PERFORCE change 20711 for review
Robert Watson
rwatson at freebsd.org
Tue Nov 5 18:33:14 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=20711
Change 20711 by rwatson at rwatson_tislabs on 2002/11/05 10:32:56
Disallow changing labels at mac_exec()-time using MLS, since the
machinery isn't in place yet.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#144 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#144 (text+ko) ====
@@ -1884,7 +1884,20 @@
struct label *label, struct image_params *imgp,
struct label *execlabel)
{
- struct mac_mls *subj, *obj;
+ struct mac_mls *subj, *obj, *exec;
+ int error;
+
+ if (execlabel != NULL) {
+ /*
+ * We currently don't permit labels to be changed at
+ * exec-time as part of MLS, so disallow non-NULL
+ * MLS label elements in the execlabel.
+ */
+ exec = SLOT(execlabel);
+ error = mls_atmostflags(exec, 0);
+ if (error)
+ return (error);
+ }
if (!mac_mls_enabled)
return (0);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list