summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/kern/kern_mib.c61
1 files changed, 30 insertions, 31 deletions
diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c
index c59c9aa..008c7f7 100644
--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@@ -183,42 +183,41 @@ int securelevel = -1;
static int
sysctl_kern_securelvl(SYSCTL_HANDLER_ARGS)
{
- int error, level;
-
- /*
- * If the process is in jail, return the maximum of the
- * global and local levels; otherwise, return the global
- * level.
- */
- if (req->p->p_ucred->cr_prison != NULL)
- level = imax(securelevel,
- req->p->p_ucred->cr_prison->pr_securelevel);
- else
- level = securelevel;
- error = sysctl_handle_int(oidp, &level, 0, req);
- if (error || !req->newptr)
- return (error);
- /*
- * Permit update only if the new securelevel exceeds the
- * global level, and local level if any.
- */
- if (req->p->p_ucred->cr_prison != NULL) {
+ int error, level;
+
+ /*
+ * If the process is in jail, return the maximum of the global and
+ * local levels; otherwise, return the global level.
+ */
+ if (req->p->p_ucred->cr_prison != NULL)
+ level = imax(securelevel,
+ req->p->p_ucred->cr_prison->pr_securelevel);
+ else
+ level = securelevel;
+ error = sysctl_handle_int(oidp, &level, 0, req);
+ if (error || !req->newptr)
+ return (error);
+ /*
+ * Permit update only if the new securelevel exceeds the
+ * global level, and local level if any.
+ */
+ if (req->p->p_ucred->cr_prison != NULL) {
#ifdef REGRESSION
- if (!regression_securelevel_nonmonotonic)
+ if (!regression_securelevel_nonmonotonic)
#endif /* !REGRESSION */
- if (level < imax(securelevel,
- req->p->p_ucred->cr_prison->pr_securelevel))
- return (EPERM);
+ if (level < imax(securelevel,
+ req->p->p_ucred->cr_prison->pr_securelevel))
+ return (EPERM);
req->p->p_ucred->cr_prison->pr_securelevel = level;
- } else {
+ } else {
#ifdef REGRESSION
- if (!regression_securelevel_nonmonotonic)
+ if (!regression_securelevel_nonmonotonic)
#endif /* !REGRESSION */
- if (level < securelevel)
- return (EPERM);
- securelevel = level;
- }
- return (error);
+ if (level < securelevel)
+ return (EPERM);
+ securelevel = level;
+ }
+ return (error);
}
SYSCTL_PROC(_kern, KERN_SECURELVL, securelevel,
OpenPOWER on IntegriCloud