diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-11-03 00:53:03 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-11-03 00:53:03 +0000 |
commit | 02575bafa7d27ede2d0ed3b05d481df92b74b89c (patch) | |
tree | 333ffb6cbc9566ed04f4501401a9ec2108ff1cf5 /sys/security | |
parent | bf9db3a2ba67688f6d0a76081939673ddf298bc0 (diff) | |
download | FreeBSD-src-02575bafa7d27ede2d0ed3b05d481df92b74b89c.zip FreeBSD-src-02575bafa7d27ede2d0ed3b05d481df92b74b89c.tar.gz |
Change privilege model for mac_partition such that BSD superuser can change
the partition once a partition has been set. This is required for correct
operation of sendmail between partitions.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/mac_partition/mac_partition.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c index c1167ea..1b1ec0b 100644 --- a/sys/security/mac_partition/mac_partition.c +++ b/sys/security/mac_partition/mac_partition.c @@ -183,13 +183,11 @@ mac_partition_check_cred_relabel(struct ucred *cred, struct label *newlabel) /* Treat "0" as a no-op request. */ if (SLOT(newlabel) != 0) { - /* If we're already in a partition, can't repartition. */ - if (SLOT(&cred->cr_label) != 0) - return (EPERM); - /* - * If not in a partition, must have privilege to create - * one. + * Require BSD privilege in order to change the partition. + * Originally we also required that the process not be + * in a partition in the first place, but this didn't + * interact well with sendmail. */ error = suser_cred(cred, 0); } |