diff options
author | kib <kib@FreeBSD.org> | 2013-09-29 20:21:34 +0000 |
---|---|---|
committer | kib <kib@FreeBSD.org> | 2013-09-29 20:21:34 +0000 |
commit | da2965e1a243768795b02024e54bb4e974752999 (patch) | |
tree | 842773f4fe1c71d003fcbc7d7d994c299da4455f /sys/security/mac | |
parent | 81de6261a0d3cc160f184124a6cb3beb1866e265 (diff) | |
download | FreeBSD-src-da2965e1a243768795b02024e54bb4e974752999.zip FreeBSD-src-da2965e1a243768795b02024e54bb4e974752999.tar.gz |
Make the mac_policy_rm lock recursable, which allows reentrance into
the mac framework. It is needed when priv_check_cred(9) is called from
the mac callback, e.g. in the mac_portacl(4).
Reported by: az
Reviewed by: rwatson
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Approved by: re (gjb)
Diffstat (limited to 'sys/security/mac')
-rw-r--r-- | sys/security/mac/mac_framework.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 816bb0b..ed0c05a 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -292,7 +292,8 @@ mac_init(void) mac_labelzone_init(); #ifndef MAC_STATIC - rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS); + rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS | + RM_RECURSE); sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS); #endif } |