From owner-cvs-src@FreeBSD.ORG  Thu Sep  2 01:12:20 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9B14A16A4CE; Thu,  2 Sep 2004 01:12:20 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9088843D1D; Thu,  2 Sep 2004 01:12:20 +0000 (GMT)
	(envelope-from csjp@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i821CK9C030329;
	Thu, 2 Sep 2004 01:12:20 GMT
	(envelope-from csjp@repoman.freebsd.org)
Received: (from csjp@localhost)
	by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i821CKfE030328;
	Thu, 2 Sep 2004 01:12:20 GMT
	(envelope-from csjp)
Message-Id: <200409020112.i821CKfE030328@repoman.freebsd.org>
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
Date: Thu, 2 Sep 2004 01:12:20 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: RELENG_5
Subject: cvs commit: src/sys/ufs/ufs ufs_vnops.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Sep 2004 01:12:20 -0000

csjp        2004-09-02 01:12:20 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_5)
    sys/ufs/ufs          ufs_vnops.c 
  Log:
  MFC v1.243:
  
  Currently, if the secure level is low enough, system flags can
  be manipulated by prison root. In 4.x prison root can not manipulate
  system flags, regardless of the security level. This behavior
  should remain consistent to avoid any surprises which could lead
  to security problems for system administrators which give out
  privileged access to jails.
  
  This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL
  to 0. This will prevent prison root from being able to manipulate
  system flags on files.
  
  Approved by:    re (kensmith)
  
  Revision   Changes    Path
  1.242.2.1  +1 -1      src/sys/ufs/ufs/ufs_vnops.c