Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 9 Jun 2023 14:50:13 GMT
From:      "Stephen J. Kiernan" <stevek@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 7bb4d1302cf7 - main - veriexec: Do not save error from file info in fingerprint status
Message-ID:  <202306091450.359EoDrf066842@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by stevek:

URL: https://cgit.FreeBSD.org/src/commit/?id=7bb4d1302cf76bf84a76232532a3b7d4d28554bf

commit 7bb4d1302cf76bf84a76232532a3b7d4d28554bf
Author:     Stephen J. Kiernan <stevek@FreeBSD.org>
AuthorDate: 2023-06-09 14:38:07 +0000
Commit:     Stephen J. Kiernan <stevek@FreeBSD.org>
CommitDate: 2023-06-09 14:49:59 +0000

    veriexec: Do not save error from file info in fingerprint status
    
    We do not want or need to propagate the error from fetching file info
    when determining the file status. It could cause open(2) and similar
    calls to fail when trying to access devices.
    
    Obtained from:  Juniper Networks, Inc.
---
 sys/security/mac_veriexec/veriexec_metadata.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/security/mac_veriexec/veriexec_metadata.c b/sys/security/mac_veriexec/veriexec_metadata.c
index 4ff635335e9f..4e25b1672575 100644
--- a/sys/security/mac_veriexec/veriexec_metadata.c
+++ b/sys/security/mac_veriexec/veriexec_metadata.c
@@ -516,9 +516,9 @@ mac_veriexec_metadata_fetch_fingerprint_status(struct vnode *vp,
 	status = mac_veriexec_get_fingerprint_status(vp);
 	if (status == FINGERPRINT_INVALID || status == FINGERPRINT_NODEV) {
 		found_dev = 0;
-		error = mac_veriexec_metadata_get_file_info(vap->va_fsid,
-		    vap->va_fileid, vap->va_gen, &found_dev, &ip, check_files);
-		if (error != 0) {
+		if (mac_veriexec_metadata_get_file_info(vap->va_fsid,
+		    vap->va_fileid, vap->va_gen, &found_dev, &ip,
+		    check_files) != 0) {
 			status = (found_dev) ? FINGERPRINT_NOENTRY :
 			    FINGERPRINT_NODEV;
 			VERIEXEC_DEBUG(3,

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202306091450.359EoDrf066842>