Diffusion FreeBSD src repository 4a5fa1086184

procfs require PRIV_PROC_MEM_WRITE to write mem
4a5fa1086184
Actions

Description

procfs require PRIV_PROC_MEM_WRITE to write mem

Add a priv_check for PRIV_PROC_MEM_WRITE which will be blocked
by mac_veriexec if being enforced, unless the process has a maclabel
to grant priv.

Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D46692

Details

Provenance

sjg	Authored on Sep 19 2024, 8:10 PM

Reviewer

stevek

Differential Revision

Restricted Differential Revision

Parents

rGae1a0648b05a: jail: unbreak the zfs.mount_snapshot option

Branches

Unknown

Tags

Unknown

Event Timeline

sjg committed rG4a5fa1086184: procfs require PRIV_PROC_MEM_WRITE to write mem (authored by sjg).Sep 19 2024, 8:10 PM

Herald added a subscriber: MichalX.Gulbicki_intel.com. · View Herald TranscriptSep 19 2024, 8:11 PM

sjg added an edge: Restricted Differential Revision.Sep 19 2024, 8:11 PM

Changes (5)

Path

Size

sys/

fs/

procfs/

procfs_mem.c

kern/

kern_priv.c

security/

mac_grantbylabel/

mac_grantbylabel.c

mac_veriexec/

mac_veriexec.c

sys/

priv.h

rG4a5fa1086184

View Options

sys/fs/procfs/procfs_mem.c

View Options

sys/kern/kern_priv.c

View Options

sys/security/mac_grantbylabel/mac_grantbylabel.c

View Options

sys/security/mac_veriexec/mac_veriexec.c

View Options

procfs require PRIV_PROC_MEM_WRITE to write mem4a5fa1086184Actions

Description

Details

Event Timeline

Changes (5)

rG4a5fa1086184

sys/fs/procfs/procfs_mem.c

sys/kern/kern_priv.c

sys/security/mac_grantbylabel/mac_grantbylabel.c

sys/security/mac_veriexec/mac_veriexec.c

sys/sys/priv.h

procfs require PRIV_PROC_MEM_WRITE to write mem
4a5fa1086184
Actions