svn commit: r255945 - head/sys/security/mac
Konstantin Belousov
kib at FreeBSD.org
Sun Sep 29 20:21:34 UTC 2013
Author: kib
Date: Sun Sep 29 20:21:34 2013
New Revision: 255945
URL: http://svnweb.freebsd.org/changeset/base/255945
Log:
Make the mac_policy_rm lock recursable, which allows reentrance into
the mac framework. It is needed when priv_check_cred(9) is called from
the mac callback, e.g. in the mac_portacl(4).
Reported by: az
Reviewed by: rwatson
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Approved by: re (gjb)
Modified:
head/sys/security/mac/mac_framework.c
Modified: head/sys/security/mac/mac_framework.c
==============================================================================
--- head/sys/security/mac/mac_framework.c Sun Sep 29 20:20:17 2013 (r255944)
+++ head/sys/security/mac/mac_framework.c Sun Sep 29 20:21:34 2013 (r255945)
@@ -292,7 +292,8 @@ mac_init(void)
mac_labelzone_init();
#ifndef MAC_STATIC
- rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS);
+ rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS |
+ RM_RECURSE);
sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS);
#endif
}
More information about the svn-src-head
mailing list