d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correct use of mac_biba_subject_privileged() in swapon() code.

Browse Source 
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
This commit is contained in:
rwatson 2002-11-04 17:36:47 +00:00
parent 4a4afa18bb
commit 8ea7b65d85
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/security/mac_biba/mac_biba.c
View File

@ -1871,6 +1871,7 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp,
struct label *label)
{
struct mac_biba *subj, *obj;
int error;
if (!mac_biba_enabled)
return (0);
@ -1878,8 +1879,9 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp,
subj = SLOT(&cred->cr_label);
obj = SLOT(label);
if (!mac_biba_subject_privileged(subj))
return (EPERM);
error = mac_biba_subject_privileged(subj);
if (error)
return (error);
if (!mac_biba_high_single(obj))
return (EACCES);