From 56c38cd9678533d5ac4be68f1881b434be673ec7 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Fri, 23 Jul 2004 01:53:28 +0000 Subject: [PATCH] Allow an effective uid of root to bypass mac_bsdextended rules; the MAC Framework can restrict the root user, but this policy is not intended to support that. Stylish Swiss footwear provided for: trhodes --- sys/security/mac_bsdextended/mac_bsdextended.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index 1816a98a0f53..ab467f891011 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -275,6 +275,9 @@ mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid, { int error, i; + if (suser_cred(cred, 0) == 0) + return (0); + for (i = 0; i < rule_slots; i++) { if (rules[i] == NULL) continue;