From owner-p4-projects@FreeBSD.ORG  Tue Apr 10 15:28:30 2007
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 1FA7416A40A; Tue, 10 Apr 2007 15:28:30 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D6FC816A407
	for <perforce@freebsd.org>; Tue, 10 Apr 2007 15:28:29 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41])
	by mx1.freebsd.org (Postfix) with ESMTP id BDD6D13C4AD
	for <perforce@freebsd.org>; Tue, 10 Apr 2007 15:28:29 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.8/8.13.8) with ESMTP id l3AFSTrL045295
	for <perforce@freebsd.org>; Tue, 10 Apr 2007 15:28:29 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.8/8.13.8/Submit) id l3AFST2B045292
	for perforce@freebsd.org; Tue, 10 Apr 2007 15:28:29 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Tue, 10 Apr 2007 15:28:29 GMT
Message-Id: <200704101528.l3AFST2B045292@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 117844 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2007 15:28:30 -0000

http://perforce.freebsd.org/chv.cgi?CH=117844

Change 117844 by rwatson@rwatson_zoo on 2007/04/10 15:27:42

	Finish fleshing out review table for privileges.

Affected files ...

.. //depot/projects/trustedbsd/priv/notes.txt#3 edit

Differences ...

==== //depot/projects/trustedbsd/priv/notes.txt#3 (text+ko) ====

@@ -99,84 +99,84 @@
 PRIV_VFS_EXCEEDQUOTA 		no			no
 PRIV_VFS_EXTATTR_SYSTEM		no			no
 PRIV_VFS_FCHROOT   		no			yes
-PRIV_VFS_FHOPEN 					no
-PRIV_VFS_FHSTAT						no
-PRIV_VFS_FHSTATFS					no
-PRIV_VFS_GENERATION					no
-PRIV_VFS_GETFH						no
-PRIV_VFS_GETQUOTA					yes
-PRIV_VFS_LINK						yes
-PRIV_VFS_MKNOD_BAD					no
-PRIV_VFS_MKNOD_DEV					no
-PRIV_VFS_MKNOD_WHT					no
-PRIV_VFS_MOUNT						jail_mount_allowed
-PRIV_VFS_MOUNT_OWNER					no
-PRIV_VFS_MOUNT_EXPORTED					no
-PRIV_VFS_MOUNT_PERM					no
-PRIV_VFS_MOUNT_SUIDDIR					no
-PRIV_VFS_MOUNT_NONUSER					jail_mount_allowed
-PRIV_VFS_SETGID						yes
-PRIV_VFS_SETQUOTA					yes
-PRIV_VFS_STICKYFILE					yes
-PRIV_VFS_SYSFLAGS					jail_chflags_allowed
-PRIV_VFS_UNMOUNT					jail_mount_allowed
-PRIV_VM_MADV_PROTECT					no
-PRIV_VM_MLOCK						no
-PRIV_VM_MUNLOCK						no
-PRIV_DEVFS_RULE						no
-PRIV_DEVFS_SYMLINK					no
-PRIV_RANDOM_RESEED					no
-PRIV_NET_BRIDGE						no
-PRIV_NET_GRE						no
-PRIV_NET_PPP						no
-PRIV_NET_SLIP						no
-PRIV_NET_BPF						no
-PRIV_NET_RAW						no
-PRIV_NET_ROUTE						no
-PRIV_NET_TAP						no
-PRIV_NET_SETIFMTU					no
-PRIV_NET_SETIFFLAGS					no
-PRIV_NET_SETIFCAP					no
-PRIV_NET_SETIFNAME					no
-PRIV_NET_SETIFMETRIC					no
-PRIV_NET_SETIFPHYS					no
-PRIV_NET_SETIFMAC					no
-PRIV_NET_ADDMULTI					no
-PRIV_NET_DELMULTI					no
-PRIV_NET_HWIOCTL					no
-PRIV_NET_SETLLADDR					no
-PRIV_NET_ADDIFGROUP					no
-PRIV_NET_DELIFGROUP					no
-PRIV_NET_IFCREATE					no
-PRIV_NET_IFDESTROY					no
-PRIV_NET_ADDIFADDR					no
-PRIV_NET_DELIFADDR					no
-PRIV_NET80211_GETKEY					no
-PRIV_NET80211_MANAGE					no
-PRIV_NETATALK_RESERVEDPORT				yes
-PRIV_NETATM_CFG						no
-PRIV_NETATM_ADD						no
-PRIV_NETATM_DEL						no
-PRIV_NETATM_SET						no
-PRIV_NETBLUETOOTH_RAW					jail_allow_raw_sockets
-PRIV_NETGRAPH_CONTROL					no
-PRIV_NETGRAPH_TTY					no
-PRIV_NETINET_RESERVEDPORT				no
-PRIV_NETINET_IPFW					no
-PRIV_NETINET_DIVERT					no
-PRIV_NETINET_PF						no
-PRIV_NETINET_DUMMYNET					no
-PRIV_NETINET_CARP					no
-PRIV_NETINET_MROUTE					no
-PRIV_NETINET_RAW					no
-PRIV_NETINET_GETCRED					yes
-PRIV_NETINET_ADDRCTRL6					no
-PRIV_NETINET_ND6					no
-PRIV_NETINET_SCOPE6					no
-PRIV_NETINET_ALIFETIME6					no
-PRIV_NETINET_IPSEC					no
-PRIV_NETIPX_RESERVEDPORT				no
-PRIV_NETIPX_RAW						no
-PRIV_NETNCP						no
-PRIV_NETSMB						no
-PRIV_VM86_INTCALL					no
+PRIV_VFS_FHOPEN 		no			no
+PRIV_VFS_FHSTAT			no			no
+PRIV_VFS_FHSTATFS		no			no
+PRIV_VFS_GENERATION		no			no
+PRIV_VFS_GETFH			no			no
+PRIV_VFS_GETQUOTA		yes			yes
+PRIV_VFS_LINK			yes			yes
+PRIV_VFS_MKNOD_BAD		no			no
+PRIV_VFS_MKNOD_DEV		no			no
+PRIV_VFS_MKNOD_WHT		no			no
+PRIV_VFS_MOUNT			no			jail_mount_allowed
+PRIV_VFS_MOUNT_OWNER		no			no
+PRIV_VFS_MOUNT_EXPORTED		no			no
+PRIV_VFS_MOUNT_PERM		no			no
+PRIV_VFS_MOUNT_SUIDDIR		no			no
+PRIV_VFS_MOUNT_NONUSER		no			jail_mount_allowed
+PRIV_VFS_SETGID			yes			yes
+PRIV_VFS_SETQUOTA		yes			yes
+PRIV_VFS_STICKYFILE		yes			yes
+PRIV_VFS_SYSFLAGS		jail_chflags_allowed	jail_chflags_allowed	XXX old way sometimes not, see msdosfs, ext2fs
+PRIV_VFS_UNMOUNT		no			jail_mount_allowed
+PRIV_VM_MADV_PROTECT		no			no
+PRIV_VM_MLOCK			no			no
+PRIV_VM_MUNLOCK			no			no
+PRIV_DEVFS_RULE			no			no
+PRIV_DEVFS_SYMLINK		no			no
+PRIV_RANDOM_RESEED		no			no
+PRIV_NET_BRIDGE			no			no
+PRIV_NET_GRE			no			no
+PRIV_NET_PPP			no			no
+PRIV_NET_SLIP			no			no
+PRIV_NET_BPF			no			no
+PRIV_NET_RAW			no			no
+PRIV_NET_ROUTE			no			no
+PRIV_NET_TAP			no			no
+PRIV_NET_SETIFMTU		no			no
+PRIV_NET_SETIFFLAGS		no			no
+PRIV_NET_SETIFCAP		no			no
+PRIV_NET_SETIFNAME		no			no
+PRIV_NET_SETIFMETRIC		no			no
+PRIV_NET_SETIFPHYS		no			no
+PRIV_NET_SETIFMAC		no			no
+PRIV_NET_ADDMULTI		no			no
+PRIV_NET_DELMULTI		no			no
+PRIV_NET_HWIOCTL		no			no
+PRIV_NET_SETLLADDR		no			no
+PRIV_NET_ADDIFGROUP		no			no
+PRIV_NET_DELIFGROUP		no			no
+PRIV_NET_IFCREATE		no			no
+PRIV_NET_IFDESTROY		no			no
+PRIV_NET_ADDIFADDR		no			no
+PRIV_NET_DELIFADDR		no			no
+PRIV_NET80211_GETKEY		no			no
+PRIV_NET80211_MANAGE		no			no
+PRIV_NETATALK_RESERVEDPORT	no			no
+PRIV_NETATM_CFG			no			no
+PRIV_NETATM_ADD			no			no
+PRIV_NETATM_DEL			no			no
+PRIV_NETATM_SET			no			no
+PRIV_NETBLUETOOTH_RAW		no			no
+PRIV_NETGRAPH_CONTROL		no			no
+PRIV_NETGRAPH_TTY		no			no
+PRIV_NETINET_RESERVEDPORT	yes			yes
+PRIV_NETINET_IPFW		no			no
+PRIV_NETINET_DIVERT		no			no
+PRIV_NETINET_PF			no			no
+PRIV_NETINET_DUMMYNET		no			no
+PRIV_NETINET_CARP		no			no
+PRIV_NETINET_MROUTE		no			no
+PRIV_NETINET_RAW		jail_allow_raw_sockets	jail_allow_raw_sockets
+PRIV_NETINET_GETCRED		yes			yes
+PRIV_NETINET_ADDRCTRL6		no			no
+PRIV_NETINET_ND6		no			no
+PRIV_NETINET_SCOPE6		no			no
+PRIV_NETINET_ALIFETIME6		no			no
+PRIV_NETINET_IPSEC		no			no
+PRIV_NETIPX_RESERVEDPORT	no			no
+PRIV_NETIPX_RAW			no			no
+PRIV_NETNCP			no			no
+PRIV_NETSMB			no			no
+PRIV_VM86_INTCALL		no			no