Make the mac_policy_rm lock recursable, which allows reentrance into

the mac framework. It is needed when priv_check_cred(9) is called from the mac callback, e.g. in the mac_portacl(4). Reported by: az Reviewed by: rwatson Sponsored by: The FreeBSD Foundation MFC after: 1 week Approved by: re (gjb)
2013-09-29 20:21:34 +00:00 · 2013-09-29 20:21:34 +00:00 · f7fadf1f22
commit f7fadf1f22
parent cd4bd9496e
1 changed files with 2 additions and 1 deletions
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@ -292,7 +292,8 @@ mac_init(void)
 	mac_labelzone_init();

 #ifndef MAC_STATIC
-	rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS);
+	rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS |
+	    RM_RECURSE);
 	sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS);
 #endif
 }