summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/kern/vfs_lookup.c17
-rw-r--r--sys/sys/namei.h3
2 files changed, 13 insertions, 7 deletions
diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c
index db1b342..f064b64 100644
--- a/sys/kern/vfs_lookup.c
+++ b/sys/kern/vfs_lookup.c
@@ -216,9 +216,12 @@ namei(ndp)
break;
}
#ifdef MAC
- error = mac_check_vnode_readlink(td->td_ucred, ndp->ni_vp);
- if (error)
- break;
+ if ((cnp->cn_flags & NOMACCHECK) == 0) {
+ error = mac_check_vnode_readlink(td->td_ucred,
+ ndp->ni_vp);
+ if (error)
+ break;
+ }
#endif
if (ndp->ni_pathlen > 1)
cp = uma_zalloc(namei_zone, M_WAITOK);
@@ -471,9 +474,11 @@ dirloop:
*/
unionlookup:
#ifdef MAC
- error = mac_check_vnode_lookup(td->td_ucred, dp, cnp);
- if (error)
- goto bad;
+ if ((cnp->cn_flags & NOMACCHECK) == 0) {
+ error = mac_check_vnode_lookup(td->td_ucred, dp, cnp);
+ if (error)
+ goto bad;
+ }
#endif
ndp->ni_dvp = dp;
ndp->ni_vp = NULL;
diff --git a/sys/sys/namei.h b/sys/sys/namei.h
index a06a045..00e7643 100644
--- a/sys/sys/namei.h
+++ b/sys/sys/namei.h
@@ -144,7 +144,8 @@ struct nameidata {
#define ISUNICODE 0x100000 /* current component name is unicode*/
#define PDIRUNLOCK 0x200000 /* filesystem lookup() unlocked parent dir */
#define NOCROSSMOUNT 0x400000 /* do not cross mount points */
-#define PARAMASK 0x3ffe00 /* mask of parameter descriptors */
+#define NOMACCHECK 0x800000 /* do not perform MAC checks */
+#define PARAMASK 0xfffe00 /* mask of parameter descriptors */
/*
* Initialization of an nameidata structure.
OpenPOWER on IntegriCloud