On 28 Sep 2013, at 19:32, Konstantin Belousov wrote: >> It easy to reproduce. Just kldload mac_portacl and /etc/rc.d/syslogd restart > > This is due to priv_check_cred() call in mac_portacl.c:rules_check(). > The call causes recusion into the mac framework from the mac callback. > > Robert should have better idea about the proper way to fix the issue. > The trivial attempt might be to enable recursion on the rm lock > protecting the lists. > > diff --git a/sys/security/mac/mac_framework.c > b/sys/security/mac/mac_framework.c > index 816bb0b..ed0c05a 100644 > --- a/sys/security/mac/mac_framework.c > +++ b/sys/security/mac/mac_framework.c > @@ -292,7 +292,8 @@ mac_init(void) > mac_labelzone_init(); > > #ifndef MAC_STATIC > - rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS); > + rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS | > + RM_RECURSE); > sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS); > #endif > }
Let's go with this -- recursion into the framework should be supported. Robert _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
