Date: Thu, 29 Apr 2004 17:08:44 -0700 (PDT) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 51949 for review Message-ID: <200404300008.i3U08i6k049227@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=51949 Change 51949 by cvance@cvance_sony on 2004/04/29 17:08:25 Replace suser and suser_cred checks with appropriate capability checks. The suser and suser_cred calls were introduced with code brought in during the recent integration from the MAC tree. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_mount.c#12 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_syscalls.c#11 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_vnops.c#9 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_mount.c#12 (text+ko) ==== @@ -744,7 +744,7 @@ } } } else { - if ((error = suser(td)) != 0) { + if ((error = cap_check(td, CAP_SYS_ADMIN)) != 0) { vput(vp); return (error); } @@ -1051,7 +1051,7 @@ return (EPERM); if (usermount == 0) { - if ((error = suser(td)) != 0) + if ((error = cap_check(td, CAP_SYS_ADMIN)) != 0) return (error); } @@ -1103,7 +1103,7 @@ return (error); } } else { - if ((error = suser(td)) != 0) + if ((error = cap_check(td, CAP_SYS_ADMIN)) != 0) return (error); } ==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_syscalls.c#11 (text+ko) ==== @@ -378,7 +378,7 @@ vfs_unbusy(mp, td); continue; } - if (suser(td)) { + if (cap_check(td, CAP_SYS_ADMIN)) { bcopy(sp, &sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; @@ -602,7 +602,7 @@ /* * Must be super user */ - error = suser(td); + error = cap_check(td, CAP_SYS_ADMIN); if (error) return (error); @@ -659,7 +659,7 @@ MIN(MFSNAMELEN, OMNAMELEN)); bcopy(nsp->f_mntfromname, osp->f_mntfromname, MIN(MFSNAMELEN, OMNAMELEN)); - if (suser(td)) { + if (cap_check(td, CAP_SYS_ADMIN)) { osp->f_fsid.val[0] = osp->f_fsid.val[1] = 0; } else { osp->f_fsid = nsp->f_fsid; @@ -1386,7 +1386,7 @@ struct vattr va; int error; - if (suser_cred(cred, PRISON_ROOT) == 0) + if (cap_check_cred(cred, NULL, CAP_SYS_ADMIN, PRISON_ROOT) == 0) return (0); if (!hardlink_check_uid && !hardlink_check_gid) ==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_vnops.c#9 (text+ko) ==== @@ -752,7 +752,7 @@ } sb->st_flags = vap->va_flags; - if (suser(td)) + if (cap_check(td, CAP_SYS_ADMIN)) sb->st_gen = 0; else sb->st_gen = vap->va_gen;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404300008.i3U08i6k049227>