From da2965e1a243768795b02024e54bb4e974752999 Mon Sep 17 00:00:00 2001 From: kib Date: Sun, 29 Sep 2013 20:21:34 +0000 Subject: Make the mac_policy_rm lock recursable, which allows reentrance into the mac framework. It is needed when priv_check_cred(9) is called from the mac callback, e.g. in the mac_portacl(4). Reported by: az Reviewed by: rwatson Sponsored by: The FreeBSD Foundation MFC after: 1 week Approved by: re (gjb) --- sys/security/mac/mac_framework.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sys/security') diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 816bb0b..ed0c05a 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -292,7 +292,8 @@ mac_init(void) mac_labelzone_init(); #ifndef MAC_STATIC - rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS); + rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS | + RM_RECURSE); sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS); #endif } -- cgit v1.1