Author: trociny
Date: Sat Dec 15 17:19:36 2012
New Revision: 244268
URL: http://svnweb.freebsd.org/changeset/base/244268
Log:
In pfioctl, if the permission checks failed we returned with vnet context
set.
As the checks don't require vnet context, this is fixed by setting
vnet after the checks.
PR: kern/160541
Submitted by: Nikos Vassiliadis (slightly different approach)
Modified:
head/sys/netpfil/pf/pf_ioctl.c
Modified: head/sys/netpfil/pf/pf_ioctl.c
==============================================================================
--- head/sys/netpfil/pf/pf_ioctl.c Sat Dec 15 15:21:09 2012
(r244267)
+++ head/sys/netpfil/pf/pf_ioctl.c Sat Dec 15 17:19:36 2012
(r244268)
@@ -963,8 +963,6 @@ pfioctl(struct cdev *dev, u_long cmd, ca
{
int error = 0;
- CURVNET_SET(TD_TO_VNET(td));
-
/* XXX keep in sync with switch() below */
if (securelevel_gt(td->td_ucred, 2))
switch (cmd) {
@@ -1068,6 +1066,8 @@ pfioctl(struct cdev *dev, u_long cmd, ca
return (EACCES);
}
+ CURVNET_SET(TD_TO_VNET(td));
+
switch (cmd) {
case DIOCSTART:
PF_RULES_WLOCK();
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
