summaryrefslogtreecommitdiff
path: root/sys/security/mac/mac_syscalls.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/mac/mac_syscalls.c')
-rw-r--r--sys/security/mac/mac_syscalls.c28
1 files changed, 25 insertions, 3 deletions
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index 85101e1f2cc9..180b8aaad692 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -928,16 +928,38 @@ static int
mac_policy_unregister(struct mac_policy_conf *mpc)
{
+ /*
+ * If we fail the load, we may get a request to unload. Check
+ * to see if we did the run-time registration, and if not,
+ * silently succeed.
+ */
+ MAC_POLICY_LIST_LOCK();
+ if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
+ MAC_POLICY_LIST_UNLOCK();
+ return (0);
+ }
#if 0
/*
* Don't allow unloading modules with private data.
*/
- if (mpc->mpc_field_off != NULL)
+ if (mpc->mpc_field_off != NULL) {
+ MAC_POLICY_LIST_UNLOCK();
return (EBUSY);
+ }
#endif
- if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0)
+ /*
+ * Only allow the unload to proceed if the module is unloadable
+ * by its own definition.
+ */
+ if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
+ MAC_POLICY_LIST_UNLOCK();
return (EBUSY);
- MAC_POLICY_LIST_LOCK();
+ }
+ /*
+ * Right now, we EBUSY if the list is in use. In the future,
+ * for reliability reasons, we might want to sleep and wakeup
+ * later to try again.
+ */
if (mac_policy_list_busy > 0) {
MAC_POLICY_LIST_UNLOCK();
return (EBUSY);
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-30 18:45:50 +0000