diff options
author | phk <phk@FreeBSD.org> | 2004-06-19 09:00:53 +0000 |
---|---|---|
committer | phk <phk@FreeBSD.org> | 2004-06-19 09:00:53 +0000 |
commit | 07d9a77b87b22ee1b68f3a0dd2b811fb3062fc00 (patch) | |
tree | 7337cde9d0edd9857449589241f77fbb5c7ef637 | |
parent | f9c5567642794d6bdf9f2ca06532c1256c3f373e (diff) | |
download | FreeBSD-src-07d9a77b87b22ee1b68f3a0dd2b811fb3062fc00.zip FreeBSD-src-07d9a77b87b22ee1b68f3a0dd2b811fb3062fc00.tar.gz |
Duplicate the securelevel check from spec_vnops.c here.
-rw-r--r-- | sys/geom/geom_dev.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/sys/geom/geom_dev.c b/sys/geom/geom_dev.c index f24400a..baaf191 100644 --- a/sys/geom/geom_dev.c +++ b/sys/geom/geom_dev.c @@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$"); #include <sys/bio.h> #include <sys/lock.h> #include <sys/mutex.h> +#include <sys/proc.h> #include <sys/errno.h> #include <sys/time.h> #include <sys/disk.h> @@ -160,6 +161,7 @@ g_dev_open(struct cdev *dev, int flags, int fmt, struct thread *td) g_trace(G_T_ACCESS, "g_dev_open(%s, %d, %d, %p)", gp->name, flags, fmt, td); + r = flags & FREAD ? 1 : 0; w = flags & FWRITE ? 1 : 0; #ifdef notyet @@ -167,6 +169,15 @@ g_dev_open(struct cdev *dev, int flags, int fmt, struct thread *td) #else e = 0; #endif + if (w) { + /* + * When running in very secure mode, do not allow + * opens for writing of any disks. + */ + error = securelevel_ge(td->td_ucred, 2); + if (error) + return (error); + } g_topology_lock(); if (dev->si_devsw == NULL) error = ENXIO; /* We were orphaned */ |