diff options
| author | Konstantin Belousov <kib@FreeBSD.org> | 2013-09-29 20:21:34 +0000 |
|---|---|---|
| committer | Konstantin Belousov <kib@FreeBSD.org> | 2013-09-29 20:21:34 +0000 |
| commit | f7fadf1f228f3742ed7d48512b40910826f83a46 (patch) | |
| tree | 842773f4fe1c71d003fcbc7d7d994c299da4455f /sys/security | |
| parent | cd4bd9496ed6c655784673b20bf4574cc10bce42 (diff) | |
| download | src-f7fadf1f228f3742ed7d48512b40910826f83a46.tar.gz src-f7fadf1f228f3742ed7d48512b40910826f83a46.zip | |
Make the mac_policy_rm lock recursable, which allows reentrance into
the mac framework. It is needed when priv_check_cred(9) is called from
the mac callback, e.g. in the mac_portacl(4).
Reported by: az
Reviewed by: rwatson
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Approved by: re (gjb)
Notes
Notes:
svn path=/head/; revision=255945
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac/mac_framework.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 816bb0bd7655..ed0c05a48269 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -292,7 +292,8 @@ mac_init(void) mac_labelzone_init(); #ifndef MAC_STATIC - rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS); + rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS | + RM_RECURSE); sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS); #endif } |