel warnings.

Obtained from:	TrustedBSD Project
---
 sys/security/mac/mac_vfs.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index c026aa88f2b..038ac80e1ef 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -268,6 +268,15 @@ mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp)
 	    vp->v_label);
 }
 
+/*
+ * Functions implementing extended-attribute backed labels for file systems
+ * that support it.
+ *
+ * Where possible, we use EA transactions to make writes to multiple
+ * attributes across difference policies mutually atomic.  We allow work to
+ * continue on file systems not supporting EA transactions, but generate a
+ * printf warning.
+ */
 int
 mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
     struct vnode *dvp, struct vnode *vp, struct componentname *cnp)
@@ -279,7 +288,6 @@ mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
 
 	error = VOP_OPENEXTATTR(vp, cred, curthread);
 	if (error == EOPNOTSUPP) {
-		/* XXX: Optionally abort if transactions not supported. */
 		if (ea_warn_once == 0) {
 			printf("Warning: transactions not supported "
 			    "in EA write.\n");
@@ -297,9 +305,8 @@ mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
 	}
 
 	error = VOP_CLOSEEXTATTR(vp, 1, NOCRED, curthread);
-
 	if (error == EOPNOTSUPP)
-		error = 0;				/* XXX */
+		error = 0;
 
 	return (error);
 }
@@ -314,7 +321,6 @@ mac_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
 
 	error = VOP_OPENEXTATTR(vp, cred, curthread);
 	if (error == EOPNOTSUPP) {
-		/* XXX: Optionally abort if transactions not supported. */
 		if (ea_warn_once == 0) {
 			printf("Warning: transactions not supported "
 			    "in EA write.\n");
@@ -331,9 +337,8 @@ mac_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
 	}
 
 	error = VOP_CLOSEEXTATTR(vp, 1, NOCRED, curthread);
-
 	if (error == EOPNOTSUPP)
-		error = 0;				/* XXX */
+		error = 0;
 
 	return (error);
 }