diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-09-26 20:18:26 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-09-26 20:18:26 +0000 |
commit | c9c82b43c3b67649e07ebe33426871afc1cdc864 (patch) | |
tree | b6479b961422425f61e24feac14166842e0c8f73 /sys/fs/specfs | |
parent | 20f61b8442278e84594fdc98326cd32ca1c002ee (diff) | |
download | FreeBSD-src-c9c82b43c3b67649e07ebe33426871afc1cdc864.zip FreeBSD-src-c9c82b43c3b67649e07ebe33426871afc1cdc864.tar.gz |
o Modify generic specfs device open access control checks to use
securelevel_ge() instead of direct securelevel variable checks.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/fs/specfs')
-rw-r--r-- | sys/fs/specfs/spec_vnops.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/sys/fs/specfs/spec_vnops.c b/sys/fs/specfs/spec_vnops.c index 0cdfd26..24edc69 100644 --- a/sys/fs/specfs/spec_vnops.c +++ b/sys/fs/specfs/spec_vnops.c @@ -176,15 +176,19 @@ spec_open(ap) * When running in secure mode, do not allow opens * for writing if the device is mounted */ - if (securelevel >= 1 && vfs_mountedon(vp)) - return (EPERM); + if (vfs_mountedon(vp)) { + error = securelevel_ge(td->td_proc->p_ucred, 1); + if (error) + return (error); + } /* * When running in very secure mode, do not allow * opens for writing of any devices. */ - if (securelevel >= 2) - return (EPERM); + error = securelevel_ge(td->td_proc->p_ucred, 2); + if (error) + return (error); } /* XXX: Special casing of ttys for deadfs. Probably redundant */ |