tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vnode scope implementation



Hey,

Attached is the latest version of the vnode scope implementation. It
adds the necessary back-end, as well as integration with tmpfs.

One important change that is new is that fs_decision, although passed
to the authorization wrapper, is no longer passed to the listeners.
Instead, I have separated the listener decision aggregation code in
kauth_authorize_action() from the result translation, and now we have
kauth_authorize_action_internal() (static, of course), which does the
work of calling the listeners and returns one of three kauth(9) results
(allow, deny defer -- see the code). Kauth_authorize_action() calls it
and does the result translation (0, EPERM), taking "nsecmodels" into
account as before.

IMHO, this allows a much cleaner listener implementation: there's no
need to check the fs_decision and take it into account; the secmodel can
implement only what it's intended to (dholland@ might also appreciate
the lack of casting :).

The new kauth_authorize_action_internal() is used by the vnode scope
authorization wrapper similar to how kauth_authorize_action() uses it,
with the following differences:
  - If the aggregated result is defer, instead of denying we return the
    fs_decision, unless fs_decision is KAUTH_VNODE_REMOTEFS -- in which
    case we "allow" (the file-system might itself deny, but we cannot).

  - Because each file-system's access control is implemented internally
    and not as a kauth(9) listener, we don't care about if no secmodels
    have been loaded.

Everything else should be the same as previous versions.

Please take a moment to review at least the changes from previous
versions. :)

Thanks,

-e.
Index: sys/kern/kern_auth.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_auth.c,v
retrieving revision 1.63
diff -u -p -r1.63 kern_auth.c
--- sys/kern/kern_auth.c        16 Aug 2009 11:01:12 -0000      1.63
+++ sys/kern/kern_auth.c        28 Aug 2009 19:47:46 -0000
@@ -68,6 +68,7 @@ __KERNEL_RCSID(0, "$NetBSD: kern_auth.c,
 #include <sys/sysctl.h>                /* for pi_[p]cread */
 #include <sys/atomic.h>
 #include <sys/specificdata.h>
+#include <sys/vnode.h>
 
 /*
  * Secmodel-specific credentials.
@@ -142,6 +143,7 @@ static kauth_scope_t kauth_builtin_scope
 static kauth_scope_t kauth_builtin_scope_machdep;
 static kauth_scope_t kauth_builtin_scope_device;
 static kauth_scope_t kauth_builtin_scope_cred;
+static kauth_scope_t kauth_builtin_scope_vnode;
 
 static unsigned int nsecmodels = 0;
 
@@ -831,6 +833,10 @@ kauth_init(void)
        /* Register device scope. */
        kauth_builtin_scope_device = kauth_register_scope(KAUTH_SCOPE_DEVICE,
            NULL, NULL);
+
+       /* Register vnode scope. */
+       kauth_builtin_scope_vnode = kauth_register_scope(KAUTH_SCOPE_VNODE,
+           NULL, NULL);
 }
 
 /*
@@ -924,11 +930,16 @@ kauth_unlisten_scope(kauth_listener_t li
  * credential - credentials of the user ("actor") making the request.
  * action - request identifier.
  * arg[0-3] - passed unmodified to listener(s).
+ *
+ * Returns the aggregated result:
+ *     - KAUTH_RESULT_ALLOW if there is at least one KAUTH_RESULT_ALLOW and
+ *       zero KAUTH_DESULT_DENY
+ *     - KAUTH_RESULT_DENY if there is at least one KAUTH_RESULT_DENY
+ *     - KAUTH_RESULT_DEFER if there is nothing but KAUTH_RESULT_DEFER
  */
-int
-kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred,
-                      kauth_action_t action, void *arg0, void *arg1,
-                      void *arg2, void *arg3)
+static int
+kauth_authorize_action_internal(kauth_scope_t scope, kauth_cred_t cred,
+    kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3)
 {
        kauth_listener_t listener;
        int error, allow, fail;
@@ -958,16 +969,34 @@ kauth_authorize_action(kauth_scope_t sco
        /* rw_exit(&kauth_lock); */
 
        if (fail)
-               return (EPERM);
+               return (KAUTH_RESULT_DENY);
 
        if (allow)
+               return (KAUTH_RESULT_ALLOW);
+
+       return (KAUTH_RESULT_DEFER);
+};
+
+int
+kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred,
+    kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3)
+{
+       int r;
+
+       r = kauth_authorize_action_internal(scope, cred, action, arg0, arg1,
+           arg2, arg3);
+
+       if (r == KAUTH_RESULT_DENY)
+               return (EPERM);
+
+       if (r == KAUTH_RESULT_ALLOW)
                return (0);
 
        if (!nsecmodels)
                return (0);
 
        return (EPERM);
-};
+}
 
 /*
  * Generic scope authorization wrapper.
@@ -1053,6 +1082,48 @@ kauth_authorize_device_passthru(kauth_cr
            data, NULL));
 }
 
+kauth_action_t
+kauth_mode_to_action(mode_t mode)
+{
+       kauth_action_t action = 0;
+
+       if (mode & VREAD)
+               action |= KAUTH_VNODE_READ_DATA;
+       if (mode & VWRITE)
+               action |= KAUTH_VNODE_WRITE_DATA;
+       if (mode & VEXEC)
+               action |= KAUTH_VNODE_EXECUTE;
+
+       return action;
+}
+
+int
+kauth_authorize_vnode(kauth_cred_t cred, kauth_action_t action,
+    struct vnode *vp, struct vnode *dvp, int fs_decision)
+{
+       int error;
+
+       error = kauth_authorize_action_internal(kauth_builtin_scope_vnode, cred,
+           action, vp, dvp, NULL, NULL);
+
+       if (error == KAUTH_RESULT_DENY)
+               return (EACCES);
+
+       if (error == KAUTH_RESULT_ALLOW)
+               return (0);
+
+       /*
+        * If the file-system does not support decision-before-action, we can
+        * only short-circuit the operation (deny). If we're here, it means no
+        * listener denied it, so our only alternative is to supposedly-allow
+        * it and let the file-system have the last word.
+        */
+       if (fs_decision == KAUTH_VNODE_REMOTEFS)
+               return (0);
+
+       return (fs_decision);
+}
+
 static int
 kauth_cred_hook(kauth_cred_t cred, kauth_action_t action, void *arg0,
     void *arg1)
Index: sys/sys/kauth.h
===================================================================
RCS file: /cvsroot/src/sys/sys/kauth.h,v
retrieving revision 1.62
diff -u -p -r1.62 kauth.h
--- sys/sys/kauth.h     10 Aug 2009 20:22:06 -0000      1.62
+++ sys/sys/kauth.h     28 Aug 2009 19:47:46 -0000
@@ -67,6 +67,7 @@ typedef       struct kauth_key       *kauth_ke
 #define        KAUTH_SCOPE_MACHDEP     "org.netbsd.kauth.machdep"
 #define        KAUTH_SCOPE_DEVICE      "org.netbsd.kauth.device"
 #define        KAUTH_SCOPE_CRED        "org.netbsd.kauth.cred"
+#define        KAUTH_SCOPE_VNODE       "org.netbsd.kauth.vnode"
 
 /*
  * Generic scope - actions.
@@ -285,6 +286,43 @@ enum {
 };
 
 /*
+ * Vnode scope - action bits.
+ */
+#define        KAUTH_VNODE_READ_DATA           (1U << 0)
+#define        KAUTH_VNODE_LIST_DIRECTORY      KAUTH_VNODE_READ_DATA
+#define        KAUTH_VNODE_WRITE_DATA          (1U << 1)
+#define        KAUTH_VNODE_ADD_FILE            KAUTH_VNODE_WRITE_DATA
+#define        KAUTH_VNODE_EXECUTE             (1U << 2)
+#define        KAUTH_VNODE_SEARCH              KAUTH_VNODE_EXECUTE
+#define        KAUTH_VNODE_DELETE              (1U << 3)
+#define        KAUTH_VNODE_APPEND_DATA         (1U << 4)
+#define        KAUTH_VNODE_ADD_SUBDIRECTORY    KAUTH_VNODE_APPEND_DATA
+#define        KAUTH_VNODE_READ_TIMES          (1U << 5)
+#define        KAUTH_VNODE_WRITE_TIMES         (1U << 6)
+#define        KAUTH_VNODE_READ_FLAGS          (1U << 7)
+#define        KAUTH_VNODE_WRITE_FLAGS         (1U << 8)
+#define        KAUTH_VNODE_READ_SYSFLAGS       (1U << 9)
+#define        KAUTH_VNODE_WRITE_SYSFLAGS      (1U << 10)
+#define        KAUTH_VNODE_RENAME              (1U << 11)
+#define        KAUTH_VNODE_CHANGE_OWNERSHIP    (1U << 12)
+#define        KAUTH_VNODE_READ_SECURITY       (1U << 13)
+#define        KAUTH_VNODE_WRITE_SECURITY      (1U << 14)
+#define        KAUTH_VNODE_READ_ATTRIBUTES     (1U << 15)
+#define        KAUTH_VNODE_WRITE_ATTRIBUTES    (1U << 16)
+#define        KAUTH_VNODE_READ_EXTATTRIBUTES  (1U << 17)
+#define        KAUTH_VNODE_WRITE_EXTATTRIBUTES (1U << 18)
+
+#define        KAUTH_VNODE_HAS_SYSFLAGS        (1U << 30)
+#define        KAUTH_VNODE_ACCESS              (1U << 31)
+
+/*
+ * This is a special fs_decision indication that can be used by file-systems
+ * that don't support decision-before-action to tell kauth(9) it can only
+ * short-circuit the operation beforehand.
+ */
+#define        KAUTH_VNODE_REMOTEFS            (-1)
+
+/*
  * Device scope, passthru request - identifiers.
  */
 #define        KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READ            0x00000001
@@ -326,6 +364,8 @@ int kauth_authorize_device_tty(kauth_cre
 int kauth_authorize_device_spec(kauth_cred_t, enum kauth_device_req,
     struct vnode *);
 int kauth_authorize_device_passthru(kauth_cred_t, dev_t, u_long, void *);
+int kauth_authorize_vnode(kauth_cred_t, kauth_action_t, struct vnode *,
+    struct vnode *, int);
 
 /* Kauth credentials management routines. */
 kauth_cred_t kauth_cred_alloc(void);
@@ -373,6 +413,8 @@ int kauth_cred_uucmp(kauth_cred_t, const
 void kauth_cred_toucred(kauth_cred_t, struct ki_ucred *);
 void kauth_cred_topcred(kauth_cred_t, struct ki_pcred *);
 
+kauth_action_t kauth_mode_to_action(mode_t mode);
+
 kauth_cred_t kauth_cred_get(void);
 
 void kauth_proc_fork(struct proc *, struct proc *);
Index: sys/secmodel/securelevel/secmodel_securelevel.c
===================================================================
RCS file: /cvsroot/src/sys/secmodel/securelevel/secmodel_securelevel.c,v
retrieving revision 1.12
diff -u -p -r1.12 secmodel_securelevel.c
--- sys/secmodel/securelevel/secmodel_securelevel.c     25 Jul 2009 16:08:02 
-0000      1.12
+++ sys/secmodel/securelevel/secmodel_securelevel.c     28 Aug 2009 19:47:47 
-0000
@@ -56,7 +56,8 @@ __KERNEL_RCSID(0, "$NetBSD: secmodel_sec
 
 static int securelevel;
 
-static kauth_listener_t l_system, l_process, l_network, l_machdep, l_device;
+static kauth_listener_t l_system, l_process, l_network, l_machdep, l_device,
+    l_vnode;
 
 /*
  * sysctl helper routine for securelevel. ensures that the value
@@ -126,6 +127,8 @@ secmodel_securelevel_start(void)
            secmodel_securelevel_machdep_cb, NULL);
        l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
            secmodel_securelevel_device_cb, NULL);
+       l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
+           secmodel_securelevel_vnode_cb, NULL);
 }
 
 #if defined(_LKM)
@@ -137,6 +140,7 @@ secmodel_securelevel_stop(void)
        kauth_unlisten_scope(l_network);
        kauth_unlisten_scope(l_machdep);
        kauth_unlisten_scope(l_device);
+       kauth_unlisten_scope(l_vnode);
 }
 #endif /* _LKM */
 
@@ -545,3 +549,21 @@ secmodel_securelevel_device_cb(kauth_cre
 
        return (result);
 }
+
+int
+secmodel_securelevel_vnode_cb(kauth_cred_t cred, kauth_action_t action,
+    void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
+{
+       int result;
+
+       result = KAUTH_RESULT_DEFER;
+
+       if ((action & KAUTH_VNODE_WRITE_SYSFLAGS) &&
+           (action & KAUTH_VNODE_HAS_SYSFLAGS)) {
+               if (securelevel > 0)
+                       result = KAUTH_RESULT_DENY;
+       }
+
+       return (result);
+}
+
Index: sys/secmodel/securelevel/securelevel.h
===================================================================
RCS file: /cvsroot/src/sys/secmodel/securelevel/securelevel.h,v
retrieving revision 1.1
diff -u -p -r1.1 securelevel.h
--- sys/secmodel/securelevel/securelevel.h      21 Nov 2007 22:49:09 -0000      
1.1
+++ sys/secmodel/securelevel/securelevel.h      28 Aug 2009 19:47:47 -0000
@@ -49,5 +49,7 @@ int secmodel_securelevel_machdep_cb(kaut
     void *, void *, void *, void *);
 int secmodel_securelevel_device_cb(kauth_cred_t, kauth_action_t, void *,
     void *, void *, void *, void *);
+int secmodel_securelevel_vnode_cb(kauth_cred_t, kauth_action_t, void *,
+    void *, void *, void *, void *);
 
 #endif /* !_SECMODEL_SECURELEVEL_SECURELEVEL_H_ */
Index: sys/secmodel/bsd44/suser.h
===================================================================
RCS file: /cvsroot/src/sys/secmodel/bsd44/suser.h,v
retrieving revision 1.5
diff -u -p -r1.5 suser.h
--- sys/secmodel/bsd44/suser.h  3 May 2009 21:25:44 -0000       1.5
+++ sys/secmodel/bsd44/suser.h  28 Aug 2009 19:47:47 -0000
@@ -50,5 +50,7 @@ int secmodel_bsd44_suser_machdep_cb(kaut
     void *, void *, void *, void *);
 int secmodel_bsd44_suser_device_cb(kauth_cred_t, kauth_action_t, void *,
     void *, void *, void *, void *);
+int secmodel_bsd44_suser_vnode_cb(kauth_cred_t, kauth_action_t, void *,
+    void *, void *, void *, void *);
 
 #endif /* !_SECMODEL_BSD44_SUSER_H_ */
Index: sys/secmodel/bsd44/secmodel_bsd44_suser.c
===================================================================
RCS file: /cvsroot/src/sys/secmodel/bsd44/secmodel_bsd44_suser.c,v
retrieving revision 1.70
diff -u -p -r1.70 secmodel_bsd44_suser.c
--- sys/secmodel/bsd44/secmodel_bsd44_suser.c   10 Aug 2009 20:22:06 -0000      
1.70
+++ sys/secmodel/bsd44/secmodel_bsd44_suser.c   28 Aug 2009 19:47:47 -0000
@@ -65,7 +65,7 @@ __KERNEL_RCSID(0, "$NetBSD: secmodel_bsd
 extern int dovfsusermount;
 
 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
-    l_device;
+    l_device, l_vnode;
 
 void
 secmodel_bsd44_suser_start(void)
@@ -82,6 +82,8 @@ secmodel_bsd44_suser_start(void)
            secmodel_bsd44_suser_machdep_cb, NULL);
        l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
            secmodel_bsd44_suser_device_cb, NULL);
+       l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
+           secmodel_bsd44_suser_vnode_cb, NULL);
 }
 
 #if defined(_LKM)
@@ -94,6 +96,7 @@ secmodel_bsd44_suser_stop(void)
        kauth_unlisten_scope(l_network);
        kauth_unlisten_scope(l_machdep);
        kauth_unlisten_scope(l_device);
+       kauth_unlisten_scope(l_vnode);
 }
 #endif /* _LKM */
 
@@ -1151,6 +1154,7 @@ secmodel_bsd44_suser_device_cb(kauth_cre
                if (isroot)
                        result = KAUTH_RESULT_ALLOW;
                break;
+
        case KAUTH_DEVICE_GPIO_PINSET:
                /*
                 * root can access gpio pins, secmodel_securlevel can veto
@@ -1159,6 +1163,7 @@ secmodel_bsd44_suser_device_cb(kauth_cre
                if (isroot)
                        result = KAUTH_RESULT_ALLOW;
                break;
+
        default:
                result = KAUTH_RESULT_DEFER;
                break;
@@ -1166,3 +1171,20 @@ secmodel_bsd44_suser_device_cb(kauth_cre
 
        return (result);
 }
+
+int
+secmodel_bsd44_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
+    void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
+{
+       bool isroot;
+       int result;
+
+       isroot = (kauth_cred_geteuid(cred) == 0);
+       result = KAUTH_RESULT_DEFER;
+
+       if (isroot)
+               result = KAUTH_RESULT_ALLOW;
+
+       return (result);
+}
+
Index: sys/fs/tmpfs/tmpfs_subr.c
===================================================================
RCS file: /cvsroot/src/sys/fs/tmpfs/tmpfs_subr.c,v
retrieving revision 1.53
diff -u -p -r1.53 tmpfs_subr.c
--- sys/fs/tmpfs/tmpfs_subr.c   7 May 2009 19:30:30 -0000       1.53
+++ sys/fs/tmpfs/tmpfs_subr.c   28 Aug 2009 19:47:48 -0000
@@ -964,6 +964,8 @@ tmpfs_chflags(struct vnode *vp, int flag
 {
        int error;
        struct tmpfs_node *node;
+       kauth_action_t = KAUTH_VNODE_WRITE_FLAGS;
+       int fs_decision = 0;
 
        KASSERT(VOP_ISLOCKED(vp));
 
@@ -973,30 +975,44 @@ tmpfs_chflags(struct vnode *vp, int flag
        if (vp->v_mount->mnt_flag & MNT_RDONLY)
                return EROFS;
 
-       /* XXX: The following comes from UFS code, and can be found in
-        * several other file systems.  Shouldn't this be centralized
-        * somewhere? */
-       if (kauth_cred_geteuid(cred) != node->tn_uid &&
-           (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
-           NULL)))
+       if (kauth_cred_geteuid(cred) != node->tn_uid)
+               fs_decision = EACCES;
+
+       /*
+        * If the new flags have non-user flags that are different than
+        * those on the node, we need special permission to change them.
+        */
+       if ((flags & SF_SETTABLE) != (node->tn_flags & SF_SETTABLE)) {
+               action |= KAUTH_VNODE_WRITE_SYSFLAGS;
+               if (!fs_decision)
+                       fs_decision = EPERM;
+       }
+
+       /*
+        * Indicate that this node's flags have system attributes in them if
+        * that's the case.
+        */
+       if (node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) {
+               action |= KAUTH_VNODE_HAS_SYSFLAGS;
+       }
+
+       error = kauth_authorize_vnode(cred, action, vp, NULL, fs_decision);
+       if (error)
                return error;
-       if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0) {
-               /* The super-user is only allowed to change flags if the file
-                * wasn't protected before and the securelevel is zero. */
-               if ((node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) &&
-                   kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHSYSFLAGS,
-                    0, NULL, NULL, NULL))
-                       return EPERM;
+
+       /*
+        * Set the flags. If we're not setting non-user flags, be careful not
+        * to overwrite them.
+        *
+        * XXX: Can't we always assign here? if the system flags are different,
+        *      the code above should catch attempts to change them without
+        *      proper permissions, and if we're here it means it's okay to
+        *      change them...
+        */
+       if (action & KAUTH_VNODE_WRITE_SYSFLAGS) {
                node->tn_flags = flags;
        } else {
-               /* Regular users can change flags provided they only want to
-                * change user-specific ones, not those reserved for the
-                * super-user. */
-               if ((node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) ||
-                   (flags & UF_SETTABLE) != flags)
-                       return EPERM;
-               if ((node->tn_flags & SF_SETTABLE) != (flags & SF_SETTABLE))
-                       return EPERM;
+               /* Clear all user-settable flags and re-set them. */
                node->tn_flags &= SF_SETTABLE;
                node->tn_flags |= (flags & UF_SETTABLE);
        }
@@ -1036,6 +1052,9 @@ tmpfs_chmod(struct vnode *vp, mode_t mod
 
        error = genfs_can_chmod(vp, cred, node->tn_uid, node->tn_gid,
            mode);
+
+       error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
+           NULL, error);
        if (error)
                return (error);
 
@@ -1087,6 +1106,9 @@ tmpfs_chown(struct vnode *vp, uid_t uid,
 
        error = genfs_can_chown(vp, cred, node->tn_uid, node->tn_gid, uid,
            gid);
+
+       error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
+           NULL, error);
        if (error)
                return (error);
 
@@ -1186,6 +1208,9 @@ tmpfs_chtimes(struct vnode *vp, const st
                return EPERM;
 
        error = genfs_can_chtimes(vp, vaflags, node->tn_uid, cred);
+
+       error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp, NULL,
+           error);
        if (error)
                return (error);
 
Index: sys/fs/tmpfs/tmpfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/tmpfs/tmpfs_vnops.c,v
retrieving revision 1.61
diff -u -p -r1.61 tmpfs_vnops.c
--- sys/fs/tmpfs/tmpfs_vnops.c  3 Jul 2009 21:17:41 -0000       1.61
+++ sys/fs/tmpfs/tmpfs_vnops.c  28 Aug 2009 19:47:48 -0000
@@ -209,15 +209,31 @@ tmpfs_lookup(void *v)
                        if ((cnp->cn_flags & ISLASTCN) &&
                            (cnp->cn_nameiop == DELETE ||
                            cnp->cn_nameiop == RENAME)) {
+                               kauth_action_t action = 0;
+
+                               /* This is the file-system's decision. */
                                if ((dnode->tn_mode & S_ISTXT) != 0 &&
-                                   kauth_authorize_generic(cnp->cn_cred,
-                                    KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
                                    kauth_cred_geteuid(cnp->cn_cred) != 
dnode->tn_uid &&
                                    kauth_cred_geteuid(cnp->cn_cred) != 
tnode->tn_uid)
-                                       return EPERM;
-                               error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred);
+                                       error = EPERM;
+                               else
+                                       error = 0;
+
+                               /* Only bother if we're not already failing it. 
*/
+                               if (!error) {
+                                       error = VOP_ACCESS(dvp, VWRITE, 
cnp->cn_cred);
+                               }
+
+                               if (cnp->cn_nameiop == DELETE)
+                                       action |= KAUTH_VNODE_DELETE;
+                               else /* if (cnp->cn_nameiop == RENAME) */
+                                       action |= KAUTH_VNODE_RENAME;
+
+                               error = kauth_authorize_vnode(cnp->cn_cred,
+                                   action, *vpp, dvp, error);
                                if (error != 0)
                                        goto out;
+
                                cnp->cn_flags |= SAVENAME;
                        } else
                                de = NULL;
@@ -406,6 +422,9 @@ tmpfs_access(void *v)
 
        error = tmpfs_check_permitted(vp, node, mode, cred);
 
+       error = kauth_authorize_vnode(cred, kauth_mode_to_action(mode), vp,
+           NULL, error);
+
 out:
        KASSERT(VOP_ISLOCKED(vp));
 


Home | Main Index | Thread Index | Old Index