Perform VOP_GETATTR() before mac_check_vnode_exec() so that

the cached attributes are available to MAC modules. Submitted by: mike halderman <mrh@nosc.mil> Obtained from: TrustedBSD Project
2003-01-21 03:26:28 +00:00 · 2003-01-21 03:26:28 +00:00 · 990294caa2
commit 990294caa2
parent c1e42cc8bb
1 changed files with 5 additions and 5 deletions
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@ -1109,17 +1109,17 @@ exec_check_permissions(imgp)

 	td = curthread;			/* XXXKSE */

+	/* Get file attributes */
+	error = VOP_GETATTR(vp, attr, td->td_ucred, td);
+	if (error)
+		return (error);
+
 #ifdef MAC
 	error = mac_check_vnode_exec(td->td_ucred, imgp->vp, imgp);
 	if (error)
 		return (error);
 #endif
 	
-	/* Get file attributes */
-	error = VOP_GETATTR(vp, attr, td->td_ucred, td);
-	if (error)
-		return (error);
-
 	/*
 	 * 1) Check if file execution is disabled for the filesystem that this
 	 *	file resides on.