git: 30f092c40ad4 - stable/14 - MAC/do: Fix a too stringent debug assertion for a target of 'uid=*'
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 27 May 2025 09:23:51 UTC
The branch stable/14 has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=30f092c40ad4eb592861839f4ffa9e9891abf1d3
commit 30f092c40ad4eb592861839f4ffa9e9891abf1d3
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2025-05-27 08:20:06 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-05-27 09:23:11 +0000
MAC/do: Fix a too stringent debug assertion for a target of 'uid=*'
MDF_HAS_PRIMARY_CLAUSE only concerns groups, not users, and is thus not
set in the latter case.
This change only has an effect on INVARIANTS builds.
PR: 287057
MFC after: 10 minutes
Sponsored by: The FreeBSD Foundation
(cherry picked from commit b5c9889e369a801ce7c1115f2535ddacbd69800d)
---
sys/security/mac_do/mac_do.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index a83c194b24ae..9aeafa62b56d 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -258,7 +258,8 @@ check_type_and_type_flags(const id_type_t type, const flags_t flags)
"groups specification are exclusive";
goto unexpected_flags;
}
- if (((flags & MDF_PRIMARY) != 0 || (flags & MDF_ANY) != 0) &&
+ if (type == IT_GID &&
+ ((flags & MDF_PRIMARY) != 0 || (flags & MDF_ANY) != 0) &&
(flags & MDF_HAS_PRIMARY_CLAUSE) == 0) {
str = "Presence of folded primary clause not reflected "
"by presence of MDF_HAS_PRIMARY_CLAUSE";