From 7e6639c297bb2c00e0c6dc8a83143d2201c6b51b Mon Sep 17 00:00:00 2001 From: kp158701 Date: Wed, 13 Jun 2007 08:33:29 -0700 Subject: CR 6507344 TX zones should not hard code DOI to 1 --- usr/src/lib/libtsnet/common/tsol_sgetzcent.c | 6 +++--- usr/src/uts/common/os/zone.c | 8 +++++++- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'usr/src') diff --git a/usr/src/lib/libtsnet/common/tsol_sgetzcent.c b/usr/src/lib/libtsnet/common/tsol_sgetzcent.c index 657c3be47c..cfbc70ba34 100644 --- a/usr/src/lib/libtsnet/common/tsol_sgetzcent.c +++ b/usr/src/lib/libtsnet/common/tsol_sgetzcent.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * From "tsol_tndb_parser.c 7.24 01/09/05 SMI; TSOL 2.x" @@ -222,8 +222,8 @@ tsol_sgetzcent(const char *instr, int *errp, char **errstrp) } instr = nextf + 1; - /* Not in the entry, but should be */ - zc->zc_doi = 1; + /* The kernel will apply the system doi to the zone label later */ + zc->zc_doi = 0; /* Field three: get match flag */ errno = 0; diff --git a/usr/src/uts/common/os/zone.c b/usr/src/uts/common/os/zone.c index 50048453c1..968cb3b12d 100644 --- a/usr/src/uts/common/os/zone.c +++ b/usr/src/uts/common/os/zone.c @@ -3408,7 +3408,13 @@ zone_create(const char *zone_name, const char *zone_root, */ zone->zone_match = match; if (is_system_labeled() && !(zone->zone_flags & ZF_IS_SCRATCH)) { - error = zone_set_label(zone, label, doi); + /* Fail if requested to set doi to anything but system's doi */ + if (doi != 0 && doi != default_doi) { + zone_free(zone); + return (set_errno(EINVAL)); + } + /* Always apply system's doi to the zone */ + error = zone_set_label(zone, label, default_doi); if (error != 0) { zone_free(zone); return (set_errno(error)); -- cgit v1.2.3