[Bug 246412] Return EISDIR when reading a directory

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Jun 4 18:17:46 UTC 2020


--- Comment #4 from commit-hook at freebsd.org ---
A commit references this bug:

Author: kevans
Date: Thu Jun  4 18:17:27 UTC 2020
New revision: 361799
URL: https://svnweb.freebsd.org/changeset/base/361799

  vfs: add restrictions to read(2) of a directory [2/2]

  This commit adds the priv(9) that waters down the sysctl to make it only
  allow read(2) of a dirfd by the system root. Jailed root is not allowed, but
  jail policy and superuser policy will abstain from allowing/denying it so
  that a MAC module can fully control the policy.

  Such a MAC module has been written, and can be found at:

  It is expected that the MAC module won't be needed by many, as most only
  need to do such diagnostics that require this behavior as system root
  anyways. Interested parties are welcome to grab the MAC module above and
  create a port or locally integrate it, and with enough support it could see
  introduction to base. As noted in mac_read_dir.c, it is released under the
  BSD 2 clause license and allows the restrictions to be lifted for only
  jailed root or for all unprivileged users.

  PR:           246412
  Reviewed by:  mckusick, kib, emaste, jilles, cy, phk, imp (all previous)
  Reviewed by:  rgrimes (latest version)
  Differential Revision:        https://reviews.freebsd.org/D24596


You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-standards mailing list