753 if (!amsuper) |
753 if (!amsuper) |
754 vfs_setmntopt(vfsp, MNTOPT_RESTRICT, NULL, 0); |
754 vfs_setmntopt(vfsp, MNTOPT_RESTRICT, NULL, 0); |
755 |
755 |
756 } |
756 } |
757 |
757 |
|
758 int |
|
759 secpolicy_fs_allowed_mount(const char *fsname) |
|
760 { |
|
761 struct vfssw *vswp; |
|
762 const char *p; |
|
763 size_t len; |
|
764 |
|
765 ASSERT(fsname != NULL); |
|
766 ASSERT(fsname[0] != '\0'); |
|
767 |
|
768 if (INGLOBALZONE(curproc)) |
|
769 return (0); |
|
770 |
|
771 vswp = vfs_getvfssw(fsname); |
|
772 if (vswp == NULL) |
|
773 return (ENOENT); |
|
774 |
|
775 if ((vswp->vsw_flag & VSW_ZMOUNT) != 0) { |
|
776 vfs_unrefvfssw(vswp); |
|
777 return (0); |
|
778 } |
|
779 |
|
780 vfs_unrefvfssw(vswp); |
|
781 |
|
782 p = curzone->zone_fs_allowed; |
|
783 len = strlen(fsname); |
|
784 |
|
785 while (p != NULL && *p != '\0') { |
|
786 if (strncmp(p, fsname, len) == 0) { |
|
787 char c = *(p + len); |
|
788 if (c == '\0' || c == ',') |
|
789 return (0); |
|
790 } |
|
791 |
|
792 /* skip to beyond the next comma */ |
|
793 if ((p = strchr(p, ',')) != NULL) |
|
794 p++; |
|
795 } |
|
796 |
|
797 return (EPERM); |
|
798 } |
|
799 |
758 extern vnode_t *rootvp; |
800 extern vnode_t *rootvp; |
759 extern vfs_t *rootvfs; |
801 extern vfs_t *rootvfs; |
760 |
802 |
761 int |
803 int |
762 secpolicy_fs_mount(cred_t *cr, vnode_t *mvp, struct vfs *vfsp) |
804 secpolicy_fs_mount(cred_t *cr, vnode_t *mvp, struct vfs *vfsp) |