Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Dec 2018 19:32:17 +0000 (UTC)
From:      Mateusz Guzik <mjg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r341827 - in head/sys: cddl/compat/opensolaris/kern cddl/contrib/opensolaris/uts/common/fs/zfs compat/linux dev/filemon fs/ext2fs fs/fuse fs/msdosfs fs/nandfs fs/nfs fs/nfsserver fs/tmp...
Message-ID:  <201812111932.wBBJWHhh067846@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: mjg
Date: Tue Dec 11 19:32:16 2018
New Revision: 341827
URL: https://svnweb.freebsd.org/changeset/base/341827

Log:
  Remove unused argument to priv_check_cred.
  
  Patch mostly generated with cocinnelle:
  
  @@
  expression E1,E2;
  @@
  
  - priv_check_cred(E1,E2,0)
  + priv_check_cred(E1,E2)
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c
  head/sys/cddl/compat/opensolaris/kern/opensolaris_zone.c
  head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
  head/sys/compat/linux/linux_misc.c
  head/sys/compat/linux/linux_uid16.c
  head/sys/dev/filemon/filemon_wrapper.c
  head/sys/fs/ext2fs/ext2_vnops.c
  head/sys/fs/fuse/fuse_internal.c
  head/sys/fs/fuse/fuse_vnops.c
  head/sys/fs/msdosfs/msdosfs_vnops.c
  head/sys/fs/nandfs/nandfs_vnops.c
  head/sys/fs/nfs/nfs_commonsubs.c
  head/sys/fs/nfsserver/nfs_nfsdport.c
  head/sys/fs/tmpfs/tmpfs_subr.c
  head/sys/fs/tmpfs/tmpfs_vnops.c
  head/sys/kern/kern_exec.c
  head/sys/kern/kern_fork.c
  head/sys/kern/kern_priv.c
  head/sys/kern/kern_prot.c
  head/sys/kern/subr_acl_nfs4.c
  head/sys/kern/subr_acl_posix1e.c
  head/sys/kern/uipc_mqueue.c
  head/sys/kern/uipc_sem.c
  head/sys/kern/uipc_shm.c
  head/sys/kern/vfs_mount.c
  head/sys/kern/vfs_subr.c
  head/sys/kern/vfs_syscalls.c
  head/sys/net/if_tap.c
  head/sys/net/if_tun.c
  head/sys/netinet/in_pcb.c
  head/sys/netinet6/in6_pcb.c
  head/sys/netinet6/ip6_output.c
  head/sys/netipsec/ipsec_pcb.c
  head/sys/netsmb/smb_subr.h
  head/sys/security/audit/audit_syscalls.c
  head/sys/security/mac/mac_net.c
  head/sys/security/mac_bsdextended/mac_bsdextended.c
  head/sys/security/mac_lomac/mac_lomac.c
  head/sys/security/mac_partition/mac_partition.c
  head/sys/security/mac_portacl/mac_portacl.c
  head/sys/security/mac_seeotheruids/mac_seeotheruids.c
  head/sys/sys/priv.h
  head/sys/ufs/ffs/ffs_alloc.c
  head/sys/ufs/ffs/ffs_softdep.c
  head/sys/ufs/ffs/ffs_vnops.c
  head/sys/ufs/ufs/ufs_quota.c
  head/sys/ufs/ufs/ufs_vnops.c
  head/sys/vm/vm_mmap.c

Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c
==============================================================================
--- head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -41,35 +41,35 @@ int
 secpolicy_nfs(cred_t *cr)
 {
 
-	return (priv_check_cred(cr, PRIV_NFS_DAEMON, 0));
+	return (priv_check_cred(cr, PRIV_NFS_DAEMON));
 }
 
 int
 secpolicy_zfs(cred_t *cr)
 {
 
-	return (priv_check_cred(cr, PRIV_VFS_MOUNT, 0));
+	return (priv_check_cred(cr, PRIV_VFS_MOUNT));
 }
 
 int
 secpolicy_sys_config(cred_t *cr, int checkonly __unused)
 {
 
-	return (priv_check_cred(cr, PRIV_ZFS_POOL_CONFIG, 0));
+	return (priv_check_cred(cr, PRIV_ZFS_POOL_CONFIG));
 }
 
 int
 secpolicy_zinject(cred_t *cr)
 {
 
-	return (priv_check_cred(cr, PRIV_ZFS_INJECT, 0));
+	return (priv_check_cred(cr, PRIV_ZFS_INJECT));
 }
 
 int
 secpolicy_fs_unmount(cred_t *cr, struct mount *vfsp __unused)
 {
 
-	return (priv_check_cred(cr, PRIV_VFS_UNMOUNT, 0));
+	return (priv_check_cred(cr, PRIV_VFS_UNMOUNT));
 }
 
 int
@@ -97,7 +97,7 @@ secpolicy_basic_link(vnode_t *vp, cred_t *cr)
 		return (0);
 	if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
 		return (0);
-	return (priv_check_cred(cr, PRIV_VFS_LINK, 0));
+	return (priv_check_cred(cr, PRIV_VFS_LINK));
 }
 
 int
@@ -113,7 +113,7 @@ secpolicy_vnode_remove(vnode_t *vp, cred_t *cr)
 
 	if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
 		return (0);
-	return (priv_check_cred(cr, PRIV_VFS_ADMIN, 0));
+	return (priv_check_cred(cr, PRIV_VFS_ADMIN));
 }
 
 int
@@ -123,18 +123,18 @@ secpolicy_vnode_access(cred_t *cr, vnode_t *vp, uid_t 
 	if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
 		return (0);
 
-	if ((accmode & VREAD) && priv_check_cred(cr, PRIV_VFS_READ, 0) != 0)
+	if ((accmode & VREAD) && priv_check_cred(cr, PRIV_VFS_READ) != 0)
 		return (EACCES);
 	if ((accmode & VWRITE) &&
-	    priv_check_cred(cr, PRIV_VFS_WRITE, 0) != 0) {
+	    priv_check_cred(cr, PRIV_VFS_WRITE) != 0) {
 		return (EACCES);
 	}
 	if (accmode & VEXEC) {
 		if (vp->v_type == VDIR) {
-			if (priv_check_cred(cr, PRIV_VFS_LOOKUP, 0) != 0)
+			if (priv_check_cred(cr, PRIV_VFS_LOOKUP) != 0)
 				return (EACCES);
 		} else {
-			if (priv_check_cred(cr, PRIV_VFS_EXEC, 0) != 0)
+			if (priv_check_cred(cr, PRIV_VFS_EXEC) != 0)
 				return (EACCES);
 		}
 	}
@@ -192,7 +192,7 @@ secpolicy_vnode_any_access(cred_t *cr, vnode_t *vp, ui
 				continue;
 			break;
 		}
-		if (priv_check_cred(cr, priv, 0) == 0)
+		if (priv_check_cred(cr, priv) == 0)
 			return (0);
 	}
 	return (EPERM);
@@ -206,7 +206,7 @@ secpolicy_vnode_setdac(vnode_t *vp, cred_t *cr, uid_t 
 		return (0);
 	if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
 		return (0);
-	return (priv_check_cred(cr, PRIV_VFS_ADMIN, 0));
+	return (priv_check_cred(cr, PRIV_VFS_ADMIN));
 }
 
 int
@@ -256,7 +256,7 @@ secpolicy_vnode_setattr(cred_t *cr, vnode_t *vp, struc
 		    ((mask & AT_GID) && vap->va_gid != ovap->va_gid &&
 		     !groupmember(vap->va_gid, cr))) {
 			if (secpolicy_fs_owner(vp->v_mount, cr) != 0) {
-				error = priv_check_cred(cr, PRIV_VFS_CHOWN, 0);
+				error = priv_check_cred(cr, PRIV_VFS_CHOWN);
 				if (error)
 					return (error);
 			}
@@ -300,7 +300,7 @@ secpolicy_vnode_setids_setgids(vnode_t *vp, cred_t *cr
 		return (0);
 	if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
 		return (0);
-	return (priv_check_cred(cr, PRIV_VFS_SETGID, 0));
+	return (priv_check_cred(cr, PRIV_VFS_SETGID));
 }
 
 int
@@ -310,7 +310,7 @@ secpolicy_vnode_setid_retain(vnode_t *vp, cred_t *cr,
 
 	if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
 		return (0);
-	return (priv_check_cred(cr, PRIV_VFS_RETAINSUGID, 0));
+	return (priv_check_cred(cr, PRIV_VFS_RETAINSUGID));
 }
 
 void
@@ -321,7 +321,7 @@ secpolicy_setid_clear(struct vattr *vap, vnode_t *vp, 
 		return;
 
 	if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0) {
-		if (priv_check_cred(cr, PRIV_VFS_RETAINSUGID, 0)) {
+		if (priv_check_cred(cr, PRIV_VFS_RETAINSUGID)) {
 			vap->va_mask |= AT_MODE;
 			vap->va_mode &= ~(S_ISUID|S_ISGID);
 		}
@@ -343,7 +343,7 @@ secpolicy_setid_setsticky_clear(vnode_t *vp, struct va
 	 * is not a member of. Both of these are allowed in jail(8).
 	 */
 	if (vp->v_type != VDIR && (vap->va_mode & S_ISTXT)) {
-		if (priv_check_cred(cr, PRIV_VFS_STICKYFILE, 0))
+		if (priv_check_cred(cr, PRIV_VFS_STICKYFILE))
 			return (EFTYPE);
 	}
 	/*
@@ -359,7 +359,7 @@ secpolicy_setid_setsticky_clear(vnode_t *vp, struct va
 	 * Deny setting setuid if we are not the file owner.
 	 */
 	if ((vap->va_mode & S_ISUID) && ovap->va_uid != cr->cr_uid) {
-		error = priv_check_cred(cr, PRIV_VFS_ADMIN, 0);
+		error = priv_check_cred(cr, PRIV_VFS_ADMIN);
 		if (error)
 			return (error);
 	}
@@ -370,7 +370,7 @@ int
 secpolicy_fs_mount(cred_t *cr, vnode_t *mvp, struct mount *vfsp)
 {
 
-	return (priv_check_cred(cr, PRIV_VFS_MOUNT, 0));
+	return (priv_check_cred(cr, PRIV_VFS_MOUNT));
 }
 
 int
@@ -383,7 +383,7 @@ secpolicy_vnode_owner(vnode_t *vp, cred_t *cr, uid_t o
 		return (0);
 
 	/* XXX: vfs_suser()? */
-	return (priv_check_cred(cr, PRIV_VFS_MOUNT_OWNER, 0));
+	return (priv_check_cred(cr, PRIV_VFS_MOUNT_OWNER));
 }
 
 int
@@ -392,14 +392,14 @@ secpolicy_vnode_chown(vnode_t *vp, cred_t *cr, uid_t o
 
 	if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
 		return (0);
-	return (priv_check_cred(cr, PRIV_VFS_CHOWN, 0));
+	return (priv_check_cred(cr, PRIV_VFS_CHOWN));
 }
 
 void
 secpolicy_fs_mount_clearopts(cred_t *cr, struct mount *vfsp)
 {
 
-	if (priv_check_cred(cr, PRIV_VFS_MOUNT_NONUSER, 0) != 0) {
+	if (priv_check_cred(cr, PRIV_VFS_MOUNT_NONUSER) != 0) {
 		MNT_ILOCK(vfsp);
 		vfsp->vfs_flag |= VFS_NOSETUID | MNT_USER;
 		vfs_clearmntopt(vfsp, MNTOPT_SETUID);
@@ -418,12 +418,12 @@ secpolicy_xvattr(vnode_t *vp, xvattr_t *xvap, uid_t ow
 
 	if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
 		return (0);
-	return (priv_check_cred(cr, PRIV_VFS_SYSFLAGS, 0));
+	return (priv_check_cred(cr, PRIV_VFS_SYSFLAGS));
 }
 
 int
 secpolicy_smb(cred_t *cr)
 {
 
-	return (priv_check_cred(cr, PRIV_NETSMB, 0));
+	return (priv_check_cred(cr, PRIV_NETSMB));
 }

Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_zone.c
==============================================================================
--- head/sys/cddl/compat/opensolaris/kern/opensolaris_zone.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/cddl/compat/opensolaris/kern/opensolaris_zone.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -63,7 +63,7 @@ zone_dataset_attach(struct ucred *cred, const char *da
 	struct prison *pr;
 	int dofree, error;
 
-	if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL, 0)) != 0)
+	if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL)) != 0)
 		return (error);
 
 	/* Allocate memory before we grab prison's mutex. */
@@ -115,7 +115,7 @@ zone_dataset_detach(struct ucred *cred, const char *da
 	struct prison *pr;
 	int error;
 
-	if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL, 0)) != 0)
+	if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL)) != 0)
 		return (error);
 
 	sx_slock(&allprison_lock);

Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
==============================================================================
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -5205,7 +5205,7 @@ zfs_freebsd_setattr(ap)
 		 * otherwise, they behave like unprivileged processes.
 		 */
 		if (secpolicy_fs_owner(vp->v_mount, cred) == 0 ||
-		    priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0) == 0) {
+		    priv_check_cred(cred, PRIV_VFS_SYSFLAGS) == 0) {
 			if (zflags &
 			    (ZFS_IMMUTABLE | ZFS_APPENDONLY | ZFS_NOUNLINK)) {
 				error = securelevel_gt(cred, 0);

Modified: head/sys/compat/linux/linux_misc.c
==============================================================================
--- head/sys/compat/linux/linux_misc.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/compat/linux/linux_misc.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -1336,7 +1336,7 @@ linux_setgroups(struct thread *td, struct linux_setgro
 	 * Keep cr_groups[0] unchanged to prevent that.
 	 */
 
-	if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) {
+	if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS)) != 0) {
 		PROC_UNLOCK(p);
 		crfree(newcred);
 		goto out;

Modified: head/sys/compat/linux/linux_uid16.c
==============================================================================
--- head/sys/compat/linux/linux_uid16.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/compat/linux/linux_uid16.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -192,7 +192,7 @@ linux_setgroups16(struct thread *td, struct linux_setg
 	 * Keep cr_groups[0] unchanged to prevent that.
 	 */
 
-	if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) {
+	if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS)) != 0) {
 		PROC_UNLOCK(p);
 		crfree(newcred);
 

Modified: head/sys/dev/filemon/filemon_wrapper.c
==============================================================================
--- head/sys/dev/filemon/filemon_wrapper.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/dev/filemon/filemon_wrapper.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -129,8 +129,7 @@ filemon_event_process_exec(void *arg __unused, struct 
 		/* If the credentials changed then cease tracing. */
 		if (imgp->newcred != NULL &&
 		    imgp->credential_setid &&
-		    priv_check_cred(filemon->cred,
-		    PRIV_DEBUG_DIFFCRED, 0) != 0) {
+		    priv_check_cred(filemon->cred, PRIV_DEBUG_DIFFCRED) != 0) {
 			/*
 			 * It may have changed to NULL already, but
 			 * will not be re-attached by anything else.

Modified: head/sys/fs/ext2fs/ext2_vnops.c
==============================================================================
--- head/sys/fs/ext2fs/ext2_vnops.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/fs/ext2fs/ext2_vnops.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -420,7 +420,7 @@ ext2_setattr(struct vop_setattr_args *ap)
 		 * Privileged non-jail processes may not modify system flags
 		 * if securelevel > 0 and any existing system flags are set.
 		 */
-		if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
+		if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
 			if (ip->i_flags & (SF_IMMUTABLE | SF_APPEND)) {
 				error = securelevel_gt(cred, 0);
 				if (error)
@@ -531,12 +531,12 @@ ext2_chmod(struct vnode *vp, int mode, struct ucred *c
 	 * process is not a member of.
 	 */
 	if (vp->v_type != VDIR && (mode & S_ISTXT)) {
-		error = priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0);
+		error = priv_check_cred(cred, PRIV_VFS_STICKYFILE);
 		if (error)
 			return (EFTYPE);
 	}
 	if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
-		error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
+		error = priv_check_cred(cred, PRIV_VFS_SETGID);
 		if (error)
 			return (error);
 	}
@@ -576,7 +576,7 @@ ext2_chown(struct vnode *vp, uid_t uid, gid_t gid, str
 	 */
 	if (uid != ip->i_uid || (gid != ip->i_gid &&
 	    !groupmember(gid, cred))) {
-		error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
+		error = priv_check_cred(cred, PRIV_VFS_CHOWN);
 		if (error)
 			return (error);
 	}
@@ -586,7 +586,7 @@ ext2_chown(struct vnode *vp, uid_t uid, gid_t gid, str
 	ip->i_uid = uid;
 	ip->i_flag |= IN_CHANGE;
 	if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
-		if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0) != 0)
+		if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID) != 0)
 			ip->i_mode &= ~(ISUID | ISGID);
 	}
 	return (0);
@@ -1983,7 +1983,7 @@ ext2_makeinode(int mode, struct vnode *dvp, struct vno
 	tvp->v_type = IFTOVT(mode);	/* Rest init'd in getnewvnode(). */
 	ip->i_nlink = 1;
 	if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) {
-		if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID, 0))
+		if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID))
 			ip->i_mode &= ~ISGID;
 	}
 
@@ -2311,7 +2311,7 @@ ext2_write(struct vop_write_args *ap)
 	 */
 	if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid &&
 	    ap->a_cred) {
-		if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, 0))
+		if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID))
 			ip->i_mode &= ~(ISUID | ISGID);
 	}
 	if (error) {

Modified: head/sys/fs/fuse/fuse_internal.c
==============================================================================
--- head/sys/fs/fuse/fuse_internal.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/fs/fuse/fuse_internal.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -171,7 +171,7 @@ fuse_internal_access(struct vnode *vp,
 		    return 0;
 	}
 	if ((mode & VADMIN) != 0) {
-		err = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+		err = priv_check_cred(cred, PRIV_VFS_ADMIN);
 		if (err) {
 			return err;
 		}

Modified: head/sys/fs/fuse/fuse_vnops.c
==============================================================================
--- head/sys/fs/fuse/fuse_vnops.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/fs/fuse/fuse_vnops.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -242,7 +242,7 @@ fuse_vnop_access(struct vop_access_args *ap)
 	}
 	if (!(data->dataflags & FSESS_INITED)) {
 		if (vnode_isvroot(vp)) {
-			if (priv_check_cred(cred, PRIV_VFS_ADMIN, 0) ||
+			if (priv_check_cred(cred, PRIV_VFS_ADMIN) ||
 			    (fuse_match_cred(data->daemoncred, cred) == 0)) {
 				return 0;
 			}

Modified: head/sys/fs/msdosfs/msdosfs_vnops.c
==============================================================================
--- head/sys/fs/msdosfs/msdosfs_vnops.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/fs/msdosfs/msdosfs_vnops.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -378,7 +378,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
 			return (EROFS);
 		if (cred->cr_uid != pmp->pm_uid) {
-			error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+			error = priv_check_cred(cred, PRIV_VFS_ADMIN);
 			if (error)
 				return (error);
 		}
@@ -427,7 +427,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
 			gid = pmp->pm_gid;
 		if (cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
 		    (gid != pmp->pm_gid && !groupmember(gid, cred))) {
-			error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
+			error = priv_check_cred(cred, PRIV_VFS_CHOWN);
 			if (error)
 				return (error);
 		}
@@ -498,7 +498,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
 			return (EROFS);
 		if (cred->cr_uid != pmp->pm_uid) {
-			error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+			error = priv_check_cred(cred, PRIV_VFS_ADMIN);
 			if (error)
 				return (error);
 		}

Modified: head/sys/fs/nandfs/nandfs_vnops.c
==============================================================================
--- head/sys/fs/nandfs/nandfs_vnops.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/fs/nandfs/nandfs_vnops.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -721,11 +721,11 @@ nandfs_chmod(struct vnode *vp, int mode, struct ucred 
 	 * jail(8).
 	 */
 	if (vp->v_type != VDIR && (mode & S_ISTXT)) {
-		if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0))
+		if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
 			return (EFTYPE);
 	}
 	if (!groupmember(inode->i_gid, cred) && (mode & ISGID)) {
-		error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
+		error = priv_check_cred(cred, PRIV_VFS_SETGID);
 		if (error)
 			return (error);
 	}
@@ -734,7 +734,7 @@ nandfs_chmod(struct vnode *vp, int mode, struct ucred 
 	 * Deny setting setuid if we are not the file owner.
 	 */
 	if ((mode & ISUID) && inode->i_uid != cred->cr_uid) {
-		error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+		error = priv_check_cred(cred, PRIV_VFS_ADMIN);
 		if (error)
 			return (error);
 	}
@@ -777,7 +777,7 @@ nandfs_chown(struct vnode *vp, uid_t uid, gid_t gid, s
 	 */
 	if (((uid != inode->i_uid && uid != cred->cr_uid) ||
 	    (gid != inode->i_gid && !groupmember(gid, cred))) &&
-	    (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0)))
+	    (error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
 		return (error);
 	ogid = inode->i_gid;
 	ouid = inode->i_uid;
@@ -788,7 +788,7 @@ nandfs_chown(struct vnode *vp, uid_t uid, gid_t gid, s
 	node->nn_flags |= IN_CHANGE;
 	if ((inode->i_mode & (ISUID | ISGID)) &&
 	    (ouid != uid || ogid != gid)) {
-		if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0))
+		if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID))
 			inode->i_mode &= ~(ISUID | ISGID);
 	}
 	DPRINTF(VNCALL, ("%s: vp %p, cred %p, td %p - ret OK\n", __func__, vp,
@@ -839,7 +839,7 @@ nandfs_setattr(struct vop_setattr_args *ap)
 		 */
 
 		flags = inode->i_flags;
-		if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
+		if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
 			if (flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
 				error = securelevel_gt(cred, 0);
 				if (error)

Modified: head/sys/fs/nfs/nfs_commonsubs.c
==============================================================================
--- head/sys/fs/nfs/nfs_commonsubs.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/fs/nfs/nfs_commonsubs.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -1869,7 +1869,7 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp,
 		case NFSATTRBIT_QUOTAHARD:
 			NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
 			if (sbp != NULL) {
-			    if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
+			    if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
 				freenum = sbp->f_bfree;
 			    else
 				freenum = sbp->f_bavail;
@@ -1898,7 +1898,7 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp,
 		case NFSATTRBIT_QUOTASOFT:
 			NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
 			if (sbp != NULL) {
-			    if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
+			    if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
 				freenum = sbp->f_bfree;
 			    else
 				freenum = sbp->f_bavail;
@@ -2756,7 +2756,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount
 				free(cp, M_NFSSTRING);
 			break;
 		case NFSATTRBIT_QUOTAHARD:
-			if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
+			if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
 				freenum = fs->f_bfree;
 			else
 				freenum = fs->f_bavail;
@@ -2780,7 +2780,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount
 			retnum += NFSX_HYPER;
 			break;
 		case NFSATTRBIT_QUOTASOFT:
-			if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
+			if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
 				freenum = fs->f_bfree;
 			else
 				freenum = fs->f_bavail;
@@ -2832,7 +2832,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount
 			break;
 		case NFSATTRBIT_SPACEAVAIL:
 			NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER);
-			if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0)) {
+			if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE)) {
 				if (pnfssf != NULL)
 					uquad = (u_int64_t)pnfssf->f_bfree;
 				else

Modified: head/sys/fs/nfsserver/nfs_nfsdport.c
==============================================================================
--- head/sys/fs/nfsserver/nfs_nfsdport.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/fs/nfsserver/nfs_nfsdport.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -996,8 +996,7 @@ nfsvno_createsub(struct nfsrv_descript *nd, struct nam
 			if (nvap->na_type == VCHR && rdev == 0xffffffff)
 				nvap->na_type = VFIFO;
                         if (nvap->na_type != VFIFO &&
-			    (error = priv_check_cred(nd->nd_cred,
-			     PRIV_VFS_MKNOD_DEV, 0))) {
+			    (error = priv_check_cred(nd->nd_cred, PRIV_VFS_MKNOD_DEV))) {
 				vrele(ndp->ni_startdir);
 				nfsvno_relpathbuf(ndp);
 				vput(ndp->ni_dvp);
@@ -1091,7 +1090,7 @@ nfsvno_mknod(struct nameidata *ndp, struct nfsvattr *n
 		nfsvno_relpathbuf(ndp);
 	} else {
 		if (nvap->na_type != VFIFO &&
-		    (error = priv_check_cred(cred, PRIV_VFS_MKNOD_DEV, 0))) {
+		    (error = priv_check_cred(cred, PRIV_VFS_MKNOD_DEV))) {
 			vrele(ndp->ni_startdir);
 			nfsvno_relpathbuf(ndp);
 			vput(ndp->ni_dvp);

Modified: head/sys/fs/tmpfs/tmpfs_subr.c
==============================================================================
--- head/sys/fs/tmpfs/tmpfs_subr.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/fs/tmpfs/tmpfs_subr.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -1522,7 +1522,7 @@ tmpfs_chflags(struct vnode *vp, u_long flags, struct u
 	 * Unprivileged processes are not permitted to unset system
 	 * flags, or modify flags if any system flags are set.
 	 */
-	if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
+	if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
 		if (node->tn_flags &
 		    (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
 			error = securelevel_gt(cred, 0);
@@ -1579,11 +1579,11 @@ tmpfs_chmod(struct vnode *vp, mode_t mode, struct ucre
 	 * process is not a member of.
 	 */
 	if (vp->v_type != VDIR && (mode & S_ISTXT)) {
-		if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0))
+		if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
 			return (EFTYPE);
 	}
 	if (!groupmember(node->tn_gid, cred) && (mode & S_ISGID)) {
-		error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
+		error = priv_check_cred(cred, PRIV_VFS_SETGID);
 		if (error)
 			return (error);
 	}
@@ -1649,7 +1649,7 @@ tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, st
 	 */
 	if ((uid != node->tn_uid ||
 	    (gid != node->tn_gid && !groupmember(gid, cred))) &&
-	    (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0)))
+	    (error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
 		return (error);
 
 	ogid = node->tn_gid;
@@ -1661,7 +1661,7 @@ tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, st
 	node->tn_status |= TMPFS_NODE_CHANGED;
 
 	if ((node->tn_mode & (S_ISUID | S_ISGID)) && (ouid != uid || ogid != gid)) {
-		if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0))
+		if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID))
 			node->tn_mode &= ~(S_ISUID | S_ISGID);
 	}
 

Modified: head/sys/fs/tmpfs/tmpfs_vnops.c
==============================================================================
--- head/sys/fs/tmpfs/tmpfs_vnops.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/fs/tmpfs/tmpfs_vnops.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -523,7 +523,7 @@ tmpfs_write(struct vop_write_args *v)
 	node->tn_status |= TMPFS_NODE_ACCESSED | TMPFS_NODE_MODIFIED |
 	    TMPFS_NODE_CHANGED;
 	if (node->tn_mode & (S_ISUID | S_ISGID)) {
-		if (priv_check_cred(v->a_cred, PRIV_VFS_RETAINSUGID, 0))
+		if (priv_check_cred(v->a_cred, PRIV_VFS_RETAINSUGID))
 			node->tn_mode &= ~(S_ISUID | S_ISGID);
 	}
 	if (error != 0)

Modified: head/sys/kern/kern_exec.c
==============================================================================
--- head/sys/kern/kern_exec.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/kern/kern_exec.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -786,7 +786,7 @@ interpret:
 
 #ifdef KTRACE
 		if (p->p_tracecred != NULL &&
-		    priv_check_cred(p->p_tracecred, PRIV_DEBUG_DIFFCRED, 0))
+		    priv_check_cred(p->p_tracecred, PRIV_DEBUG_DIFFCRED))
 			ktrprocexec(p, &tracecred, &tracevp);
 #endif
 		/*

Modified: head/sys/kern/kern_fork.c
==============================================================================
--- head/sys/kern/kern_fork.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/kern/kern_fork.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -838,8 +838,7 @@ fork1(struct thread *td, struct fork_req *fr)
 	 * processes; don't let root exceed the limit.
 	 */
 	nprocs_new = atomic_fetchadd_int(&nprocs, 1) + 1;
-	if ((nprocs_new >= maxproc - 10 && priv_check_cred(td->td_ucred,
-	    PRIV_MAXPROC, 0) != 0) || nprocs_new >= maxproc) {
+	if ((nprocs_new >= maxproc - 10 && priv_check_cred(td->td_ucred, PRIV_MAXPROC) != 0) || nprocs_new >= maxproc) {
 		error = EAGAIN;
 		sx_xlock(&allproc_lock);
 		if (ppsratecheck(&lastfail, &curfail, 1)) {
@@ -936,7 +935,7 @@ fork1(struct thread *td, struct fork_req *fr)
 	 *
 	 * XXXRW: Can we avoid privilege here if it's not needed?
 	 */
-	error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, 0);
+	error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT);
 	if (error == 0)
 		ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0);
 	else {

Modified: head/sys/kern/kern_priv.c
==============================================================================
--- head/sys/kern/kern_priv.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/kern/kern_priv.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -76,7 +76,7 @@ SDT_PROBE_DEFINE1(priv, kernel, priv_check, priv__err,
  * only a few to grant it.
  */
 int
-priv_check_cred(struct ucred *cred, int priv, int flags)
+priv_check_cred(struct ucred *cred, int priv)
 {
 	int error;
 
@@ -207,5 +207,5 @@ priv_check(struct thread *td, int priv)
 
 	KASSERT(td == curthread, ("priv_check: td != curthread"));
 
-	return (priv_check_cred(td->td_ucred, priv, 0));
+	return (priv_check_cred(td->td_ucred, priv));
 }

Modified: head/sys/kern/kern_prot.c
==============================================================================
--- head/sys/kern/kern_prot.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/kern/kern_prot.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -518,7 +518,7 @@ sys_setuid(struct thread *td, struct setuid_args *uap)
 #ifdef POSIX_APPENDIX_B_4_2_2	/* Use BSD-compat clause from B.4.2.2 */
 	    uid != oldcred->cr_uid &&		/* allow setuid(geteuid()) */
 #endif
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETUID, 0)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETUID)) != 0)
 		goto fail;
 
 #ifdef _POSIX_SAVED_IDS
@@ -531,7 +531,7 @@ sys_setuid(struct thread *td, struct setuid_args *uap)
 	    uid == oldcred->cr_uid ||
 #endif
 	    /* We are using privs. */
-	    priv_check_cred(oldcred, PRIV_CRED_SETUID, 0) == 0)
+	    priv_check_cred(oldcred, PRIV_CRED_SETUID) == 0)
 #endif
 	{
 		/*
@@ -615,7 +615,7 @@ sys_seteuid(struct thread *td, struct seteuid_args *ua
 
 	if (euid != oldcred->cr_ruid &&		/* allow seteuid(getuid()) */
 	    euid != oldcred->cr_svuid &&	/* allow seteuid(saved uid) */
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID, 0)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID)) != 0)
 		goto fail;
 
 	/*
@@ -682,7 +682,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap)
 #ifdef POSIX_APPENDIX_B_4_2_2	/* Use BSD-compat clause from B.4.2.2 */
 	    gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
 #endif
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETGID, 0)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETGID)) != 0)
 		goto fail;
 
 #ifdef _POSIX_SAVED_IDS
@@ -695,7 +695,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap)
 	    gid == oldcred->cr_groups[0] ||
 #endif
 	    /* We are using privs. */
-	    priv_check_cred(oldcred, PRIV_CRED_SETGID, 0) == 0)
+	    priv_check_cred(oldcred, PRIV_CRED_SETGID) == 0)
 #endif
 	{
 		/*
@@ -764,7 +764,7 @@ sys_setegid(struct thread *td, struct setegid_args *ua
 
 	if (egid != oldcred->cr_rgid &&		/* allow setegid(getgid()) */
 	    egid != oldcred->cr_svgid &&	/* allow setegid(saved gid) */
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, 0)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID)) != 0)
 		goto fail;
 
 	if (oldcred->cr_groups[0] != egid) {
@@ -835,7 +835,7 @@ kern_setgroups(struct thread *td, u_int ngrp, gid_t *g
 		goto fail;
 #endif
 
-	error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0);
+	error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS);
 	if (error)
 		goto fail;
 
@@ -898,7 +898,7 @@ sys_setreuid(struct thread *td, struct setreuid_args *
 	      ruid != oldcred->cr_svuid) ||
 	     (euid != (uid_t)-1 && euid != oldcred->cr_uid &&
 	      euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) &&
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID, 0)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID)) != 0)
 		goto fail;
 
 	if (euid != (uid_t)-1 && oldcred->cr_uid != euid) {
@@ -970,7 +970,7 @@ sys_setregid(struct thread *td, struct setregid_args *
 	    rgid != oldcred->cr_svgid) ||
 	     (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
 	     egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID, 0)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID)) != 0)
 		goto fail;
 
 	if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
@@ -1045,7 +1045,7 @@ sys_setresuid(struct thread *td, struct setresuid_args
 	     (suid != (uid_t)-1 && suid != oldcred->cr_ruid &&
 	    suid != oldcred->cr_svuid &&
 	      suid != oldcred->cr_uid)) &&
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID, 0)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID)) != 0)
 		goto fail;
 
 	if (euid != (uid_t)-1 && oldcred->cr_uid != euid) {
@@ -1129,7 +1129,7 @@ sys_setresgid(struct thread *td, struct setresgid_args
 	     (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
 	      sgid != oldcred->cr_svgid &&
 	      sgid != oldcred->cr_groups[0])) &&
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID, 0)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID)) != 0)
 		goto fail;
 
 	if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
@@ -1343,7 +1343,7 @@ cr_canseeotheruids(struct ucred *u1, struct ucred *u2)
 {
 
 	if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) {
-		if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, 0) != 0)
+		if (priv_check_cred(u1, PRIV_SEEOTHERUIDS) != 0)
 			return (ESRCH);
 	}
 	return (0);
@@ -1382,7 +1382,7 @@ cr_canseeothergids(struct ucred *u1, struct ucred *u2)
 				break;
 		}
 		if (!match) {
-			if (priv_check_cred(u1, PRIV_SEEOTHERGIDS, 0) != 0)
+			if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) != 0)
 				return (ESRCH);
 		}
 	}
@@ -1530,7 +1530,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, in
 			break;
 		default:
 			/* Not permitted without privilege. */
-			error = priv_check_cred(cred, PRIV_SIGNAL_SUGID, 0);
+			error = priv_check_cred(cred, PRIV_SIGNAL_SUGID);
 			if (error)
 				return (error);
 		}
@@ -1544,7 +1544,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, in
 	    cred->cr_ruid != proc->p_ucred->cr_svuid &&
 	    cred->cr_uid != proc->p_ucred->cr_ruid &&
 	    cred->cr_uid != proc->p_ucred->cr_svuid) {
-		error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED, 0);
+		error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED);
 		if (error)
 			return (error);
 	}

Modified: head/sys/kern/subr_acl_nfs4.c
==============================================================================
--- head/sys/kern/subr_acl_nfs4.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/kern/subr_acl_nfs4.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -259,8 +259,7 @@ vaccess_acl_nfs4(enum vtype type, uid_t file_uid, gid_
 	 * No match.  Try to use privileges, if there are any.
 	 */
 	if (is_directory) {
-		if ((accmode & VEXEC) && !priv_check_cred(cred,
-		    PRIV_VFS_LOOKUP, 0))
+		if ((accmode & VEXEC) && !priv_check_cred(cred, PRIV_VFS_LOOKUP))
 			priv_granted |= VEXEC;
 	} else {
 		/*
@@ -270,23 +269,23 @@ vaccess_acl_nfs4(enum vtype type, uid_t file_uid, gid_
 		 */
 		if ((accmode & VEXEC) && (file_mode &
 		    (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
-		    !priv_check_cred(cred, PRIV_VFS_EXEC, 0))
+		    !priv_check_cred(cred, PRIV_VFS_EXEC))
 			priv_granted |= VEXEC;
 	}
 
-	if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0))
+	if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ))
 		priv_granted |= VREAD;
 
 	if ((accmode & (VWRITE | VAPPEND | VDELETE_CHILD)) &&
-	    !priv_check_cred(cred, PRIV_VFS_WRITE, 0))
+	    !priv_check_cred(cred, PRIV_VFS_WRITE))
 		priv_granted |= (VWRITE | VAPPEND | VDELETE_CHILD);
 
 	if ((accmode & VADMIN_PERMS) &&
-	    !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
+	    !priv_check_cred(cred, PRIV_VFS_ADMIN))
 		priv_granted |= VADMIN_PERMS;
 
 	if ((accmode & VSTAT_PERMS) &&
-	    !priv_check_cred(cred, PRIV_VFS_STAT, 0))
+	    !priv_check_cred(cred, PRIV_VFS_STAT))
 		priv_granted |= VSTAT_PERMS;
 
 	if ((accmode & priv_granted) == accmode) {

Modified: head/sys/kern/subr_acl_posix1e.c
==============================================================================
--- head/sys/kern/subr_acl_posix1e.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/kern/subr_acl_posix1e.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -90,8 +90,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, g
 	priv_granted = 0;
 
 	if (type == VDIR) {
-		if ((accmode & VEXEC) && !priv_check_cred(cred,
-		     PRIV_VFS_LOOKUP, 0))
+		if ((accmode & VEXEC) && !priv_check_cred(cred, PRIV_VFS_LOOKUP))
 			priv_granted |= VEXEC;
 	} else {
 		/*
@@ -101,18 +100,18 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, g
 		 */
 		if ((accmode & VEXEC) && (acl_posix1e_acl_to_mode(acl) &
 		    (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
-		    !priv_check_cred(cred, PRIV_VFS_EXEC, 0))
+		    !priv_check_cred(cred, PRIV_VFS_EXEC))
 			priv_granted |= VEXEC;
 	}
 
-	if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0))
+	if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ))
 		priv_granted |= VREAD;
 
 	if (((accmode & VWRITE) || (accmode & VAPPEND)) &&
-	    !priv_check_cred(cred, PRIV_VFS_WRITE, 0))
+	    !priv_check_cred(cred, PRIV_VFS_WRITE))
 		priv_granted |= (VWRITE | VAPPEND);
 
-	if ((accmode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
+	if ((accmode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN))
 		priv_granted |= VADMIN;
 
 	/*

Modified: head/sys/kern/uipc_mqueue.c
==============================================================================
--- head/sys/kern/uipc_mqueue.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/kern/uipc_mqueue.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -1032,7 +1032,7 @@ int do_unlink(struct mqfs_node *pn, struct ucred *ucre
 	sx_assert(&pn->mn_info->mi_lock, SX_LOCKED);
 
 	if (ucred->cr_uid != pn->mn_uid &&
-	    (error = priv_check_cred(ucred, PRIV_MQ_ADMIN, 0)) != 0)
+	    (error = priv_check_cred(ucred, PRIV_MQ_ADMIN)) != 0)
 		error = EACCES;
 	else if (!pn->mn_deleted) {
 		parent = pn->mn_parent;
@@ -2581,7 +2581,7 @@ mqf_chown(struct file *fp, uid_t uid, gid_t gid, struc
 		gid = pn->mn_gid;
 	if (((uid != pn->mn_uid && uid != active_cred->cr_uid) ||
 	    (gid != pn->mn_gid && !groupmember(gid, active_cred))) &&
-	    (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
+	    (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN)))
 		goto out;
 	pn->mn_uid = uid;
 	pn->mn_gid = gid;

Modified: head/sys/kern/uipc_sem.c
==============================================================================
--- head/sys/kern/uipc_sem.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/kern/uipc_sem.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -242,7 +242,7 @@ ksem_chown(struct file *fp, uid_t uid, gid_t gid, stru
                  gid = ks->ks_gid;
 	if (((uid != ks->ks_uid && uid != active_cred->cr_uid) ||
 	    (gid != ks->ks_gid && !groupmember(gid, active_cred))) &&
-	    (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
+	    (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN)))
 		goto out;
 	ks->ks_uid = uid;
 	ks->ks_gid = gid;
@@ -364,7 +364,7 @@ ksem_access(struct ksem *ks, struct ucred *ucred)
 	error = vaccess(VREG, ks->ks_mode, ks->ks_uid, ks->ks_gid,
 	    VREAD | VWRITE, ucred, NULL);
 	if (error)
-		error = priv_check_cred(ucred, PRIV_SEM_WRITE, 0);
+		error = priv_check_cred(ucred, PRIV_SEM_WRITE);
 	return (error);
 }
 

Modified: head/sys/kern/uipc_shm.c
==============================================================================
--- head/sys/kern/uipc_shm.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/kern/uipc_shm.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -968,7 +968,7 @@ shm_chown(struct file *fp, uid_t uid, gid_t gid, struc
                  gid = shmfd->shm_gid;
 	if (((uid != shmfd->shm_uid && uid != active_cred->cr_uid) ||
 	    (gid != shmfd->shm_gid && !groupmember(gid, active_cred))) &&
-	    (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
+	    (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN)))
 		goto out;
 	shmfd->shm_uid = uid;
 	shmfd->shm_gid = gid;

Modified: head/sys/kern/vfs_mount.c
==============================================================================
--- head/sys/kern/vfs_mount.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/kern/vfs_mount.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -862,7 +862,7 @@ vfs_domount_first(
 	 */
 	error = VOP_GETATTR(vp, &va, td->td_ucred);
 	if (error == 0 && va.va_uid != td->td_ucred->cr_uid)
-		error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN, 0);
+		error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN);
 	if (error == 0)
 		error = vinvalbuf(vp, V_SAVE, 0, 0);
 	if (error == 0 && vp->v_type != VDIR)

Modified: head/sys/kern/vfs_subr.c
==============================================================================
--- head/sys/kern/vfs_subr.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/kern/vfs_subr.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -4469,7 +4469,7 @@ privcheck:
 		 * requests, instead of PRIV_VFS_EXEC.
 		 */
 		if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
-		    !priv_check_cred(cred, PRIV_VFS_LOOKUP, 0))
+		    !priv_check_cred(cred, PRIV_VFS_LOOKUP))
 			priv_granted |= VEXEC;
 	} else {
 		/*
@@ -4479,20 +4479,20 @@ privcheck:
 		 */
 		if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
 		    (file_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
-		    !priv_check_cred(cred, PRIV_VFS_EXEC, 0))
+		    !priv_check_cred(cred, PRIV_VFS_EXEC))
 			priv_granted |= VEXEC;
 	}
 
 	if ((accmode & VREAD) && ((dac_granted & VREAD) == 0) &&
-	    !priv_check_cred(cred, PRIV_VFS_READ, 0))
+	    !priv_check_cred(cred, PRIV_VFS_READ))
 		priv_granted |= VREAD;
 
 	if ((accmode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
-	    !priv_check_cred(cred, PRIV_VFS_WRITE, 0))
+	    !priv_check_cred(cred, PRIV_VFS_WRITE))
 		priv_granted |= (VWRITE | VAPPEND);
 
 	if ((accmode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
-	    !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
+	    !priv_check_cred(cred, PRIV_VFS_ADMIN))
 		priv_granted |= VADMIN;
 
 	if ((accmode & (priv_granted | dac_granted)) == accmode) {
@@ -4527,7 +4527,7 @@ extattr_check_cred(struct vnode *vp, int attrnamespace
 	switch (attrnamespace) {
 	case EXTATTR_NAMESPACE_SYSTEM:
 		/* Potentially should be: return (EPERM); */
-		return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM, 0));
+		return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM));
 	case EXTATTR_NAMESPACE_USER:
 		return (VOP_ACCESS(vp, accmode, cred, td));
 	default:

Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/kern/vfs_syscalls.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -1484,13 +1484,13 @@ can_hardlink(struct vnode *vp, struct ucred *cred)
 		return (error);
 
 	if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
-		error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
+		error = priv_check_cred(cred, PRIV_VFS_LINK);
 		if (error != 0)
 			return (error);
 	}
 
 	if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
-		error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
+		error = priv_check_cred(cred, PRIV_VFS_LINK);
 		if (error != 0)
 			return (error);
 	}

Modified: head/sys/net/if_tap.c
==============================================================================
--- head/sys/net/if_tap.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/net/if_tap.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -346,7 +346,7 @@ tapclone(void *arg, struct ucred *cred, char *name, in
 		return;
 
 	if (!tapdclone ||
-	    (!tapuopen && priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0))
+	    (!tapuopen && priv_check_cred(cred, PRIV_NET_IFCREATE) != 0))
 		return;
 
 	unit = 0;

Modified: head/sys/net/if_tun.c
==============================================================================
--- head/sys/net/if_tun.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/net/if_tun.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -204,7 +204,7 @@ tunclone(void *arg, struct ucred *cred, char *name, in
 	 * If tun cloning is enabled, only the superuser can create an
 	 * interface.
 	 */
-	if (!tundclone || priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0)
+	if (!tundclone || priv_check_cred(cred, PRIV_NET_IFCREATE) != 0)
 		return;
 
 	if (strcmp(name, tunname) == 0) {

Modified: head/sys/netinet/in_pcb.c
==============================================================================
--- head/sys/netinet/in_pcb.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/netinet/in_pcb.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -622,7 +622,7 @@ in_pcb_lport(struct inpcb *inp, struct in_addr *laddrp
 		last  = V_ipport_hilastauto;
 		lastport = &pcbinfo->ipi_lasthi;
 	} else if (inp->inp_flags & INP_LOWPORT) {
-		error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0);
+		error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT);
 		if (error)
 			return (error);
 		first = V_ipport_lowfirstauto;	/* 1023 */
@@ -866,12 +866,10 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *n
 			/* GROSS */
 			if (ntohs(lport) <= V_ipport_reservedhigh &&
 			    ntohs(lport) >= V_ipport_reservedlow &&
-			    priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
-			    0))
+			    priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT))
 				return (EACCES);
 			if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) &&
-			    priv_check_cred(inp->inp_cred,
-			    PRIV_NETINET_REUSEPORT, 0) != 0) {
+			    priv_check_cred(inp->inp_cred, PRIV_NETINET_REUSEPORT) != 0) {
 				t = in_pcblookup_local(pcbinfo, sin->sin_addr,
 				    lport, INPLOOKUP_WILDCARD, cred);
 	/*

Modified: head/sys/netinet6/in6_pcb.c
==============================================================================
--- head/sys/netinet6/in6_pcb.c	Tue Dec 11 19:12:44 2018	(r341826)
+++ head/sys/netinet6/in6_pcb.c	Tue Dec 11 19:32:16 2018	(r341827)
@@ -212,12 +212,10 @@ in6_pcbbind(struct inpcb *inp, struct sockaddr *nam,
 			/* GROSS */
 			if (ntohs(lport) <= V_ipport_reservedhigh &&
 			    ntohs(lport) >= V_ipport_reservedlow &&

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812111932.wBBJWHhh067846>