Page MenuHomeFreeBSD
Differential D53362

libutil: defer setting the MAC label until after the login class
ClosedPublic
Actions

Authored by kevans on Oct 26 2025, 3:01 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 2, 5:46 AM
Unknown Object (File)
Nov 19 2025, 8:12 PM
Unknown Object (File)
Nov 17 2025, 6:36 AM
Unknown Object (File)
Nov 10 2025, 4:28 AM
Unknown Object (File)
Nov 9 2025, 4:55 PM
Unknown Object (File)
Nov 8 2025, 3:23 PM
Unknown Object (File)
Nov 5 2025, 10:09 AM
Unknown Object (File)
Oct 30 2025, 3:03 PM
View All 23 Files
Subscribers
andrew_tao173.riddles.org.uk
imp

Details

Reviewers
des
olce
Commits
rG98edcbcce0a4: libutil: defer setting the MAC label until after the login class
Summary

MAC policies, like mac_biba(4), may forbid changing the login class once
a label has been applied. For setting up the initial login context,
this isn't really expected and in-fact may break some class-based
configuration.

Defer setting the MAC label until after the login class is set, and
remove the requirement that we have a pwd entry since the label is
pulled from the login class -- we only use pwd for syslog in this path.

Patch is largely by Kevin Barry, with some modifications and this commit
message by kevans@.

PR: 177698
Co-authored-by: Kevin Barry <ta0kira gmail com>

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
lib/
libutil/
55 lines

Diff 165278

View Options

lib/libutil/login_class.c

Loading...