diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-11-05 15:11:33 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-11-05 15:11:33 +0000 |
commit | 373a915367c58ecd119972e58bb49e683c477c65 (patch) | |
tree | 26d000e3ad56d30da28aa28f88ebf30a0af06936 /sys/security/mac/mac_syscalls.c | |
parent | c2166f1034cafe467058e46b1391fc62e348cf59 (diff) | |
download | FreeBSD-src-373a915367c58ecd119972e58bb49e683c477c65.zip FreeBSD-src-373a915367c58ecd119972e58bb49e683c477c65.tar.gz |
Assert that appropriate vnodes are locked in mac_execve_will_transition().
Allow transitioning to be twiddled off using the process and fs enforcement
flags, although at some point this should probably be its own flag.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security/mac/mac_syscalls.c')
-rw-r--r-- | sys/security/mac/mac_syscalls.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 64b6f09..e1f2531 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp) ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); + if (!mac_enforce_process && !mac_enforce_fs) + return; + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label); } @@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) { int result; + ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition"); + + if (!mac_enforce_process && !mac_enforce_fs) + return (0); + result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label); |