summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_acct.c
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-11-04 15:13:36 +0000
committerrwatson <rwatson@FreeBSD.org>2002-11-04 15:13:36 +0000
commitb8dd64f5ef380fd8a17448566fccf0860a7adc19 (patch)
tree2f3ad50bb20fd5ec86fb6ebe751e49c2a3679686 /sys/kern/kern_acct.c
parentf3f0e34ca816fad9a22f1b465eda33898a571ada (diff)
downloadFreeBSD-src-b8dd64f5ef380fd8a17448566fccf0860a7adc19.zip
FreeBSD-src-b8dd64f5ef380fd8a17448566fccf0860a7adc19.tar.gz
Permit MAC policies to instrument the access control decisions for
system accounting configuration and for nfsd server thread attach. Policies might use this to protect the integrity or confidentiality of accounting data, limit the ability to turn on or off accounting, as well as to prevent inappropriately labeled threads from becoming nfs server threads. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/kern/kern_acct.c')
-rw-r--r--sys/kern/kern_acct.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/sys/kern/kern_acct.c b/sys/kern/kern_acct.c
index 9707caf..91b0748 100644
--- a/sys/kern/kern_acct.c
+++ b/sys/kern/kern_acct.c
@@ -40,12 +40,15 @@
* $FreeBSD$
*/
+#include "opt_mac.h"
+
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/lock.h>
#include <sys/mutex.h>
#include <sys/sysproto.h>
#include <sys/proc.h>
+#include <sys/mac.h>
#include <sys/mount.h>
#include <sys/vnode.h>
#include <sys/fcntl.h>
@@ -144,12 +147,25 @@ acct(td, uap)
if (error)
goto done2;
NDFREE(&nd, NDF_ONLY_PNBUF);
+#ifdef MAC
+ error = mac_check_system_acct(td->td_ucred, nd.ni_vp);
+ if (error) {
+ vn_close(nd.ni_vp, flags, td->td_ucred, td);
+ goto done2;
+ }
+#endif
VOP_UNLOCK(nd.ni_vp, 0, td);
if (nd.ni_vp->v_type != VREG) {
vn_close(nd.ni_vp, flags, td->td_ucred, td);
error = EACCES;
goto done2;
}
+#ifdef MAC
+ } else {
+ error = mac_check_system_acct(td->td_ucred, NULL);
+ if (error)
+ goto done2;
+#endif
}
/*
OpenPOWER on IntegriCloud