diff options
| author | Poul-Henning Kamp <phk@FreeBSD.org> | 2004-11-04 09:17:55 +0000 |
|---|---|---|
| committer | Poul-Henning Kamp <phk@FreeBSD.org> | 2004-11-04 09:17:55 +0000 |
| commit | ecc14aae122671c892294055e4397e36382b6916 (patch) | |
| tree | fb094b08c26d2ee491df00a8fb23e39974d2b3ea | |
| parent | 40c340aa5decbb3956e5716f8f57f82affd4c3bf (diff) | |
Notes
| -rw-r--r-- | sys/fs/devfs/devfs_vnops.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index 5e1252832f9a..5f9f16285153 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -710,6 +710,18 @@ devfs_open(ap) if (dev->si_iosize_max == 0) dev->si_iosize_max = DFLTPHYS; + if (vn_isdisk(vp, NULL) && + ap->a_cred != FSCRED && (ap->a_mode & FWRITE)) { + /* + * When running in very secure mode, do not allow + * opens for writing of any disks. + * XXX: should be in geom_dev.c, but we lack the cred there. + */ + error = securelevel_ge(td->td_ucred, 2); + if (error) + return (error); + } + dsw = dev_refthread(dev); if (dsw == NULL) return (ENXIO); |