From owner-p4-projects@FreeBSD.ORG  Mon Aug 11 16:51:59 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 8665B106568E; Mon, 11 Aug 2008 16:51:59 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 47E75106567E
	for <perforce@freebsd.org>; Mon, 11 Aug 2008 16:51:59 +0000 (UTC)
	(envelope-from trasz@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 367F88FC0C
	for <perforce@freebsd.org>; Mon, 11 Aug 2008 16:51:59 +0000 (UTC)
	(envelope-from trasz@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m7BGpx9E046327
	for <perforce@freebsd.org>; Mon, 11 Aug 2008 16:51:59 GMT
	(envelope-from trasz@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m7BGpxaG046325
	for perforce@freebsd.org; Mon, 11 Aug 2008 16:51:59 GMT
	(envelope-from trasz@freebsd.org)
Date: Mon, 11 Aug 2008 16:51:59 GMT
Message-Id: <200808111651.m7BGpxaG046325@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	trasz@freebsd.org using -f
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 147160 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2008 16:51:59 -0000

http://perforce.freebsd.org/chv.cgi?CH=147160

Change 147160 by trasz@trasz_traszkan on 2008/08/11 16:51:06

	Fix the fix from 147154.

Affected files ...

.. //depot/projects/soc2008/trasz_nfs4acl/TODO#39 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c#3 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_vnops.c#11 edit

Differences ...

==== //depot/projects/soc2008/trasz_nfs4acl/TODO#39 (text+ko) ====

@@ -12,6 +12,11 @@
 
 - Add the information about correct constants to the manual pages.
 
+- Decide what to do when chmod(2) needs to add ACL entries, but
+  there is no room in 'struct acl' to do that.  Solaris seems to
+  limit the numer of user-settable entries to half of ACL_MAX_ENTRIES,
+  so there is no risk of running out of them in chmod(2).
+
 - Make 'struct acl' variable size.
 
 - Benchmark things.

==== //depot/projects/soc2008/trasz_nfs4acl/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c#3 (text+ko) ====

@@ -260,8 +260,10 @@
 	/*
 	 * Deny setting setuid if we are not the file owner.
 	 */
-	if ((vap->va_mode & S_ISUID) && ovap->va_uid != cred->cr_uid)
-		return (EPERM);
-
+	if ((vap->va_mode & S_ISUID) && ovap->va_uid != cred->cr_uid) {
+		error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+		if (error)
+			return (error);
+	}
 	return (0);
 }

==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_vnops.c#11 (text+ko) ====

@@ -721,8 +721,11 @@
 	/*
 	 * Deny setting setuid if we are not the file owner.
 	 */
-	if ((mode & ISUID) && ip->i_uid != cred->cr_uid)
-		return (EPERM);
+	if ((mode & ISUID) && ip->i_uid != cred->cr_uid) {
+		error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+		if (error)
+			return (error);
+	}
 
 	ip->i_mode &= ~ALLPERMS;
 	ip->i_mode |= (mode & ALLPERMS);