freebsd-skq/sys/security/mac_mls
rwatson 3043fa2dca Properly return the error from mls_subject_privileged() in the ifnet
relabel check for MLS rather than returning 0 directly.

This problem didn't result in a vulnerability currently as the central
implementation of ifnet relabeling also checks for UNIX privilege, and
we currently don't guarantee containment for the root user in mac_mls,
but we should be using the MLS definition of privilege as well as the
UNIX definition in anticipation of supporting root containment at some
point.

MFC after:	3 days
Submitted by:	Zhouyi Zhou <zhouzhouyi at gmail dot com>
Sponsored by:	Google SoC 2007
2008-01-28 10:20:18 +00:00
..
mac_mls.c Properly return the error from mls_subject_privileged() in the ifnet 2008-01-28 10:20:18 +00:00
mac_mls.h Rename Biba and MLS _single label elements to _effective, which more 2004-07-16 02:03:50 +00:00