d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use the label from the socket credential rather than the

Browse Source 
solabel which was not set by the mac_partition policy.

Spotted by:	rwatson
Reviewed by:	rwatson
MFC after:	3 days
This commit is contained in:
Bjoern A. Zeeb 2008-10-17 08:58:33 +00:00
parent 1455fd2638
commit 4a5216a6dc
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=183970
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/security/mac_partition/mac_partition.c
View File

@ -51,6 +51,7 @@
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/sbuf.h>
#include <sys/socketvar.h>
#include <sys/systm.h>
#include <sys/sysctl.h>
@ -248,7 +249,7 @@ partition_socket_check_visible(struct ucred *cred, struct socket *so,
{
int error;
error = label_on_label(cred->cr_label, solabel);
error = label_on_label(cred->cr_label, so->so_cred->cr_label);
return (error ? ENOENT : 0);
}