PERFORCE change 22840 for review
Robert Watson
rwatson at freebsd.org
Sat Dec 28 18:10:01 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=22840
Change 22840 by rwatson at rwatson_paprika on 2002/12/28 10:09:13
Map VAPPEND into VWRITE when making mac_bsdextended access control
decisions. This should fix open failures with the append-only
flag set.
Reported by: "Daniel C. Sobral" <dcs at newsguy.com>
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#67 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#67 (text+ko) ====
@@ -279,6 +279,15 @@
if (rules[i] == NULL)
continue;
+ /*
+ * Since we don't separately handle append, map append to
+ * write.
+ */
+ if (acc_mode & VAPPEND) {
+ acc_mode &= ~VAPPEND;
+ acc_mode |= VWRITE;
+ }
+
error = mac_bsdextended_rulecheck(rules[i], cred, object_uid,
object_gid, acc_mode);
if (error)
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list