From owner-cvs-src-old@FreeBSD.ORG  Sat Jun 20 14:51:25 2009
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 863521065670
	for <cvs-src-old@freebsd.org>; Sat, 20 Jun 2009 14:51:25 +0000 (UTC)
	(envelope-from ed@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 729458FC1D
	for <cvs-src-old@freebsd.org>; Sat, 20 Jun 2009 14:51:25 +0000 (UTC)
	(envelope-from ed@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5KEpPrZ017678
	for <cvs-src-old@freebsd.org>; Sat, 20 Jun 2009 14:51:25 GMT
	(envelope-from ed@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5KEpPKD017677
	for cvs-src-old@freebsd.org; Sat, 20 Jun 2009 14:51:25 GMT
	(envelope-from ed@repoman.freebsd.org)
Message-Id: <200906201451.n5KEpPKD017677@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	ed@repoman.freebsd.org using -f
From: Ed Schouten <ed@FreeBSD.org>
Date: Sat, 20 Jun 2009 14:50:32 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/fs/devfs devfs_vnops.c src/sys/kern tty.c
 src/sys/sys priv.h
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jun 2009 14:51:25 -0000

ed          2009-06-20 14:50:32 UTC

  FreeBSD src repository

  Modified files:
    sys/fs/devfs         devfs_vnops.c 
    sys/kern             tty.c 
    sys/sys              priv.h 
  Log:
  SVN rev 194532 on 2009-06-20 14:50:32Z by ed
  
  Improve nested jail awareness of devfs by handling credentials.
  
  Now that we start to use credentials on character devices more often
  (because of MPSAFE TTY), move the prison-checks that are in place in the
  TTY code into devfs.
  
  Instead of strictly comparing the prisons, use the more common
  prison_check() function to compare credentials. This means that
  pseudo-terminals are only visible in devfs by processes within the same
  jail and parent jails.
  
  Even though regular users in parent jails can now interact with
  pseudo-terminals from child jails, this seems to be the right approach.
  These processes are also capable of interacting with the jailed
  processes anyway, through signals for example.
  
  Reviewed by:    kib, rwatson (older version)
  
  Revision  Changes    Path
  1.181     +22 -0     src/sys/fs/devfs/devfs_vnops.c
  1.324     +0 -7      src/sys/kern/tty.c
  1.33      +0 -1      src/sys/sys/priv.h