Date: Tue, 27 May 2025 09:21:44 GMT From: Olivier Certner <olce@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: b5c9889e369a - main - MAC/do: Fix a too stringent debug assertion for a target of 'uid=*' Message-ID: <202505270921.54R9LibL041714@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=b5c9889e369a801ce7c1115f2535ddacbd69800d commit b5c9889e369a801ce7c1115f2535ddacbd69800d Author: Olivier Certner <olce@FreeBSD.org> AuthorDate: 2025-05-27 08:20:06 +0000 Commit: Olivier Certner <olce@FreeBSD.org> CommitDate: 2025-05-27 09:20:07 +0000 MAC/do: Fix a too stringent debug assertion for a target of 'uid=*' MDF_HAS_PRIMARY_CLAUSE only concerns groups, not users, and is thus not set in the latter case. This change only has an effect on INVARIANTS builds. PR: 287057 MFC after: 10 minutes Sponsored by: The FreeBSD Foundation --- sys/security/mac_do/mac_do.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index a83c194b24ae..9aeafa62b56d 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -258,7 +258,8 @@ check_type_and_type_flags(const id_type_t type, const flags_t flags) "groups specification are exclusive"; goto unexpected_flags; } - if (((flags & MDF_PRIMARY) != 0 || (flags & MDF_ANY) != 0) && + if (type == IT_GID && + ((flags & MDF_PRIMARY) != 0 || (flags & MDF_ANY) != 0) && (flags & MDF_HAS_PRIMARY_CLAUSE) == 0) { str = "Presence of folded primary clause not reflected " "by presence of MDF_HAS_PRIMARY_CLAUSE";
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202505270921.54R9LibL041714>