HomeFreeBSD
Diffusion FreeBSD src repository 98edcbcce0a4

libutil: defer setting the MAC label until after the login class
98edcbcce0a4
Actions

Description

libutil: defer setting the MAC label until after the login class

MAC policies, like mac_biba(4), may forbid changing the login class once
a label has been applied. For setting up the initial login context,
this isn't really expected and in-fact may break some class-based
configuration.

Defer setting the MAC label until after the login class is set, and
remove the requirement that we have a pwd entry since the label is
pulled from the login class -- we only use pwd for syslog in this path.

Patch is largely by Kevin Barry, with some modifications and this commit
message by kevans@.

PR: 177698
Reviewed by: des, olce
MFC after: 3 days
Co-authored-by: Kevin Barry <ta0kira gmail com>
Differential Revision: https://reviews.freebsd.org/D53362

Details

Provenance
kevansAuthored on Oct 29 2025, 2:37 AM
Reviewer
des
Differential Revision
D53362: libutil: defer setting the MAC label until after the login class
Parents
rG73551cd6eac2: nfs_commonsubs.c: Get rid of variable used as a constant
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
lib/
libutil/

rG98edcbcce0a4

View Options

lib/libutil/login_class.c

Loading...