PERFORCE change 15067 for review
Robert Watson
rwatson at freebsd.org
Sun Jul 28 20:18:50 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15067
Change 15067 by rwatson at rwatson_paprika on 2002/07/28 13:18:13
Avoid entering mac_execve_transition() if the MAC framework
hasn't previously indicated a transition will take place.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#25 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#25 (text+ko) ====
@@ -144,6 +144,9 @@
#endif
struct vnode *textvp = NULL, *textdvp = NULL;
int credential_changing;
+#ifdef MAC
+ int will_transition;
+#endif
imgp = &image_params;
@@ -379,7 +382,8 @@
attr.va_gid);
#ifdef MAC
vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td);
- credential_changing |= mac_execve_will_transition(oldcred, imgp->vp);
+ will_transition = mac_execve_will_transition(oldcred, imgp->vp);
+ credential_changing |= will_transition;
VOP_UNLOCK(imgp->vp, 0, td);
#endif
@@ -420,9 +424,11 @@
if (attr.va_mode & VSGID)
change_egid(newcred, attr.va_gid);
#ifdef MAC
- vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td);
- mac_execve_transition(oldcred, newcred, imgp->vp);
- VOP_UNLOCK(imgp->vp, 0, td);
+ if (will_transition) {
+ vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td);
+ mac_execve_transition(oldcred, newcred, imgp->vp);
+ VOP_UNLOCK(imgp->vp, 0, td);
+ }
#endif
setugidsafety(td);
/*
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list