From 9c209cbf17be056242a8a4a401405154709088ab Mon Sep 17 00:00:00 2001
From: mlaier <mlaier@FreeBSD.org>
Date: Sun, 22 Aug 2004 15:23:48 +0000
Subject: Use securelevel_gt instead of reading global securelevel unprotected.

Submitted by:	yongari
MFC after:	3 days
---
 sys/contrib/pf/net/pf_ioctl.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'sys/contrib/pf')

diff --git a/sys/contrib/pf/net/pf_ioctl.c b/sys/contrib/pf/net/pf_ioctl.c
index 4df9e37..a1172c7 100644
--- a/sys/contrib/pf/net/pf_ioctl.c
+++ b/sys/contrib/pf/net/pf_ioctl.c
@@ -66,6 +66,7 @@
 #ifdef __FreeBSD__
 #include <sys/module.h>
 #include <sys/conf.h>
+#include <sys/proc.h>
 #else
 #include <sys/timeout.h>
 #include <sys/pool.h>
@@ -979,7 +980,11 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 	int			 error = 0;
 
 	/* XXX keep in sync with switch() below */
+#ifdef __FreeBSD__
+	if (securelevel_gt(td->td_ucred, 1))
+#else
 	if (securelevel > 1)
+#endif
 		switch (cmd) {
 		case DIOCGETRULES:
 		case DIOCGETRULE:
-- 
cgit v1.1