Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 26 Aug 2006 20:09:30 GMT
From:      "Christian S.J. Peron" <csjp@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 105139 for review
Message-ID:  <200608262009.k7QK9UJh009253@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=105139

Change 105139 by csjp@csjp_xor on 2006/08/26 20:09:19

	Fix panic associated with file creation VIA RPC/NFS calls by properly
	initializing the labels associted with the NFSD credential.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#212 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#212 (text+ko) ====

@@ -2865,6 +2865,17 @@
 	return (0);
 }
 
+static void
+mac_mls_associate_nfsd_label(struct ucred *cred) 
+{
+	struct mac_mls *label;
+
+	label = SLOT(cred->cr_label);
+	mac_mls_set_effective(label, MAC_MLS_TYPE_LOW, 0, NULL);
+	mac_mls_set_range(label, MAC_MLS_TYPE_LOW, 0, NULL,
+	    MAC_MLS_TYPE_HIGH, 0, NULL);
+}
+
 static struct mac_policy_ops mac_mls_ops =
 {
 	.mpo_init = mac_mls_init,
@@ -3037,6 +3048,7 @@
 	.mpo_check_vnode_setutimes = mac_mls_check_vnode_setutimes,
 	.mpo_check_vnode_stat = mac_mls_check_vnode_stat,
 	.mpo_check_vnode_write = mac_mls_check_vnode_write,
+	.mpo_associate_nfsd_label = mac_mls_associate_nfsd_label,
 };
 
 MAC_POLICY_SET(&mac_mls_ops, mac_mls, "TrustedBSD MAC/MLS",

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608262009.k7QK9UJh009253>