mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-07 00:50:50 +00:00
veriexec: Do not save error from file info in fingerprint status
We do not want or need to propagate the error from fetching file info when determining the file status. It could cause open(2) and similar calls to fail when trying to access devices. Obtained from: Juniper Networks, Inc.
This commit is contained in:
parent
e022f2b013
commit
7bb4d1302c
|
@ -516,9 +516,9 @@ mac_veriexec_metadata_fetch_fingerprint_status(struct vnode *vp,
|
|||
status = mac_veriexec_get_fingerprint_status(vp);
|
||||
if (status == FINGERPRINT_INVALID || status == FINGERPRINT_NODEV) {
|
||||
found_dev = 0;
|
||||
error = mac_veriexec_metadata_get_file_info(vap->va_fsid,
|
||||
vap->va_fileid, vap->va_gen, &found_dev, &ip, check_files);
|
||||
if (error != 0) {
|
||||
if (mac_veriexec_metadata_get_file_info(vap->va_fsid,
|
||||
vap->va_fileid, vap->va_gen, &found_dev, &ip,
|
||||
check_files) != 0) {
|
||||
status = (found_dev) ? FINGERPRINT_NOENTRY :
|
||||
FINGERPRINT_NODEV;
|
||||
VERIEXEC_DEBUG(3,
|
||||
|
|
Loading…
Reference in a new issue