Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

PR/35252: YAMAMOTO Takashi: veriexec doesn't handle unmount

Browse Source 
Call veriexec_table_delete() in the cases where we won't be failing the
unmount request.
This commit is contained in:
elad 2006-12-14 11:15:27 +00:00
parent 4cfe5a1b41
commit aa4d8a2d6c
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
sys/kern/kern_verifiedexec.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_verifiedexec.c,v 1.80 2006/12/14 05:15:33 elad Exp $ */
/* $NetBSD: kern_verifiedexec.c,v 1.81 2006/12/14 11:15:27 elad Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad@NetBSD.org>
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.80 2006/12/14 05:15:33 elad Exp $");
__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.81 2006/12/14 11:15:27 elad Exp $");
#include "opt_veriexec.h"
@ -1173,6 +1173,11 @@ veriexec_unmountchk(struct mount *mp)
switch (veriexec_strict) {
case VERIEXEC_LEARNING:
case VERIEXEC_IDS:
if (veriexec_table_delete(mp) == 0) {
log(LOG_INFO, "Veriexec: IDS mode, allowing unmount "
"of \"%s\".\n", mp->mnt_stat.f_mntonname);
}
error = 0;
break;
@ -1182,7 +1187,7 @@ veriexec_unmountchk(struct mount *mp)
vte = fileassoc_tabledata_lookup(mp, veriexec_hook);
if ((vte != NULL) && (vte->vte_count > 0)) {
log(LOG_ALERT, "Veriexec: IPS mode, preventing"
" unmount of \"%s\" with monitored files.",
" unmount of \"%s\" with monitored files.\n",
mp->mnt_stat.f_mntonname);
error = EPERM;