summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/kern/kern_linker.c12
-rw-r--r--sys/kern/vfs_extattr.c5
-rw-r--r--sys/kern/vfs_syscalls.c5
3 files changed, 10 insertions, 12 deletions
diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c
index bb764f4..f81e000 100644
--- a/sys/kern/kern_linker.c
+++ b/sys/kern/kern_linker.c
@@ -301,6 +301,10 @@ linker_load_file(const char* filename, linker_file_t* result)
linker_file_t lf;
int foundfile, error = 0;
+ /* Refuse to load modules if securelevel raised */
+ if (securelevel > 0)
+ return EPERM;
+
lf = linker_find_file_by_name(filename);
if (lf) {
KLD_DPF(FILE, ("linker_load_file: file %s is already loaded, incrementing refs\n", filename));
@@ -425,6 +429,10 @@ linker_file_unload(linker_file_t file)
int error = 0;
int i;
+ /* Refuse to unload modules if securelevel raised */
+ if (securelevel > 0)
+ return EPERM;
+
KLD_DPF(FILE, ("linker_file_unload: lf->refs=%d\n", file->refs));
lockmgr(&lock, LK_EXCLUSIVE, 0, curproc);
if (file->refs == 1) {
@@ -678,7 +686,7 @@ kldload(struct proc* p, struct kldload_args* uap)
p->p_retval[0] = -1;
- if (securelevel > 0)
+ if (securelevel > 0) /* redundant, but that's OK */
return EPERM;
if ((error = suser(p)) != 0)
@@ -721,7 +729,7 @@ kldunload(struct proc* p, struct kldunload_args* uap)
linker_file_t lf;
int error = 0;
- if (securelevel > 0)
+ if (securelevel > 0) /* redundant, but that's OK */
return EPERM;
if ((error = suser(p)) != 0)
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c
index 57a844d..5c808bd 100644
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@@ -225,11 +225,6 @@ mount(p, uap)
if (vfsp == NULL) {
linker_file_t lf;
- /* Refuse to load modules if securelevel raised */
- if (securelevel > 0) {
- vput(vp);
- return EPERM;
- }
/* Only load modules for root (very important!) */
if ((error = suser(p)) != 0) {
vput(vp);
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 57a844d..5c808bd 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -225,11 +225,6 @@ mount(p, uap)
if (vfsp == NULL) {
linker_file_t lf;
- /* Refuse to load modules if securelevel raised */
- if (securelevel > 0) {
- vput(vp);
- return EPERM;
- }
/* Only load modules for root (very important!) */
if ((error = suser(p)) != 0) {
vput(vp);
OpenPOWER on IntegriCloud