Move mapping of MBI_APPEND to MBI_WRITE from inside the rule loop in
mac_bsdextended_check() to before the loop, as it needs to happen only once. MFC after: 1 week
This commit is contained in:
parent
afdb42748d
commit
d24c76d1f5
@ -460,20 +460,19 @@ mac_bsdextended_check(struct ucred *cred, struct vnode *vp, struct vattr *vap,
|
||||
if (suser_cred(cred, 0) == 0)
|
||||
return (0);
|
||||
|
||||
mtx_lock(&mac_bsdextended_mtx);
|
||||
for (i = 0; i < rule_slots; i++) {
|
||||
if (rules[i] == NULL)
|
||||
continue;
|
||||
|
||||
/*
|
||||
* Since we do not separately handle append, map append to
|
||||
* write.
|
||||
* Since we do not separately handle append, map append to write.
|
||||
*/
|
||||
if (acc_mode & MBI_APPEND) {
|
||||
acc_mode &= ~MBI_APPEND;
|
||||
acc_mode |= MBI_WRITE;
|
||||
}
|
||||
|
||||
mtx_lock(&mac_bsdextended_mtx);
|
||||
for (i = 0; i < rule_slots; i++) {
|
||||
if (rules[i] == NULL)
|
||||
continue;
|
||||
|
||||
error = mac_bsdextended_rulecheck(rules[i], cred,
|
||||
vp, vap, acc_mode);
|
||||
if (error == EJUSTRETURN)
|
||||
|
Loading…
Reference in New Issue
Block a user