Map VAPPEND to VWRITE since the ugidfw rule syntax doesn't specifically

address the append access mode.

Reported by:	"Daniel C. Sobral" <dcs@newsguy.com>
Obtained from:	TrustedBSD Project
Sponosred by:	DARPA, Network Associates Laboratories

MFC Candidate.

sys/security/mac_bsdextended/mac_bsdextended.c

@@ -279,6 +279,15 @@ mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid,
 		if (rules[i] == NULL)
 			continue;
 
+		/*
+		 * Since we don't separately handle append, map append to
+		 * write.
+		 */
+		if (acc_mode & VAPPEND) {
+			acc_mode &= ~VAPPEND;
+			acc_mode |= VWRITE;
+		}
+
 		error = mac_bsdextended_rulecheck(rules[i], cred, object_uid,
 		    object_gid, acc_mode);
 		if (error)