PERFORCE change 17935 for review
Robert Watson
rwatson at freebsd.org
Sun Sep 22 17:23:14 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17935
Change 17935 by rwatson at rwatson_paprika on 2002/09/22 10:22:33
Teach mac_partition model that a request to set the partition to 0
is a no-op during the relabel check (we already handled it that
way in the actual relabel implementation). This reduces
interference with other loaded policies.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_partition/mac_partition.c#13 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_partition/mac_partition.c#13 (text+ko) ====
@@ -196,15 +196,26 @@
}
static int
-mac_partition_check_cred_relabel(struct ucred *cred, struct mac *newlabel)
+mac_partition_check_cred_relabel(struct ucred *cred, struct label *newlabel)
{
+ int error;
+
+ error = 0;
+
+ /* Treat "0" as a no-op request. */
+ if (SLOT(newlabel) != 0) {
+ /* If we're already in a partition, can't repartition. */
+ if (SLOT(&cred->cr_label) != 0)
+ return (EPERM);
- /* If in a partition, can't re-partition. */
- if (SLOT(&cred->cr_label) != 0)
- return (EPERM);
+ /*
+ * If not in a partition, must have privilege to create
+ * one.
+ */
+ error = suser_cred(cred, 0);
+ }
- /* If not in a partition, must have privilege */
- return (suser_cred(cred, 0));
+ return (error);
}
static int
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list