diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-12 16:49:03 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-12 16:49:03 +0000 |
commit | f8156b93eeb0d400644d4f1731a0d3ee31b837fb (patch) | |
tree | 73aeb7b211cd1c4e8da6457997f515914f7a50ac /sys/kern/uipc_socket.c | |
parent | 7a27007bbba75b4d691e1af110c195a64af712a2 (diff) | |
download | FreeBSD-src-f8156b93eeb0d400644d4f1731a0d3ee31b837fb.zip FreeBSD-src-f8156b93eeb0d400644d4f1731a0d3ee31b837fb.tar.gz |
Use the credential authorizing the socket creation operation to perform
the jail check and the MAC socket labeling in socreate(). This handles
socket creation using a cached credential better (such as in the NFS
client code when rebuilding a socket following a disconnect: the new
socket should be created using the nfsmount cached cred, not the cred
of the thread causing the socket to be rebuilt).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/uipc_socket.c')
-rw-r--r-- | sys/kern/uipc_socket.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index cfcec00..61cef61 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -177,7 +177,7 @@ socreate(dom, aso, type, proto, cred, td) if (prp == 0 || prp->pr_usrreqs->pru_attach == 0) return (EPROTONOSUPPORT); - if (jailed(td->td_ucred) && jail_socket_unixiproute_only && + if (jailed(cred) && jail_socket_unixiproute_only && prp->pr_domain->dom_family != PF_LOCAL && prp->pr_domain->dom_family != PF_INET && prp->pr_domain->dom_family != PF_ROUTE) { @@ -196,7 +196,7 @@ socreate(dom, aso, type, proto, cred, td) so->so_cred = crhold(cred); so->so_proto = prp; #ifdef MAC - mac_create_socket(td->td_ucred, so); + mac_create_socket(cred, so); #endif soref(so); error = (*prp->pr_usrreqs->pru_attach)(so, proto, td); |