diff options
author | csjp <csjp@FreeBSD.org> | 2006-08-26 20:13:35 +0000 |
---|---|---|
committer | csjp <csjp@FreeBSD.org> | 2006-08-26 20:13:35 +0000 |
commit | d35597591e4299cffc6c0776a88921d01bbeb53a (patch) | |
tree | 33c461b943926b78322c2f6d22aee7c43628a531 /sys/security/mac_mls | |
parent | a7e39208a349e9421bceac52f6b1b8f833effd4c (diff) | |
download | FreeBSD-src-d35597591e4299cffc6c0776a88921d01bbeb53a.zip FreeBSD-src-d35597591e4299cffc6c0776a88921d01bbeb53a.tar.gz |
Fix panic associated with file creation via RPC/NFS when the MLS policy
is loaded. This problem stems from the fact that the policy is not properly
initializing the mac label associated with the NFS daemon.
Obtained from: TrustedBSD Project
Discussed with: rwatson
Diffstat (limited to 'sys/security/mac_mls')
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 76e2cda..b258b21 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -2788,6 +2788,17 @@ mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, return (0); } +static void +mac_mls_associate_nfsd_label(struct ucred *cred) +{ + struct mac_mls *label; + + label = SLOT(cred->cr_label); + mac_mls_set_effective(label, MAC_MLS_TYPE_LOW, 0, NULL); + mac_mls_set_range(label, MAC_MLS_TYPE_LOW, 0, NULL, + MAC_MLS_TYPE_HIGH, 0, NULL); +} + static struct mac_policy_ops mac_mls_ops = { .mpo_init = mac_mls_init, @@ -2960,6 +2971,7 @@ static struct mac_policy_ops mac_mls_ops = .mpo_check_vnode_setutimes = mac_mls_check_vnode_setutimes, .mpo_check_vnode_stat = mac_mls_check_vnode_stat, .mpo_check_vnode_write = mac_mls_check_vnode_write, + .mpo_associate_nfsd_label = mac_mls_associate_nfsd_label, }; MAC_POLICY_SET(&mac_mls_ops, mac_mls, "TrustedBSD MAC/MLS", |