Map VAPPEND to VWRITE since the ugidfw rule syntax doesn't specifically

address the append access mode. Reported by: "Daniel C. Sobral" <dcs@newsguy.com> Obtained from: TrustedBSD Project Sponosred by: DARPA, Network Associates Laboratories MFC Candidate.
author: rwatson <rwatson@FreeBSD.org> 2002-12-28 23:41:18 +0000
committer: rwatson <rwatson@FreeBSD.org> 2002-12-28 23:41:18 +0000
commit: 7892c5c36d63e6246a294b9f845357fdf66270d8 (patch)
tree: af068b9ba554021897da115586fe30555a819614 /sys/security
parent: 954749368bc34b7171791be6b1d30aecadb50e11 (diff)
download: FreeBSD-src-7892c5c36d63e6246a294b9f845357fdf66270d8.zip
FreeBSD-src-7892c5c36d63e6246a294b9f845357fdf66270d8.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c
index d090884..ba357ff 100644
--- a/sys/security/mac_bsdextended/mac_bsdextended.c
+++ b/sys/security/mac_bsdextended/mac_bsdextended.c
@@ -279,6 +279,15 @@ mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid,
 		if (rules[i] == NULL)
 			continue;
 
+		/*
+		 * Since we don't separately handle append, map append to
+		 * write.
+		 */
+		if (acc_mode & VAPPEND) {
+			acc_mode &= ~VAPPEND;
+			acc_mode |= VWRITE;
+		}
+
 		error = mac_bsdextended_rulecheck(rules[i], cred, object_uid,
 		    object_gid, acc_mode);
 		if (error)
author	rwatson <rwatson@FreeBSD.org>	2002-12-28 23:41:18 +0000
committer	rwatson <rwatson@FreeBSD.org>	2002-12-28 23:41:18 +0000
commit	7892c5c36d63e6246a294b9f845357fdf66270d8 (patch)
tree	af068b9ba554021897da115586fe30555a819614 /sys/security
parent	954749368bc34b7171791be6b1d30aecadb50e11 (diff)
download	FreeBSD-src-7892c5c36d63e6246a294b9f845357fdf66270d8.zip FreeBSD-src-7892c5c36d63e6246a294b9f845357fdf66270d8.tar.gz