diff options
author | pjd <pjd@FreeBSD.org> | 2005-06-23 22:13:29 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2005-06-23 22:13:29 +0000 |
commit | a99a8a69bde61c22a20ce88c671f204243533b94 (patch) | |
tree | 9a50936c89d0a3dce63f6550a4b24e9b5559de77 /sys | |
parent | be2da9ea22abd72b769e046aa2d3cc597cfea311 (diff) | |
download | FreeBSD-src-a99a8a69bde61c22a20ce88c671f204243533b94.zip FreeBSD-src-a99a8a69bde61c22a20ce88c671f204243533b94.tar.gz |
Actually only protect mount-point if security.jail.enforce_statfs is set to 2.
If we don't return statistics about requested file systems, system tools
may not work correctly or at all.
Approved by: re (scottl)
Diffstat (limited to 'sys')
-rw-r--r-- | sys/compat/linux/linux_stats.c | 3 | ||||
-rw-r--r-- | sys/kern/kern_jail.c | 1 | ||||
-rw-r--r-- | sys/kern/vfs_extattr.c | 10 | ||||
-rw-r--r-- | sys/kern/vfs_syscalls.c | 10 |
4 files changed, 0 insertions, 24 deletions
diff --git a/sys/compat/linux/linux_stats.c b/sys/compat/linux/linux_stats.c index da08a10..d0c5231 100644 --- a/sys/compat/linux/linux_stats.c +++ b/sys/compat/linux/linux_stats.c @@ -331,9 +331,6 @@ linux_ustat(struct thread *td, struct linux_ustat_args *args) if (dev != NULL && vfinddev(dev, &vp)) { if (vp->v_mount == NULL) return (EINVAL); - error = prison_canseemount(td->td_ucred, vp->v_mount); - if (error) - return (error); #ifdef MAC error = mac_check_mount_stat(td->td_ucred, vp->v_mount); if (error) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 9ca85c6..c3d1f9a 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -488,7 +488,6 @@ prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct statfs *sp) return; pr = cred->cr_prison; if (prison_canseemount(cred, mp) != 0) { - /* Should never happen. */ bzero(sp->f_mntonname, sizeof(sp->f_mntonname)); strlcpy(sp->f_mntonname, "[restricted]", sizeof(sp->f_mntonname)); diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index fe796dc..fb7f467 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -257,11 +257,6 @@ kern_statfs(struct thread *td, char *path, enum uio_seg pathseg, sp = &mp->mnt_stat; NDFREE(&nd, NDF_ONLY_PNBUF); vrele(nd.ni_vp); - error = prison_canseemount(td->td_ucred, mp); - if (error) { - mtx_unlock(&Giant); - return (error); - } #ifdef MAC error = mac_check_mount_stat(td->td_ucred, mp); if (error) { @@ -335,11 +330,6 @@ kern_fstatfs(struct thread *td, int fd, struct statfs *buf) mtx_unlock(&Giant); return (EBADF); } - error = prison_canseemount(td->td_ucred, mp); - if (error) { - mtx_unlock(&Giant); - return (error); - } #ifdef MAC error = mac_check_mount_stat(td->td_ucred, mp); if (error) { diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index fe796dc..fb7f467 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -257,11 +257,6 @@ kern_statfs(struct thread *td, char *path, enum uio_seg pathseg, sp = &mp->mnt_stat; NDFREE(&nd, NDF_ONLY_PNBUF); vrele(nd.ni_vp); - error = prison_canseemount(td->td_ucred, mp); - if (error) { - mtx_unlock(&Giant); - return (error); - } #ifdef MAC error = mac_check_mount_stat(td->td_ucred, mp); if (error) { @@ -335,11 +330,6 @@ kern_fstatfs(struct thread *td, int fd, struct statfs *buf) mtx_unlock(&Giant); return (EBADF); } - error = prison_canseemount(td->td_ucred, mp); - if (error) { - mtx_unlock(&Giant); - return (error); - } #ifdef MAC error = mac_check_mount_stat(td->td_ucred, mp); if (error) { |