summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorphk <phk@FreeBSD.org>2004-06-19 09:00:53 +0000
committerphk <phk@FreeBSD.org>2004-06-19 09:00:53 +0000
commit07d9a77b87b22ee1b68f3a0dd2b811fb3062fc00 (patch)
tree7337cde9d0edd9857449589241f77fbb5c7ef637
parentf9c5567642794d6bdf9f2ca06532c1256c3f373e (diff)
downloadFreeBSD-src-07d9a77b87b22ee1b68f3a0dd2b811fb3062fc00.zip
FreeBSD-src-07d9a77b87b22ee1b68f3a0dd2b811fb3062fc00.tar.gz
Duplicate the securelevel check from spec_vnops.c here.
-rw-r--r--sys/geom/geom_dev.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/sys/geom/geom_dev.c b/sys/geom/geom_dev.c
index f24400a..baaf191 100644
--- a/sys/geom/geom_dev.c
+++ b/sys/geom/geom_dev.c
@@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$");
#include <sys/bio.h>
#include <sys/lock.h>
#include <sys/mutex.h>
+#include <sys/proc.h>
#include <sys/errno.h>
#include <sys/time.h>
#include <sys/disk.h>
@@ -160,6 +161,7 @@ g_dev_open(struct cdev *dev, int flags, int fmt, struct thread *td)
g_trace(G_T_ACCESS, "g_dev_open(%s, %d, %d, %p)",
gp->name, flags, fmt, td);
+
r = flags & FREAD ? 1 : 0;
w = flags & FWRITE ? 1 : 0;
#ifdef notyet
@@ -167,6 +169,15 @@ g_dev_open(struct cdev *dev, int flags, int fmt, struct thread *td)
#else
e = 0;
#endif
+ if (w) {
+ /*
+ * When running in very secure mode, do not allow
+ * opens for writing of any disks.
+ */
+ error = securelevel_ge(td->td_ucred, 2);
+ if (error)
+ return (error);
+ }
g_topology_lock();
if (dev->si_devsw == NULL)
error = ENXIO; /* We were orphaned */
OpenPOWER on IntegriCloud