Date: Sun, 29 Sep 2013 20:21:34 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r255945 - head/sys/security/mac Message-ID: <201309292021.r8TKLYE2028599@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Sun Sep 29 20:21:34 2013 New Revision: 255945 URL: http://svnweb.freebsd.org/changeset/base/255945 Log: Make the mac_policy_rm lock recursable, which allows reentrance into the mac framework. It is needed when priv_check_cred(9) is called from the mac callback, e.g. in the mac_portacl(4). Reported by: az Reviewed by: rwatson Sponsored by: The FreeBSD Foundation MFC after: 1 week Approved by: re (gjb) Modified: head/sys/security/mac/mac_framework.c Modified: head/sys/security/mac/mac_framework.c ============================================================================== --- head/sys/security/mac/mac_framework.c Sun Sep 29 20:20:17 2013 (r255944) +++ head/sys/security/mac/mac_framework.c Sun Sep 29 20:21:34 2013 (r255945) @@ -292,7 +292,8 @@ mac_init(void) mac_labelzone_init(); #ifndef MAC_STATIC - rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS); + rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS | + RM_RECURSE); sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS); #endif }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309292021.r8TKLYE2028599>