summaryrefslogtreecommitdiffstats
path: root/sys/security/mac/mac_process.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/mac/mac_process.c')
-rw-r--r--sys/security/mac/mac_process.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index c6c5cd8..6ed6d91 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -192,6 +192,22 @@ mac_proc_create_init(struct ucred *cred)
MAC_PERFORM(proc_create_init, cred);
}
+/*
+ * When a thread becomes an NFS server daemon, its credential may need to be
+ * updated to reflect this so that policies can recognize when file system
+ * operations originate from the network.
+ *
+ * At some point, it would be desirable if the credential used for each NFS
+ * RPC could be set based on the RPC context (i.e., source system, etc) to
+ * provide more fine-grained access control.
+ */
+void
+mac_proc_associate_nfsd(struct ucred *cred)
+{
+
+ MAC_PERFORM(proc_associate_nfsd, cred);
+}
+
void
mac_thread_userret(struct thread *td)
{
OpenPOWER on IntegriCloud