author: Christian S.J. Peron <csjp@FreeBSD.org> 2005-04-14 16:03:30 +0000
committer: Christian S.J. Peron <csjp@FreeBSD.org> 2005-04-14 16:03:30 +0000
commit: c92163dcad6e92dd8d19b3ba1d7c7be3a3fcb9e3 (patch)
tree: a937e6876873279cfd5117a2a8a0ee95fe63505b /sys/security/mac_mls/mac_mls.c
parent: 3aabc1594177ad692b60bea83ffc4d3e99b2dcef (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index b2f525a57bc2..fb0c2a504e0e 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -46,6 +46,7 @@
 #include <sys/extattr.h>
 #include <sys/kernel.h>
 #include <sys/mac.h>
+#include <sys/mman.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
 #include <sys/proc.h>
@@ -2380,7 +2381,7 @@ mac_mls_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
 
 static int
 mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
-    struct label *label, int prot)
+    struct label *label, int prot, int flags)
 {
 	struct mac_mls *subj, *obj;
 
@@ -2398,7 +2399,7 @@ mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
 		if (!mac_mls_dominate_effective(subj, obj))
 			return (EACCES);
 	}
-	if (prot & VM_PROT_WRITE) {
+	if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) {
 		if (!mac_mls_dominate_effective(obj, subj))
 			return (EACCES);
 	}
author	Christian S.J. Peron <csjp@FreeBSD.org>	2005-04-14 16:03:30 +0000
committer	Christian S.J. Peron <csjp@FreeBSD.org>	2005-04-14 16:03:30 +0000
commit	c92163dcad6e92dd8d19b3ba1d7c7be3a3fcb9e3 (patch)
tree	a937e6876873279cfd5117a2a8a0ee95fe63505b /sys/security/mac_mls/mac_mls.c
parent	3aabc1594177ad692b60bea83ffc4d3e99b2dcef (diff)