PERFORCE change 231415 for review
Robert Watson
rwatson at FreeBSD.org
Wed Jul 24 14:42:26 UTC 2013
http://p4web.freebsd.org/@@231415?ac=10
Change 231415 by rwatson at rwatson_cinnamon on 2013/07/24 14:41:58
Instead of checking if we are in the execve() call graph,
instead allow the exec MAC check to authorise open; while
here, also allow the KLD Load check to authorise open as
well.
Affected files ...
.. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_vnops.c#6 edit
Differences ...
==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_vnops.c#6 (text+ko) ====
@@ -275,7 +275,9 @@
#ifdef MAC
#ifdef TESLA_MAC
- TESLA_SYSCALL(incallstack(kern_execve) ||
+ TESLA_SYSCALL(
+ previously(mac_kld_check_load(ANY(ptr), vp) == 0) ||
+ previously(mac_vnode_check_exec(ANY(ptr), vp, ANY(ptr)) == 0) ||
previously(mac_vnode_check_open(ANY(ptr), vp, ANY(int)) == 0));
#endif
#endif
More information about the p4-projects
mailing list