- Back out the commit to make the linker_load_file() securelevel check
made aware in jail environments. Supposedly something is broken, so this should be backed out until further investigation proves otherwise, or a proper fix can be provided.
This commit is contained in:
parent
9e5a5ed4c5
commit
fe3240e9aa
@ -698,10 +698,10 @@ kldload(struct thread *td, struct kldload_args *uap)
|
||||
|
||||
td->td_retval[0] = -1;
|
||||
|
||||
mtx_lock(&Giant);
|
||||
if (securelevel > 0) /* redundant, but that's OK */
|
||||
return (EPERM);
|
||||
|
||||
if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
|
||||
goto out;
|
||||
mtx_lock(&Giant);
|
||||
|
||||
if ((error = suser_xxx(td->td_ucred, NULL, 0)) != 0)
|
||||
goto out;
|
||||
@ -745,10 +745,10 @@ kldunload(struct thread *td, struct kldunload_args *uap)
|
||||
linker_file_t lf;
|
||||
int error = 0;
|
||||
|
||||
mtx_lock(&Giant);
|
||||
if (securelevel > 0) /* redundant, but that's OK */
|
||||
return (EPERM);
|
||||
|
||||
if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
|
||||
goto out;
|
||||
mtx_lock(&Giant);
|
||||
|
||||
if ((error = suser_xxx(td->td_ucred, NULL, 0)) != 0)
|
||||
goto out;
|
||||
|
@ -307,11 +307,6 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata)
|
||||
vput(vp);
|
||||
return error;
|
||||
}
|
||||
error = securelevel_gt(td->td_ucred, 0);
|
||||
if (error != 0) {
|
||||
vput(vp);
|
||||
return (EPERM);
|
||||
}
|
||||
error = linker_load_file(fstype, &lf);
|
||||
if (error || lf == NULL) {
|
||||
vput(vp);
|
||||
|
@ -307,11 +307,6 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata)
|
||||
vput(vp);
|
||||
return error;
|
||||
}
|
||||
error = securelevel_gt(td->td_ucred, 0);
|
||||
if (error != 0) {
|
||||
vput(vp);
|
||||
return (EPERM);
|
||||
}
|
||||
error = linker_load_file(fstype, &lf);
|
||||
if (error || lf == NULL) {
|
||||
vput(vp);
|
||||
|
Loading…
Reference in New Issue
Block a user