diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-12-28 23:41:18 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-12-28 23:41:18 +0000 |
commit | 7892c5c36d63e6246a294b9f845357fdf66270d8 (patch) | |
tree | af068b9ba554021897da115586fe30555a819614 /sys/security/mac_bsdextended | |
parent | 954749368bc34b7171791be6b1d30aecadb50e11 (diff) | |
download | FreeBSD-src-7892c5c36d63e6246a294b9f845357fdf66270d8.zip FreeBSD-src-7892c5c36d63e6246a294b9f845357fdf66270d8.tar.gz |
Map VAPPEND to VWRITE since the ugidfw rule syntax doesn't specifically
address the append access mode.
Reported by: "Daniel C. Sobral" <dcs@newsguy.com>
Obtained from: TrustedBSD Project
Sponosred by: DARPA, Network Associates Laboratories
MFC Candidate.
Diffstat (limited to 'sys/security/mac_bsdextended')
-rw-r--r-- | sys/security/mac_bsdextended/mac_bsdextended.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index d090884..ba357ff 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -279,6 +279,15 @@ mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid, if (rules[i] == NULL) continue; + /* + * Since we don't separately handle append, map append to + * write. + */ + if (acc_mode & VAPPEND) { + acc_mode &= ~VAPPEND; + acc_mode |= VWRITE; + } + error = mac_bsdextended_rulecheck(rules[i], cred, object_uid, object_gid, acc_mode); if (error) |