Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 24 Jul 2013 14:42:25 GMT
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@FreeBSD.org>
Subject:   PERFORCE change 231415 for review
Message-ID:  <201307241442.r6OEgPqE060626@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://p4web.freebsd.org/@@231415?ac=10

Change 231415 by rwatson@rwatson_cinnamon on 2013/07/24 14:41:58

	Instead of checking if we are in the execve() call graph,
	instead allow the exec MAC check to authorise open; while
	here, also allow the KLD Load check to authorise open as
	well.

Affected files ...

.. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_vnops.c#6 edit

Differences ...

==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_vnops.c#6 (text+ko) ====

@@ -275,7 +275,9 @@
 
 #ifdef MAC
 #ifdef TESLA_MAC
-	TESLA_SYSCALL(incallstack(kern_execve) ||
+	TESLA_SYSCALL(
+	    previously(mac_kld_check_load(ANY(ptr), vp) == 0) ||
+	    previously(mac_vnode_check_exec(ANY(ptr), vp, ANY(ptr)) == 0) ||
 	    previously(mac_vnode_check_open(ANY(ptr), vp, ANY(int)) == 0));
 #endif
 #endif

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307241442.r6OEgPqE060626>