diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-10-29 19:14:16 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-10-29 19:14:16 +0000 |
| commit | 34c75e428fc104c17fc6389e9b66a05ed6bdd586 (patch) | |
| tree | dc3bfdc4e5861cb0a36674edd6ebb42c65863821 /sys/security | |
| parent | 9e662115ff28ad98b791585637bd1f231acb95b3 (diff) | |
| download | FreeBSD-src-34c75e428fc104c17fc6389e9b66a05ed6bdd586.zip FreeBSD-src-34c75e428fc104c17fc6389e9b66a05ed6bdd586.tar.gz | |
Require Biba privilege to relabel a network interface.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac_biba/mac_biba.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 70d5a08..c4ce41a 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1529,6 +1529,13 @@ mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, return (error); /* + * Relabling network interfaces requires Biba privilege. + */ + error = mac_biba_subject_privileged(subj); + if (error) + return (error); + + /* * If the Biba label is to be changed, authorize as appropriate. */ if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { |
