From owner-p4-projects@FreeBSD.ORG  Sat Sep  9 10:03:51 2006
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 607A716A416; Sat,  9 Sep 2006 10:03:51 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3AA5C16A403
	for <perforce@freebsd.org>; Sat,  9 Sep 2006 10:03:51 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D636D43D64
	for <perforce@freebsd.org>; Sat,  9 Sep 2006 10:03:48 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k89A3mXB025658
	for <perforce@freebsd.org>; Sat, 9 Sep 2006 10:03:48 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k89A3mRr025655
	for perforce@freebsd.org; Sat, 9 Sep 2006 10:03:48 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Sat, 9 Sep 2006 10:03:48 GMT
Message-Id: <200609091003.k89A3mRr025655@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 105882 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Sep 2006 10:03:51 -0000

http://perforce.freebsd.org/chv.cgi?CH=105882

Change 105882 by rwatson@rwatson_sesame on 2006/09/09 10:02:52

	Add a new sysctl privilege associated with a sysctl writable in
	jail, in contrast the sysctls not writable in jail.  That way jail
	can grant access to some, but not all, sysctls without further
	special casing in the sysctl code.

Affected files ...

.. //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#3 (text+ko) ====

@@ -1253,7 +1253,8 @@
 	/* Is this sysctl writable by only privileged users? */
 	if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
 		if (oid->oid_kind & CTLFLAG_PRISON)
-			error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL);
+			error = priv_check_cred(req->td->td_ucred,
+			    PRIV_SYSCTL_WRITEJAIL, SUSER_ALLOWJAIL);
 		else
 			error = priv_check(req->td, PRIV_SYSCTL_WRITE);
 		if (error)