diff options
author | phk <phk@FreeBSD.org> | 2004-11-04 09:17:55 +0000 |
---|---|---|
committer | phk <phk@FreeBSD.org> | 2004-11-04 09:17:55 +0000 |
commit | 31149e65e268d35ebe2f2930829abae7b5350954 (patch) | |
tree | fb094b08c26d2ee491df00a8fb23e39974d2b3ea /sys/fs | |
parent | 248c63e073c6f7232b999239a65bb0e38ffd2616 (diff) | |
download | FreeBSD-src-31149e65e268d35ebe2f2930829abae7b5350954.zip FreeBSD-src-31149e65e268d35ebe2f2930829abae7b5350954.tar.gz |
Add back securelevel check for disks.
XXX: This should live in geom_dev.c but we don't have access to the
cred there.
XXX: XXX: This may not matter anymore since filesystems use geom_vfs.
Diffstat (limited to 'sys/fs')
-rw-r--r-- | sys/fs/devfs/devfs_vnops.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index 5e12528..5f9f162 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -710,6 +710,18 @@ devfs_open(ap) if (dev->si_iosize_max == 0) dev->si_iosize_max = DFLTPHYS; + if (vn_isdisk(vp, NULL) && + ap->a_cred != FSCRED && (ap->a_mode & FWRITE)) { + /* + * When running in very secure mode, do not allow + * opens for writing of any disks. + * XXX: should be in geom_dev.c, but we lack the cred there. + */ + error = securelevel_ge(td->td_ucred, 2); + if (error) + return (error); + } + dsw = dev_refthread(dev); if (dsw == NULL) return (ENXIO); |