From f32bb0529b994c3a7bdbd4637a4de65a31cf5f76 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Mon, 2 Jun 2003 17:21:38 +0000 Subject: [PATCH] Use mac_biba_label_copy() and mac_mls_label_copy() to implement the mpo_copy_mbuf_label() entry point for Biba and MLS, respectively. Otherwise, labels in m_tags may not be properly propagated across some classes of mbuf operations. This problem caused these policies to fail-stop the system with a panic. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/security/mac_biba/mac_biba.c | 1 + sys/security/mac_mls/mac_mls.c | 1 + 2 files changed, 2 insertions(+) diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 18f7a0fab5b..fa9d5e2cfec 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -2630,6 +2630,7 @@ static struct mac_policy_ops mac_biba_ops = .mpo_destroy_socket_label = mac_biba_destroy_label, .mpo_destroy_socket_peer_label = mac_biba_destroy_label, .mpo_destroy_vnode_label = mac_biba_destroy_label, + .mpo_copy_mbuf_label = mac_biba_copy_label, .mpo_copy_pipe_label = mac_biba_copy_label, .mpo_copy_vnode_label = mac_biba_copy_label, .mpo_externalize_cred_label = mac_biba_externalize_label, diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index e464a903b8c..2ceae3559c1 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -2393,6 +2393,7 @@ static struct mac_policy_ops mac_mls_ops = .mpo_destroy_socket_label = mac_mls_destroy_label, .mpo_destroy_socket_peer_label = mac_mls_destroy_label, .mpo_destroy_vnode_label = mac_mls_destroy_label, + .mpo_copy_mbuf_label = mac_mls_copy_label, .mpo_copy_pipe_label = mac_mls_copy_label, .mpo_copy_vnode_label = mac_mls_copy_label, .mpo_externalize_cred_label = mac_mls_externalize_label,