Mercurial > illumos > fmac

changeset 7859:86bda13a9ce7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[fmac-discuss] [PATCH 1/5] Fix fmac_vnode_set_secctx Fix a bug in fmac_vnode_set_secctx: do not update the vnode secid if the permission checks failed.
author Stephen Smalley <sds@tycho.nsa.gov>
date Fri, 12 Sep 2008 13:45:33 -0400
parents 8367f05f6752
children bc307d6758c3
files usr/src/uts/common/fmac/fmac.c
diffstat 1 files changed, 2 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/uts/common/fmac/fmac.c	Tue Sep 09 16:09:40 2008 -0400
+++ b/usr/src/uts/common/fmac/fmac.c	Fri Sep 12 13:45:33 2008 -0400
@@ -230,7 +230,8 @@
 		if (!error)
 			error = avc_has_perm(cr_secid, new_secid, sclass,
 			    FILE__RELABELTO);
-		vp->v_secid = new_secid;
+		if (!error)
+			vp->v_secid = new_secid;
 		mutex_exit(&(vp->v_lock));
 	} else {
 		/* Creating a new file. */