diff options
-rw-r--r-- | sys/security/mac_bsdextended/mac_bsdextended.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index d090884..ba357ff 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -279,6 +279,15 @@ mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid, if (rules[i] == NULL) continue; + /* + * Since we don't separately handle append, map append to + * write. + */ + if (acc_mode & VAPPEND) { + acc_mode &= ~VAPPEND; + acc_mode |= VWRITE; + } + error = mac_bsdextended_rulecheck(rules[i], cred, object_uid, object_gid, acc_mode); if (error) |