Use mac_biba_label_copy() and mac_mls_label_copy() to implement the

mpo_copy_mbuf_label() entry point for Biba and MLS, respectively. Otherwise, labels in m_tags may not be properly propagated across some classes of mbuf operations. This problem caused these policies to fail-stop the system with a panic. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
author: rwatson <rwatson@FreeBSD.org> 2003-06-02 17:21:38 +0000
committer: rwatson <rwatson@FreeBSD.org> 2003-06-02 17:21:38 +0000
commit: 792ca19a6f13857df01383a9f135111791e02778 (patch)
tree: 280c0f72003907217728baa3334884945679c5cc /sys/security/mac_mls
parent: bfe214278d0b0615ecf68a2b9dc27c434fd6608a (diff)
download: FreeBSD-src-792ca19a6f13857df01383a9f135111791e02778.zip
FreeBSD-src-792ca19a6f13857df01383a9f135111791e02778.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index e464a90..2ceae35 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -2393,6 +2393,7 @@ static struct mac_policy_ops mac_mls_ops =
 	.mpo_destroy_socket_label = mac_mls_destroy_label,
 	.mpo_destroy_socket_peer_label = mac_mls_destroy_label,
 	.mpo_destroy_vnode_label = mac_mls_destroy_label,
+	.mpo_copy_mbuf_label = mac_mls_copy_label,
 	.mpo_copy_pipe_label = mac_mls_copy_label,
 	.mpo_copy_vnode_label = mac_mls_copy_label,
 	.mpo_externalize_cred_label = mac_mls_externalize_label,
author	rwatson <rwatson@FreeBSD.org>	2003-06-02 17:21:38 +0000
committer	rwatson <rwatson@FreeBSD.org>	2003-06-02 17:21:38 +0000
commit	792ca19a6f13857df01383a9f135111791e02778 (patch)
tree	280c0f72003907217728baa3334884945679c5cc /sys/security/mac_mls
parent	bfe214278d0b0615ecf68a2b9dc27c434fd6608a (diff)
download	FreeBSD-src-792ca19a6f13857df01383a9f135111791e02778.zip FreeBSD-src-792ca19a6f13857df01383a9f135111791e02778.tar.gz