Page MenuHomeFreeBSD
Files F142444570

D54786.id170083.diff
No OneTemporary
Actions

D54786.id170083.diff
View Options

diff --git a/lib/libc/posix1e/mac.conf b/lib/libc/posix1e/mac.conf
--- a/lib/libc/posix1e/mac.conf
+++ b/lib/libc/posix1e/mac.conf
@@ -12,6 +12,7 @@
default_labels file ?biba,?lomac,?mls,?sebsd
default_labels ifnet ?biba,?lomac,?mls,?sebsd
+default_labels jail ?
default_labels process ?biba,?lomac,?mls,?partition,?sebsd
default_labels socket ?biba,?lomac,?mls
diff --git a/lib/libc/posix1e/mac.conf.5 b/lib/libc/posix1e/mac.conf.5
--- a/lib/libc/posix1e/mac.conf.5
+++ b/lib/libc/posix1e/mac.conf.5
@@ -27,7 +27,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd July 25, 2015
+.Dd January 19. 2026
.Dt MAC.CONF 5
.Os
.Sh NAME
@@ -79,6 +79,7 @@
# Default label set to be used by simple MAC applications
default_labels file ?biba,?lomac,?mls,?sebsd
+default_labels jail ?
default_labels ifnet ?biba,?lomac,?mls,?sebsd
default_labels process ?biba,?lomac,?mls,?partition,?sebsd
default_labels socket ?biba,?lomac,?mls
diff --git a/lib/libjail/jail.c b/lib/libjail/jail.c
--- a/lib/libjail/jail.c
+++ b/lib/libjail/jail.c
@@ -1436,18 +1436,21 @@
int error;
error = mac_prepare_type(pmac, "jail");
+ if (error != 0 && errno == ENOENT) {
+ /*
+ * We special-case the scenario where a system has a custom
+ * mac.conf(5) that doesn't include a jail entry -- just let
+ * an empty label slide.
+ */
+ error = mac_prepare(pmac, "?");
+ }
if (error != 0) {
int serrno = errno;
free(jp->jp_value);
jp->jp_value = NULL;
- if (serrno == ENOENT) {
- snprintf(jail_errmsg, sizeof(jail_errmsg),
- "jail_get: no mac.conf(5) jail config");
- } else {
- strerror_r(serrno, jail_errmsg, JAIL_ERRMSGLEN);
- }
+ strerror_r(serrno, jail_errmsg, JAIL_ERRMSGLEN);
errno = serrno;
return (-1);
}
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -331,18 +331,14 @@
goto out_nomac;
}
- if (!(mac_labeled & MPC_OBJECT_PRISON)) {
- error = EINVAL;
- goto out;
- }
-
intlabel = mac_prison_label_alloc(M_NOWAIT);
if (intlabel == NULL) {
error = ENOMEM;
goto out;
}
- mac_prison_copy_label(pr->pr_label, intlabel);
+ if ((mac_labeled & MPC_OBJECT_PRISON) != 0)
+ mac_prison_copy_label(pr->pr_label, intlabel);
/*
* Externalization may want to acquire an rmlock. We already tapped out

File Metadata

Mime Type
text/plain
Expires
Wed, Jan 21, 12:51 AM (3 h, 41 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
27784507
Default Alt Text
D54786.id170083.diff (2 KB)

Event Timeline