d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

When checking labels during a vnode link operation in MLS, use the file

Browse Source 
vnode label for a check rather than the directory vnode label a second
time.

MFC after:	3 days
Submitted by:	Zhouyi ZHOU <zhouzhouyi at FreeBSD dot org>
Reviewed by:	csjp
Sponsored by:	Google Summer of Code 2007
Approved by:	re (bmah)
This commit is contained in:
Robert Watson 2007-07-23 13:28:54 +00:00
parent 6d8617d42a
commit 7bb9c8a05b
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=171555
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/security/mac_mls/mac_mls.c
View File

@ -2416,7 +2416,7 @@ mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp,
if (!mac_mls_dominate_effective(obj, subj))
return (EACCES);
obj = SLOT(dvplabel);
obj = SLOT(vplabel);
if (!mac_mls_dominate_effective(obj, subj))
return (EACCES);