Make the mac_policy_rm lock recursable, which allows reentrance into

the mac framework. It is needed when priv_check_cred(9) is called from the mac callback, e.g. in the mac_portacl(4). Reported by: az Reviewed by: rwatson Sponsored by: The FreeBSD Foundation MFC after: 1 week Approved by: re (gjb)
author: kib <kib@FreeBSD.org> 2013-09-29 20:21:34 +0000
committer: kib <kib@FreeBSD.org> 2013-09-29 20:21:34 +0000
commit: da2965e1a243768795b02024e54bb4e974752999 (patch)
tree: 842773f4fe1c71d003fcbc7d7d994c299da4455f /sys/security
parent: 81de6261a0d3cc160f184124a6cb3beb1866e265 (diff)
download: FreeBSD-src-da2965e1a243768795b02024e54bb4e974752999.zip
FreeBSD-src-da2965e1a243768795b02024e54bb4e974752999.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index 816bb0b..ed0c05a 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -292,7 +292,8 @@ mac_init(void)
 	mac_labelzone_init();
 
 #ifndef MAC_STATIC
-	rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS);
+	rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS |
+	    RM_RECURSE);
 	sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS);
 #endif
 }
author	kib <kib@FreeBSD.org>	2013-09-29 20:21:34 +0000
committer	kib <kib@FreeBSD.org>	2013-09-29 20:21:34 +0000
commit	da2965e1a243768795b02024e54bb4e974752999 (patch)
tree	842773f4fe1c71d003fcbc7d7d994c299da4455f /sys/security
parent	81de6261a0d3cc160f184124a6cb3beb1866e265 (diff)
download	FreeBSD-src-da2965e1a243768795b02024e54bb4e974752999.zip FreeBSD-src-da2965e1a243768795b02024e54bb4e974752999.tar.gz