From 171c37f865ca934d583ae77a7edb3e6818a364bb Mon Sep 17 00:00:00 2001 From: kib Date: Sun, 21 Jun 2009 13:41:32 +0000 Subject: Add another flags argument to vn_open_cred. Use it to specify that some vn_open_cred invocations shall not audit namei path. In particular, specify VN_OPEN_NOAUDIT for dotdot lookup performed by default implementation of vop_vptocnp, and for the open done for core file. vn_fullpath is called from the audit code, and vn_open there need to disable audit to avoid infinite recursion. Core file is created on return to user mode, that, in particular, happens during syscall return. The creation of the core file is audited by direct calls, and we do not want to overwrite audit information for syscall. Reported, reviewed and tested by: rwatson --- sys/cddl/compat/opensolaris/kern/opensolaris_kobj.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sys/cddl/compat/opensolaris/kern') diff --git a/sys/cddl/compat/opensolaris/kern/opensolaris_kobj.c b/sys/cddl/compat/opensolaris/kern/opensolaris_kobj.c index 21b2f23..328bba1 100644 --- a/sys/cddl/compat/opensolaris/kern/opensolaris_kobj.c +++ b/sys/cddl/compat/opensolaris/kern/opensolaris_kobj.c @@ -85,7 +85,8 @@ kobj_open_file_vnode(const char *file) flags = FREAD; NDINIT(&nd, LOOKUP, MPSAFE, UIO_SYSSPACE, file, td); - error = vn_open_cred(&nd, &flags, O_NOFOLLOW, curthread->td_ucred, NULL); + error = vn_open_cred(&nd, &flags, O_NOFOLLOW, 0, curthread->td_ucred, + NULL); NDFREE(&nd, NDF_ONLY_PNBUF); if (error != 0) return (NULL); -- cgit v1.1