PERFORCE change 105139 for review
Christian S.J. Peron
csjp at FreeBSD.org
Sat Aug 26 20:33:17 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=105139
Change 105139 by csjp at csjp_xor on 2006/08/26 20:09:19
Fix panic associated with file creation VIA RPC/NFS calls by properly
initializing the labels associted with the NFSD credential.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#212 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#212 (text+ko) ====
@@ -2865,6 +2865,17 @@
return (0);
}
+static void
+mac_mls_associate_nfsd_label(struct ucred *cred)
+{
+ struct mac_mls *label;
+
+ label = SLOT(cred->cr_label);
+ mac_mls_set_effective(label, MAC_MLS_TYPE_LOW, 0, NULL);
+ mac_mls_set_range(label, MAC_MLS_TYPE_LOW, 0, NULL,
+ MAC_MLS_TYPE_HIGH, 0, NULL);
+}
+
static struct mac_policy_ops mac_mls_ops =
{
.mpo_init = mac_mls_init,
@@ -3037,6 +3048,7 @@
.mpo_check_vnode_setutimes = mac_mls_check_vnode_setutimes,
.mpo_check_vnode_stat = mac_mls_check_vnode_stat,
.mpo_check_vnode_write = mac_mls_check_vnode_write,
+ .mpo_associate_nfsd_label = mac_mls_associate_nfsd_label,
};
MAC_POLICY_SET(&mac_mls_ops, mac_mls, "TrustedBSD MAC/MLS",
More information about the trustedbsd-cvs
mailing list