diff options
author | csjp <csjp@FreeBSD.org> | 2006-04-06 23:33:11 +0000 |
---|---|---|
committer | csjp <csjp@FreeBSD.org> | 2006-04-06 23:33:11 +0000 |
commit | be495bef582420958359473d795fa8a169f560f7 (patch) | |
tree | 1238986aae318c40637c5589ccf1012b648990cc /sys/nfsserver | |
parent | eb74e00e0c0b698cccd240b53935b86ae6bb2191 (diff) | |
download | FreeBSD-src-be495bef582420958359473d795fa8a169f560f7.zip FreeBSD-src-be495bef582420958359473d795fa8a169f560f7.tar.gz |
Introduce a new MAC entry point for label initialization of the NFS daemon's
credential: mac_associate_nfsd_label()
This entry point can be utilized by various Mandatory Access Control policies
so they can properly initialize the label of files which get created
as a result of an NFS operation. This work will be useful for fixing kernel
panics associated with accessing un-initialized or invalid vnode labels.
The implementation of these entry points will come shortly.
Obtained from: TrustedBSD
Requested by: mdodd
MFC after: 3 weeks
Diffstat (limited to 'sys/nfsserver')
-rw-r--r-- | sys/nfsserver/nfs_srvsock.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/nfsserver/nfs_srvsock.c b/sys/nfsserver/nfs_srvsock.c index 805c5ca4..5721b39 100644 --- a/sys/nfsserver/nfs_srvsock.c +++ b/sys/nfsserver/nfs_srvsock.c @@ -369,6 +369,9 @@ nfs_getreq(struct nfsrv_descript *nd, struct nfsd *nfsd, int has_header) nd->nd_cr->cr_svuid = fxdr_unsigned(uid_t, *tl++); nd->nd_cr->cr_groups[0] = nd->nd_cr->cr_rgid = nd->nd_cr->cr_svgid = fxdr_unsigned(gid_t, *tl++); +#ifdef MAC + mac_associate_nfsd_label(nd->nd_cr); +#endif len = fxdr_unsigned(int, *tl); if (len < 0 || len > RPCAUTH_UNIXGIDS) { m_freem(mrep); |