The branch main has been updated by olce:
URL:
https://cgit.FreeBSD.org/src/commit/?id=b5c9889e369a801ce7c1115f2535ddacbd69800d
commit b5c9889e369a801ce7c1115f2535ddacbd69800d
Author: Olivier Certner <o...@freebsd.org>
AuthorDate: 2025-05-27 08:20:06 +0000
Commit: Olivier Certner <o...@freebsd.org>
CommitDate: 2025-05-27 09:20:07 +0000
MAC/do: Fix a too stringent debug assertion for a target of 'uid=*'
MDF_HAS_PRIMARY_CLAUSE only concerns groups, not users, and is thus not
set in the latter case.
This change only has an effect on INVARIANTS builds.
PR: 287057
MFC after: 10 minutes
Sponsored by: The FreeBSD Foundation
---
sys/security/mac_do/mac_do.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index a83c194b24ae..9aeafa62b56d 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -258,7 +258,8 @@ check_type_and_type_flags(const id_type_t type, const
flags_t flags)
"groups specification are exclusive";
goto unexpected_flags;
}
- if (((flags & MDF_PRIMARY) != 0 || (flags & MDF_ANY) != 0) &&
+ if (type == IT_GID &&
+ ((flags & MDF_PRIMARY) != 0 || (flags & MDF_ANY) != 0) &&
(flags & MDF_HAS_PRIMARY_CLAUSE) == 0) {
str = "Presence of folded primary clause not reflected "
"by presence of MDF_HAS_PRIMARY_CLAUSE";
