aboutsummaryrefslogtreecommitdiff
path: root/sys/security/mac_partition
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2002-11-08 18:04:36 +0000
committerRobert Watson <rwatson@FreeBSD.org>2002-11-08 18:04:36 +0000
commitef5def596d3e5479f096ed526f0fcc31e3dc519e (patch)
tree229b6b138af158da4b65f931e1632502f1dde91f /sys/security/mac_partition
parent9fa3506ecdd70a18ee49ede6d14bff0a28716ab4 (diff)
Notes
Diffstat (limited to 'sys/security/mac_partition')
-rw-r--r--sys/security/mac_partition/mac_partition.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c
index 3465eab8e947..d7fc25c9596f 100644
--- a/sys/security/mac_partition/mac_partition.c
+++ b/sys/security/mac_partition/mac_partition.c
@@ -244,6 +244,24 @@ mac_partition_check_socket_visible(struct ucred *cred, struct socket *socket,
return (error ? ENOENT : 0);
}
+static int
+mac_partition_check_vnode_exec(struct ucred *cred, struct vnode *vp,
+ struct label *label, struct image_params *imgp, struct label *execlabel)
+{
+
+ if (execlabel != NULL) {
+ /*
+ * We currently don't permit labels to be changed at
+ * exec-time as part of the partition model, so disallow
+ * non-NULL partition label changes in execlabel.
+ */
+ if (SLOT(execlabel) != 0)
+ return (EINVAL);
+ }
+
+ return (0);
+}
+
static struct mac_policy_ops mac_partition_ops =
{
.mpo_init = mac_partition_init,
@@ -261,6 +279,7 @@ static struct mac_policy_ops mac_partition_ops =
.mpo_check_proc_sched = mac_partition_check_proc_sched,
.mpo_check_proc_signal = mac_partition_check_proc_signal,
.mpo_check_socket_visible = mac_partition_check_socket_visible,
+ .mpo_check_vnode_exec = mac_partition_check_vnode_exec,
};
MAC_POLICY_SET(&mac_partition_ops, trustedbsd_mac_partition,
generated by cgit v1.3 (git 2.53.0) at 2026-05-31 12:19:01 +0000