diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-11-04 15:13:36 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-11-04 15:13:36 +0000 |
commit | b8dd64f5ef380fd8a17448566fccf0860a7adc19 (patch) | |
tree | 2f3ad50bb20fd5ec86fb6ebe751e49c2a3679686 /sys/nfsserver | |
parent | f3f0e34ca816fad9a22f1b465eda33898a571ada (diff) | |
download | FreeBSD-src-b8dd64f5ef380fd8a17448566fccf0860a7adc19.zip FreeBSD-src-b8dd64f5ef380fd8a17448566fccf0860a7adc19.tar.gz |
Permit MAC policies to instrument the access control decisions for
system accounting configuration and for nfsd server thread attach.
Policies might use this to protect the integrity or confidentiality
of accounting data, limit the ability to turn on or off accounting,
as well as to prevent inappropriately labeled threads from becoming nfs
server threads.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/nfsserver')
-rw-r--r-- | sys/nfsserver/nfs_syscalls.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/sys/nfsserver/nfs_syscalls.c b/sys/nfsserver/nfs_syscalls.c index 10e0ed2..80271cd 100644 --- a/sys/nfsserver/nfs_syscalls.c +++ b/sys/nfsserver/nfs_syscalls.c @@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$"); #include "opt_inet6.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> @@ -50,6 +51,7 @@ __FBSDID("$FreeBSD$"); #include <sys/file.h> #include <sys/filedesc.h> #include <sys/vnode.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/mount.h> #include <sys/proc.h> @@ -137,10 +139,15 @@ nfssvc(struct thread *td, struct nfssvc_args *uap) struct nfsd_args nfsdarg; int error; - mtx_lock(&Giant); +#ifdef MAC + error = mac_check_system_nfsd(td->td_ucred); + if (error) + return (error); +#endif error = suser(td); if (error) - goto done2; + return (error); + mtx_lock(&Giant); while (nfssvc_sockhead_flag & SLP_INIT) { nfssvc_sockhead_flag |= SLP_WANTINIT; (void) tsleep((caddr_t)&nfssvc_sockhead, PSOCK, "nfsd init", 0); |