From 3a4433425e63f88e70078a354bd404d7ea6ca3ce Mon Sep 17 00:00:00 2001 From: Olivier Certner Date: Tue, 28 Apr 2026 15:37:50 +0200 Subject: [PATCH] MAC/do: Executable paths: Accept an empty string This effectively allows to disable mac_do(4) by setting the executable paths to an empty string, realizing a symmetry with rules to be leveraged in subsequent commits. Reviewed by: bapt Fixes: 9818224174c4 ("MAC/do: Executable paths feature (GSoC 2025's final state)") MFC after: 1 month Sponsored by: The FreeBSD Foundation Pull Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/38 --- sys/security/mac_do/mac_do.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index dc5d3d29d98..dd349c3f1a6 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -1151,12 +1151,6 @@ parse_exec_paths(const char *const string, struct exec_paths *const exec_paths, exec_paths->exec_path_count++; } - if (exec_paths->exec_path_count == 0) { - make_parse_error(parse_error, 0, "No valid exec paths found"); - error = EINVAL; - goto error; - } - MPASS(error == 0 && *parse_error == NULL); out: free(copy, M_MAC_DO);