upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Change privilege model for mac_partition such that BSD superuser can change

Browse source 
the partition once a partition has been set.  This is required for correct
operation of sendmail between partitions.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
This commit is contained in:
Robert Watson 2002-11-03 00:53:03 +00:00
parent 9aba5a2cdb
commit 0d89ccd7d5
1 changed files with 4 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
sys/security/mac_partition/mac_partition.c
View file

@ -183,13 +183,11 @@ mac_partition_check_cred_relabel(struct ucred *cred, struct label *newlabel)
/* Treat "0" as a no-op request. */
if (SLOT(newlabel) != 0) {
/* If we're already in a partition, can't repartition. */
if (SLOT(&cred->cr_label) != 0)
return (EPERM);
/*
* If not in a partition, must have privilege to create
* one.
* Require BSD privilege in order to change the partition.
* Originally we also required that the process not be
* in a partition in the first place, but this didn't
* interact well with sendmail.
*/
error = suser_cred(cred, 0);
}