Introduce a new MAC entry point for label initialization of the NFS daemon's

credential: mac_associate_nfsd_label() This entry point can be utilized by various Mandatory Access Control policies so they can properly initialize the label of files which get created as a result of an NFS operation. This work will be useful for fixing kernel panics associated with accessing un-initialized or invalid vnode labels. The implementation of these entry points will come shortly. Obtained from: TrustedBSD Requested by: mdodd MFC after: 3 weeks
author: csjp <csjp@FreeBSD.org> 2006-04-06 23:33:11 +0000
committer: csjp <csjp@FreeBSD.org> 2006-04-06 23:33:11 +0000
commit: be495bef582420958359473d795fa8a169f560f7 (patch)
tree: 1238986aae318c40637c5589ccf1012b648990cc /sys/nfsserver
parent: eb74e00e0c0b698cccd240b53935b86ae6bb2191 (diff)
download: FreeBSD-src-be495bef582420958359473d795fa8a169f560f7.zip
FreeBSD-src-be495bef582420958359473d795fa8a169f560f7.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/nfsserver/nfs_srvsock.c b/sys/nfsserver/nfs_srvsock.c
index 805c5ca4..5721b39 100644
--- a/sys/nfsserver/nfs_srvsock.c
+++ b/sys/nfsserver/nfs_srvsock.c
@@ -369,6 +369,9 @@ nfs_getreq(struct nfsrv_descript *nd, struct nfsd *nfsd, int has_header)
 		    nd->nd_cr->cr_svuid = fxdr_unsigned(uid_t, *tl++);
 		nd->nd_cr->cr_groups[0] = nd->nd_cr->cr_rgid =
 		    nd->nd_cr->cr_svgid = fxdr_unsigned(gid_t, *tl++);
+#ifdef MAC
+		mac_associate_nfsd_label(nd->nd_cr);
+#endif
 		len = fxdr_unsigned(int, *tl);
 		if (len < 0 || len > RPCAUTH_UNIXGIDS) {
 			m_freem(mrep);
author	csjp <csjp@FreeBSD.org>	2006-04-06 23:33:11 +0000
committer	csjp <csjp@FreeBSD.org>	2006-04-06 23:33:11 +0000
commit	be495bef582420958359473d795fa8a169f560f7 (patch)
tree	1238986aae318c40637c5589ccf1012b648990cc /sys/nfsserver
parent	eb74e00e0c0b698cccd240b53935b86ae6bb2191 (diff)
download	FreeBSD-src-be495bef582420958359473d795fa8a169f560f7.zip FreeBSD-src-be495bef582420958359473d795fa8a169f560f7.tar.gz