Fri Aug 28 18:17:13 2020 UTC ()
Pull up following revision(s) (requested by hannken in ticket #1066):

	external/cddl/osnet/sys/kern/policy.c: revision 1.9

Glue operation secpolicy_fs_mount() passes wrong arguments to
operation kauth_authorize_system().

KAUTH_SYSTEM_MOUNT / KAUTH_REQ_SYSTEM_MOUNT_NEW wants the to be
covered vnode and the mount flags, not the mount structure.

Fix for PR kern/55602: zpool panic on mounting zfs filesystem


(martin)
diff -r1.7 -r1.7.4.1 src/external/cddl/osnet/sys/kern/policy.c
cvs diff -r1.7 -r1.7.4.1 src/external/cddl/osnet/sys/kern/policy.c (expand / switch to unified diff)

--- src/external/cddl/osnet/sys/kern/policy.c 2018/05/28 21:05:09 1.7
+++ src/external/cddl/osnet/sys/kern/policy.c 2020/08/28 18:17:13 1.7.4.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: policy.c,v 1.7 2018/05/28 21:05:09 chs Exp $ */ 1/* $NetBSD: policy.c,v 1.7.4.1 2020/08/28 18:17:13 martin Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2009 The NetBSD Foundation, Inc. 4 * Copyright (c) 2009 The NetBSD Foundation, Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * This code is derived from software contributed to The NetBSD Foundation 7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Andrew Doran. 8 * by Andrew Doran.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 11 * modification, are permitted provided that the following conditions
12 * are met: 12 * are met:
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
@@ -109,27 +109,27 @@ secpolicy_sys_config(cred_t *cred, int c @@ -109,27 +109,27 @@ secpolicy_sys_config(cred_t *cred, int c
109 109
110int 110int
111secpolicy_zinject(cred_t *cred) 111secpolicy_zinject(cred_t *cred)
112{ 112{
113 113
114 return kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL); 114 return kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL);
115} 115}
116 116
117int 117int
118secpolicy_fs_mount(cred_t *cred, vnode_t *mvp, struct mount *vfsp) 118secpolicy_fs_mount(cred_t *cred, vnode_t *mvp, struct mount *vfsp)
119{ 119{
120 120
121 return kauth_authorize_system(cred, KAUTH_SYSTEM_MOUNT, 121 return kauth_authorize_system(cred, KAUTH_SYSTEM_MOUNT,
122 KAUTH_REQ_SYSTEM_MOUNT_NEW, vfsp, NULL, NULL); 122 KAUTH_REQ_SYSTEM_MOUNT_NEW, mvp, KAUTH_ARG(vfsp->mnt_flag), NULL);
123} 123}
124 124
125int 125int
126secpolicy_fs_unmount(cred_t *cred, struct mount *vfsp) 126secpolicy_fs_unmount(cred_t *cred, struct mount *vfsp)
127{ 127{
128 128
129 return kauth_authorize_system(cred, KAUTH_SYSTEM_MOUNT, 129 return kauth_authorize_system(cred, KAUTH_SYSTEM_MOUNT,
130 KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT, vfsp, NULL, NULL); 130 KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT, vfsp, NULL, NULL);
131} 131}
132 132
133int 133int
134secpolicy_fs_owner(struct mount *mp, cred_t *cr) 134secpolicy_fs_owner(struct mount *mp, cred_t *cr)
135{ 135{