o Modify generic specfs device open access control checks to use

securelevel_ge() instead of direct securelevel variable checks. Obtained from: TrustedBSD Project
author: rwatson <rwatson@FreeBSD.org> 2001-09-26 20:18:26 +0000
committer: rwatson <rwatson@FreeBSD.org> 2001-09-26 20:18:26 +0000
commit: c9c82b43c3b67649e07ebe33426871afc1cdc864 (patch)
tree: b6479b961422425f61e24feac14166842e0c8f73 /sys/fs/specfs
parent: 20f61b8442278e84594fdc98326cd32ca1c002ee (diff)
download: FreeBSD-src-c9c82b43c3b67649e07ebe33426871afc1cdc864.zip
FreeBSD-src-c9c82b43c3b67649e07ebe33426871afc1cdc864.tar.gz
1 files changed, 8 insertions, 4 deletions
diff --git a/sys/fs/specfs/spec_vnops.c b/sys/fs/specfs/spec_vnops.c
index 0cdfd26..24edc69 100644
--- a/sys/fs/specfs/spec_vnops.c
+++ b/sys/fs/specfs/spec_vnops.c
@@ -176,15 +176,19 @@ spec_open(ap)
 		 * When running in secure mode, do not allow opens
 		 * for writing if the device is mounted
 		 */
-		if (securelevel >= 1 && vfs_mountedon(vp))
-			return (EPERM);
+		if (vfs_mountedon(vp)) {
+			error = securelevel_ge(td->td_proc->p_ucred, 1);
+			if (error)
+				return (error);
+		}
 
 		/*
 		 * When running in very secure mode, do not allow
 		 * opens for writing of any devices.
 		 */
-		if (securelevel >= 2)
-			return (EPERM);
+		error = securelevel_ge(td->td_proc->p_ucred, 2);
+		if (error)
+			return (error);
 	}
 
 	/* XXX: Special casing of ttys for deadfs.  Probably redundant */
author	rwatson <rwatson@FreeBSD.org>	2001-09-26 20:18:26 +0000
committer	rwatson <rwatson@FreeBSD.org>	2001-09-26 20:18:26 +0000
commit	c9c82b43c3b67649e07ebe33426871afc1cdc864 (patch)
tree	b6479b961422425f61e24feac14166842e0c8f73 /sys/fs/specfs
parent	20f61b8442278e84594fdc98326cd32ca1c002ee (diff)
download	FreeBSD-src-c9c82b43c3b67649e07ebe33426871afc1cdc864.zip FreeBSD-src-c9c82b43c3b67649e07ebe33426871afc1cdc864.tar.gz