From owner-p4-projects@FreeBSD.ORG  Mon Jul  4 11:05:38 2005
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D950316A420; Mon,  4 Jul 2005 11:05:37 +0000 (GMT)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B42A116A41C
	for <perforce@freebsd.org>; Mon,  4 Jul 2005 11:05:37 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A151143D46
	for <perforce@freebsd.org>; Mon,  4 Jul 2005 11:05:37 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j64B5bE7095385
	for <perforce@freebsd.org>; Mon, 4 Jul 2005 11:05:37 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j64B5b7t095379
	for perforce@freebsd.org; Mon, 4 Jul 2005 11:05:37 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Mon, 4 Jul 2005 11:05:37 GMT
Message-Id: <200507041105.j64B5b7t095379@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 79532 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2005 11:05:38 -0000

http://perforce.freebsd.org/chv.cgi?CH=79532

Change 79532 by rwatson@rwatson_paprika on 2005/07/04 11:05:08

	Loading of VFS-related kernel modules has moved to vfs_init.c, so
	restore the conversation of a suser() check to cap_check() lost
	during integrate.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_init.c#10 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_init.c#10 (text+ko) ====

@@ -39,6 +39,7 @@
 
 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/capability.h>
 #include <sys/kernel.h>
 #include <sys/linker.h>
 #include <sys/mount.h>
@@ -115,7 +116,7 @@
 		return (vfsp);
 
 	/* Only load modules for root (very important!). */
-	*error = suser(td);
+	*error = cap_check(td, CAP_SYS_MODULE);
 	if (*error)
 		return (NULL);
 	*error = securelevel_gt(td->td_ucred, 0);