Author: trociny Date: Sat Dec 15 17:19:36 2012 New Revision: 244268 URL: http://svnweb.freebsd.org/changeset/base/244268
Log: In pfioctl, if the permission checks failed we returned with vnet context set. As the checks don't require vnet context, this is fixed by setting vnet after the checks. PR: kern/160541 Submitted by: Nikos Vassiliadis (slightly different approach) Modified: head/sys/netpfil/pf/pf_ioctl.c Modified: head/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- head/sys/netpfil/pf/pf_ioctl.c Sat Dec 15 15:21:09 2012 (r244267) +++ head/sys/netpfil/pf/pf_ioctl.c Sat Dec 15 17:19:36 2012 (r244268) @@ -963,8 +963,6 @@ pfioctl(struct cdev *dev, u_long cmd, ca { int error = 0; - CURVNET_SET(TD_TO_VNET(td)); - /* XXX keep in sync with switch() below */ if (securelevel_gt(td->td_ucred, 2)) switch (cmd) { @@ -1068,6 +1066,8 @@ pfioctl(struct cdev *dev, u_long cmd, ca return (EACCES); } + CURVNET_SET(TD_TO_VNET(td)); + switch (cmd) { case DIOCSTART: PF_RULES_WLOCK(); _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"