PERFORCE change 120628 for review
Robert Watson
rwatson at FreeBSD.org
Wed May 30 13:50:30 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=120628
Change 120628 by rwatson at rwatson_zoo on 2007/05/30 13:50:22
Restore lost MAC check for auditctl().
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#40 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#40 (text+ko) ====
@@ -654,7 +654,17 @@
return (error);
vfslocked = NDHASGIANT(&nd);
vp = nd.ni_vp;
+#ifdef MAC
+ error = mac_check_system_auditctl(td->td_ucred, vp);
+ VOP_UNLOCK(vp, 0, td);
+ if (error) {
+ vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td);
+ VFS_UNLOCK_GIANT(vfslocked);
+ return (error);
+ }
+#else
VOP_UNLOCK(vp, 0, td);
+#endif
NDFREE(&nd, NDF_ONLY_PNBUF);
if (vp->v_type != VREG) {
vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td);
More information about the p4-projects
mailing list