From nobody Tue May 27 09:23:51 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4b66dN60dfz5xB6q; Tue, 27 May 2025 09:23:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4b66dN0bXWz3VkQ; Tue, 27 May 2025 09:23:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1748337832; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3TrbSXDxT5hlReePen8uvosgPne52XLZqLlmTUx7hWU=; b=xUQ4zFvlLKukD7xlL7Yhr+/Cn6LqG9+NzYaE1R9WHh8HE/oRPgWvYCXFVcwreWPPyU+dtE 9LK9XcZdt9wsELx5ebaZcxKVUrJEAZ+BHeR0hD0axel61ji8QibmAi0yc4N1B/VlFKAZqj HFKg/s0FtmuWi5A3SznRDkBrjzvk9gy1bYjilNRNlh9FcUYRT0UhitzC6Qe5jQfOFgDjzT 1j9mxtNOoRyGvbkKEcALWLznjyqmy3H+No9ziXlwxO09aEGGuZIbJ78YV3yMYDlWlDzRm9 Tq0Nxh98UglSg8F6c8N15WfG/cRF7Wdrqd+HUp9/IAV90ELg/GA0bphe+awm5Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1748337832; a=rsa-sha256; cv=none; b=CS636RGvYX541jYYbH8f0Mvr2vRu4DYBZimiuguoQz060nCoDaklBvaJFu4S24kg5/7IdA rizgFfKbIIWWdw1hv4SOSjuns5T2HDE9CQx93zmh5cOt4YEF86fkqbF+UsCSPXs++OjNSc ai+ZDVHjscs8ZpnGbaU/XYwvFsnEB66tZzEQgZdGSMLTSZ+hlj1hNKa3M9JUmXLGjpxwwk 7iVa/xt5K0OCA2p1qTAtJBRP9/hSLcZD1KbT2+ZnSqzu9xXu6BhJA6FCLlGTlGeHybBpJn VRyoJQJSB0wL17UwynIUfqB+X0D0ASYUTxr+bCf5EdO9hKpb8e4ABSDHVSUYng== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1748337832; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3TrbSXDxT5hlReePen8uvosgPne52XLZqLlmTUx7hWU=; b=KYe0UbfvqssrYhuhCvP2vXUBvRJ9kn1mz2t+JtPT+vUeGOaZCgz/88gwvsBTPSZrg40+2E HYWmoq4qGDiyrcAGiA0BeVNbP//rEigKZD0EoJNc5gY3Dur8yimMbAcxKnDq62QTOtz507 0j1+89lFtGT0Q2+eMQFqzrLFm7n90SqhxGp+WE9jJnpCKesLZuJQXHBQJXrUXR/VDupVb5 9ZN6fCHzzafp0+PcM/KWe4569qsnoGdCZxbbnIa5QHyYCTcZ2PpWy5LcLq8wStMRmipKNh spvnzKE5lUSAtKLRdywp3bnzWE+XnhVU2QSPF/gGpzXksjH5/Sz/XDAjMvJ6gw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4b66dM722NznBY; Tue, 27 May 2025 09:23:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 54R9NpgG048213; Tue, 27 May 2025 09:23:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 54R9NpNa048210; Tue, 27 May 2025 09:23:51 GMT (envelope-from git) Date: Tue, 27 May 2025 09:23:51 GMT Message-Id: <202505270923.54R9NpNa048210@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 30f092c40ad4 - stable/14 - MAC/do: Fix a too stringent debug assertion for a target of 'uid=*' List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 30f092c40ad4eb592861839f4ffa9e9891abf1d3 Auto-Submitted: auto-generated The branch stable/14 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=30f092c40ad4eb592861839f4ffa9e9891abf1d3 commit 30f092c40ad4eb592861839f4ffa9e9891abf1d3 Author: Olivier Certner AuthorDate: 2025-05-27 08:20:06 +0000 Commit: Olivier Certner CommitDate: 2025-05-27 09:23:11 +0000 MAC/do: Fix a too stringent debug assertion for a target of 'uid=*' MDF_HAS_PRIMARY_CLAUSE only concerns groups, not users, and is thus not set in the latter case. This change only has an effect on INVARIANTS builds. PR: 287057 MFC after: 10 minutes Sponsored by: The FreeBSD Foundation (cherry picked from commit b5c9889e369a801ce7c1115f2535ddacbd69800d) --- sys/security/mac_do/mac_do.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index a83c194b24ae..9aeafa62b56d 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -258,7 +258,8 @@ check_type_and_type_flags(const id_type_t type, const flags_t flags) "groups specification are exclusive"; goto unexpected_flags; } - if (((flags & MDF_PRIMARY) != 0 || (flags & MDF_ANY) != 0) && + if (type == IT_GID && + ((flags & MDF_PRIMARY) != 0 || (flags & MDF_ANY) != 0) && (flags & MDF_HAS_PRIMARY_CLAUSE) == 0) { str = "Presence of folded primary clause not reflected " "by presence of MDF_HAS_PRIMARY_CLAUSE";