Date: Tue, 22 Oct 2002 14:12:14 -0700 (PDT) From: Brian Feldman <green@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 19932 for review Message-ID: <200210222112.g9MLCEk1033518@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=19932 Change 19932 by green@green_laptop_2 on 2002/10/22 14:11:53 * Improve commenting. * Allow a process to relabel itself as long as it maintains the same SEBSD label. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#49 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#49 (text+ko) ==== @@ -232,11 +232,20 @@ return; } +/* + * SEBSD does not support the relabeling of processes without + * transitioning. + */ static int sebsd_check_cred_relabel(struct ucred *cred, struct label *newlabel) { - printf("sebsd_check_cred_relabel:: This does nothing\n"); - return EPERM; + struct task_security_struct *nsec, *tsec; + + nsec = SLOT(newlabel); + tsec = SLOT(&cred->cr_label); + if (nsec != NULL && nsec->sid != tsec->sid) + return EPERM; + return 0; } static void @@ -898,7 +907,7 @@ if (rc) return (rc); if (old_file->sclass == 0) { - printf("vnode_relabel_from:: ERROR, sid=%d, sclass=0, " + printf("vnode_rename_from:: ERROR, sid=%d, sclass=0, " "v_type=%d\n", old_file->sid, vp->v_type); return 0; /* TBD: debugging */ } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210222112.g9MLCEk1033518>