Date: Sun, 22 Sep 2002 10:23:14 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 17935 for review Message-ID: <200209221723.g8MHNEd5003302@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17935 Change 17935 by rwatson@rwatson_paprika on 2002/09/22 10:22:33 Teach mac_partition model that a request to set the partition to 0 is a no-op during the relabel check (we already handled it that way in the actual relabel implementation). This reduces interference with other loaded policies. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_partition/mac_partition.c#13 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_partition/mac_partition.c#13 (text+ko) ==== @@ -196,15 +196,26 @@ } static int -mac_partition_check_cred_relabel(struct ucred *cred, struct mac *newlabel) +mac_partition_check_cred_relabel(struct ucred *cred, struct label *newlabel) { + int error; + + error = 0; + + /* Treat "0" as a no-op request. */ + if (SLOT(newlabel) != 0) { + /* If we're already in a partition, can't repartition. */ + if (SLOT(&cred->cr_label) != 0) + return (EPERM); - /* If in a partition, can't re-partition. */ - if (SLOT(&cred->cr_label) != 0) - return (EPERM); + /* + * If not in a partition, must have privilege to create + * one. + */ + error = suser_cred(cred, 0); + } - /* If not in a partition, must have privilege */ - return (suser_cred(cred, 0)); + return (error); } static int To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209221723.g8MHNEd5003302>