PERFORCE change 79532 for review
Robert Watson
rwatson at FreeBSD.org
Mon Jul 4 11:05:37 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=79532
Change 79532 by rwatson at rwatson_paprika on 2005/07/04 11:05:08
Loading of VFS-related kernel modules has moved to vfs_init.c, so
restore the conversation of a suser() check to cap_check() lost
during integrate.
Affected files ...
.. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_init.c#10 edit
Differences ...
==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_init.c#10 (text+ko) ====
@@ -39,6 +39,7 @@
#include <sys/param.h>
#include <sys/systm.h>
+#include <sys/capability.h>
#include <sys/kernel.h>
#include <sys/linker.h>
#include <sys/mount.h>
@@ -115,7 +116,7 @@
return (vfsp);
/* Only load modules for root (very important!). */
- *error = suser(td);
+ *error = cap_check(td, CAP_SYS_MODULE);
if (*error)
return (NULL);
*error = securelevel_gt(td->td_ucred, 0);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list