Date: Fri, 1 Dec 2006 13:00:00 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 110796 for review Message-ID: <200612011300.kB1D00LG076862@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=110796 Change 110796 by rwatson@rwatson_zoo on 2006/12/01 12:59:05 Revert branch-local changes in priv.h. Affected files ... .. //depot/projects/trustedbsd/priv/sys/sys/priv.h#10 integrate Differences ... ==== //depot/projects/trustedbsd/priv/sys/sys/priv.h#10 (text+ko) ==== @@ -26,7 +26,7 @@ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD$ + * $FreeBSD: src/sys/sys/priv.h,v 1.1 2006/11/06 13:37:18 rwatson Exp $ */ /* @@ -48,7 +48,10 @@ * When adding a new privilege, remember to determine if it's appropriate for * use in jail, and update the privilege switch in kern_jail.c as necessary. */ -/* Track beginning of privilege list. */ + +/* + * Track beginning of privilege list. + */ #define _PRIV_LOWEST 0 /* @@ -380,9 +383,8 @@ #define PRIV_VM86_INTCALL 650/* Allow invoking vm86 int handlers. */ /* - * Set of reserved privilege values, which will be allocated to code - * as needed, in order to avoid renumbering later privileges due to - * insertion. + * Set of reserved privilege values, which will be allocated to code as + * needed, in order to avoid renumbering later privileges due to insertion. */ #define _PRIV_RESERVED0 660 #define _PRIV_RESERVED1 661 @@ -402,11 +404,11 @@ #define _PRIV_RESERVED15 675 /* - * Define a set of valid privilege numbers that can be used by - * loadable modules that don't yet have privilege reservations. - * Ideally, these should not be used, since their meaning is opaque - * to any policies that are aware of specific privileges, such as - * jail, and as such may be arbitrarily denied. + * Define a set of valid privilege numbers that can be used by loadable + * modules that don't yet have privilege reservations. Ideally, these should + * not be used, since their meaning is opaque to any policies that are aware + * of specific privileges, such as jail, and as such may be arbitrarily + * denied. */ #define PRIV_MODULE0 700 #define PRIV_MODULE1 701 @@ -433,7 +435,8 @@ /* * Validate that a named privilege is known by the privilege system. Invalid * privileges presented to the privilege system by a priv_check interface - * will result in a panic. + * will result in a panic. This is only approximate due to sparse allocation + * of the privilege space. */ #define PRIV_VALID(x) ((x) > _PRIV_LOWEST && (x) < _PRIV_HIGHEST)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612011300.kB1D00LG076862>