diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-12 16:43:04 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-12 16:43:04 +0000 |
commit | b0388fc24a420479ae7a20ff88596aa5b5c56c47 (patch) | |
tree | 86ba129c5124e7aafe21c17a7f6f517a82f1e299 /sys/nfsclient/nfs_lock.c | |
parent | 4cf312acccfd897b6141b5a690ff79dc2ff8ae4e (diff) | |
download | FreeBSD-src-b0388fc24a420479ae7a20ff88596aa5b5c56c47.zip FreeBSD-src-b0388fc24a420479ae7a20ff88596aa5b5c56c47.tar.gz |
Pass IO_NOMACCHECK to vn_rdwr() in the following checks to prevent
enforcement of MAC policy on the read or write operations:
- In ext2fs, don't enforce MAC on loop-back reads and writes supporting
directory read operations in lookup(), directory modifications in
rename(), directory write operations in mkdir(), symlink write
operations in symlink().
- In the NFS client locking code, perform vn_rdwr() on the NFS locking
socket without enforcing MAC, since the write is done on behalf of
the kernel NFS implementation rather than the user process.
- In UFS, don't enforce MAC on loop-back reads and writes supporting
directory read operations in lookup(), and symlink write operations
in symlink().
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/nfsclient/nfs_lock.c')
-rw-r--r-- | sys/nfsclient/nfs_lock.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/nfsclient/nfs_lock.c b/sys/nfsclient/nfs_lock.c index dfd5ed0..32f9a1d 100644 --- a/sys/nfsclient/nfs_lock.c +++ b/sys/nfsclient/nfs_lock.c @@ -163,7 +163,7 @@ nfs_dolock(struct vop_advlock_args *ap) VOP_UNLOCK(wvp, 0, td); /* vn_open leaves it locked */ - ioflg = IO_UNIT; + ioflg = IO_UNIT | IO_NOMACCHECK; for (;;) { VOP_LEASE(wvp, td, thread0.td_ucred, LEASE_WRITE); |