Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 31 May 2007 14:05:56 GMT
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 120663 for review
Message-ID:  <200705311405.l4VE5uR5002193@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=120663

Change 120663 by rwatson@rwatson_zoo on 2007/05/31 14:05:34

	Start process of removing SUSER_ALLOWJAIL flag.

Affected files ...

.. //depot/projects/trustedbsd/priv/sys/compat/linux/linux_misc.c#14 edit
.. //depot/projects/trustedbsd/priv/sys/compat/linux/linux_uid16.c#5 edit
.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_fcntl.c#6 edit
.. //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_misc.c#7 edit
.. //depot/projects/trustedbsd/priv/sys/fs/devfs/devfs_vnops.c#9 edit
.. //depot/projects/trustedbsd/priv/sys/fs/msdosfs/msdosfs_vnops.c#9 edit
.. //depot/projects/trustedbsd/priv/sys/fs/procfs/procfs_ioctl.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/gnu/fs/ext2fs/ext2_vnops.c#6 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_exec.c#8 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_fork.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_ktrace.c#9 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_prot.c#8 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_resource.c#12 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#7 edit
.. //depot/projects/trustedbsd/priv/sys/kern/subr_acl_posix1e.c#4 edit
.. //depot/projects/trustedbsd/priv/sys/kern/sysv_ipc.c#6 edit
.. //depot/projects/trustedbsd/priv/sys/kern/sysv_msg.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/kern/uipc_mqueue.c#12 edit
.. //depot/projects/trustedbsd/priv/sys/kern/vfs_mount.c#14 edit
.. //depot/projects/trustedbsd/priv/sys/kern/vfs_subr.c#13 edit
.. //depot/projects/trustedbsd/priv/sys/kern/vfs_syscalls.c#13 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/in_pcb.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/raw_ip.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/sctp_pcb.c#8 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/sctp_usrreq.c#8 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/tcp_subr.c#13 edit
.. //depot/projects/trustedbsd/priv/sys/netinet/udp_usrreq.c#9 edit
.. //depot/projects/trustedbsd/priv/sys/netinet6/in6_pcb.c#6 edit
.. //depot/projects/trustedbsd/priv/sys/netinet6/in6_src.c#8 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac_portacl/mac_portacl.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac_seeotheruids/mac_seeotheruids.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_alloc.c#7 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_vnops.c#9 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#10 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_vnops.c#9 edit

Differences ...

==== //depot/projects/trustedbsd/priv/sys/compat/linux/linux_misc.c#14 (text+ko) ====

@@ -1077,8 +1077,7 @@
 	 * Keep cr_groups[0] unchanged to prevent that.
 	 */
 
-	if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
-	    SUSER_ALLOWJAIL)) != 0) {
+	if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) {
 		PROC_UNLOCK(p);
 		crfree(newcred);
 		return (error);

==== //depot/projects/trustedbsd/priv/sys/compat/linux/linux_uid16.c#5 (text+ko) ====

@@ -124,8 +124,7 @@
 	 * Keep cr_groups[0] unchanged to prevent that.
 	 */
 
-	if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
-	    SUSER_ALLOWJAIL)) != 0) {
+	if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) {
 		PROC_UNLOCK(p);
 		crfree(newcred);
 		return (error);

==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_fcntl.c#6 (text+ko) ====

@@ -281,8 +281,7 @@
 		goto out;
 
 	if (td->td_ucred->cr_uid != vattr.va_uid &&
-	    (error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
-	    SUSER_ALLOWJAIL)) != 0)
+	    (error = priv_check(td, PRIV_VFS_ADMIN)) != 0)
 		goto out;
 
 	if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)

==== //depot/projects/trustedbsd/priv/sys/compat/svr4/svr4_misc.c#7 (text+ko) ====

@@ -612,8 +612,7 @@
 	struct file	*fp;
 	int		 error, vfslocked;
 
-	if ((error = priv_check_cred(td->td_ucred, PRIV_VFS_FCHROOT,
-	    SUSER_ALLOWJAIL)) != 0)
+	if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0)
 		return error;
 	if ((error = getvnode(fdp, uap->fd, &fp)) != 0)
 		return error;

==== //depot/projects/trustedbsd/priv/sys/fs/devfs/devfs_vnops.c#9 (text+ko) ====

@@ -1168,7 +1168,7 @@
 		if ((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid ||
 		    (gid != de->de_gid && !groupmember(gid, ap->a_cred))) {
 			error = priv_check_cred(ap->a_td->td_ucred,
-			    PRIV_VFS_CHOWN, SUSER_ALLOWJAIL);
+			    PRIV_VFS_CHOWN, 0);
 			if (error)
 				return (error);
 		}
@@ -1180,7 +1180,7 @@
 	if (vap->va_mode != (mode_t)VNOVAL) {
 		if (ap->a_cred->cr_uid != de->de_uid) {
 			error = priv_check_cred(ap->a_td->td_ucred,
-			    PRIV_VFS_ADMIN, SUSER_ALLOWJAIL);
+			    PRIV_VFS_ADMIN, 0);
 			if (error)
 				return (error);
 		}

==== //depot/projects/trustedbsd/priv/sys/fs/msdosfs/msdosfs_vnops.c#9 (text+ko) ====

@@ -408,8 +408,7 @@
 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
 			return (EROFS);
 		if (cred->cr_uid != pmp->pm_uid) {
-			error = priv_check_cred(cred, PRIV_VFS_ADMIN,
-			    SUSER_ALLOWJAIL);
+			error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
 			if (error)
 				return (error);
 		}
@@ -426,8 +425,7 @@
 		 * sensible filesystem attempts it a lot.
 		 */
 		if (vap->va_flags & SF_SETTABLE) {
-			error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS,
-			    SUSER_ALLOWJAIL);
+			error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0);
 			if (error)
 				return (error);
 		}
@@ -454,8 +452,7 @@
 			gid = pmp->pm_gid;
 		if (cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
 		    (gid != pmp->pm_gid && !groupmember(gid, cred))) {
-			error = priv_check_cred(cred, PRIV_VFS_CHOWN,
-			    SUSER_ALLOWJAIL);
+			error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
 			if (error)
 				return (error);
 		}
@@ -520,8 +517,7 @@
 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
 			return (EROFS);
 		if (cred->cr_uid != pmp->pm_uid) {
-			error = priv_check_cred(cred, PRIV_VFS_ADMIN,
-			    SUSER_ALLOWJAIL);
+			error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
 			if (error)
 				return (error);
 		}

==== //depot/projects/trustedbsd/priv/sys/fs/procfs/procfs_ioctl.c#10 (text+ko) ====

@@ -115,7 +115,7 @@
 			 * are missing.
 			 */
 			error = priv_check_cred(td->td_ucred,
-			    PRIV_DEBUG_SUGID, SUSER_ALLOWJAIL);
+			    PRIV_DEBUG_SUGID, 0);
 			if (error)
 				break;
 		}

==== //depot/projects/trustedbsd/priv/sys/gnu/fs/ext2fs/ext2_vnops.c#6 (text+ko) ====

@@ -415,8 +415,7 @@
 		 * Privileged non-jail processes may not modify system flags
 		 * if securelevel > 0 and any existing system flags are set.
 		 */
-		if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS,
-		    SUSER_ALLOWJAIL)) {
+		if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
 			if (ip->i_flags
 			    & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
 				error = securelevel_gt(cred, 0);
@@ -535,14 +534,12 @@
 	 * process is not a member of.
 	 */
 	if (vp->v_type != VDIR && (mode & S_ISTXT)) {
-		error = priv_check_cred(cred, PRIV_VFS_STICKYFILE,
-		    SUSER_ALLOWJAIL);
+		error = priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0);
 		if (error)
 			return (EFTYPE);
 	}
 	if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
-		error = priv_check_cred(cred, PRIV_VFS_SETGID,
-		    SUSER_ALLOWJAIL);
+		error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
 		if (error)
 			return (error);
 	}
@@ -586,8 +583,7 @@
 	 */
 	if (uid != ip->i_uid || (gid != ip->i_gid &&
 	    !groupmember(gid, cred))) {
-		error = priv_check_cred(cred, PRIV_VFS_CHOWN,
-		    SUSER_ALLOWJAIL);
+		error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
 		if (error)
 			return (error);
 	}
@@ -597,8 +593,7 @@
 	ip->i_uid = uid;
 	ip->i_flag |= IN_CHANGE;
 	if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
-		if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID,
-		    SUSER_ALLOWJAIL) != 0)
+		if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0) != 0)
 			ip->i_mode &= ~(ISUID | ISGID);
 	}
 	return (0);
@@ -1648,8 +1643,7 @@
 	tvp->v_type = IFTOVT(mode);	/* Rest init'd in getnewvnode(). */
 	ip->i_nlink = 1;
 	if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) {
-		if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID,
-		    SUSER_ALLOWJAIL))
+		if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID, 0))
 			ip->i_mode &= ~ISGID;
 	}
 

==== //depot/projects/trustedbsd/priv/sys/kern/kern_exec.c#8 (text+ko) ====

@@ -567,8 +567,7 @@
 
 #ifdef KTRACE
 		if (p->p_tracevp != NULL &&
-		    priv_check_cred(oldcred, PRIV_DEBUG_DIFFCRED,
-		    SUSER_ALLOWJAIL)) {
+		    priv_check_cred(oldcred, PRIV_DEBUG_DIFFCRED, 0)) {
 			mtx_lock(&ktrace_mtx);
 			p->p_traceflag = 0;
 			tracevp = p->p_tracevp;

==== //depot/projects/trustedbsd/priv/sys/kern/kern_fork.c#10 (text+ko) ====

@@ -309,8 +309,7 @@
 	 *
 	 * XXXRW: Can we avoid privilege here if it's not needed?
 	 */
-	error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, SUSER_RUID |
-	    SUSER_ALLOWJAIL);
+	error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, SUSER_RUID);
 	if (error == 0)
 		ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0);
 	else {

==== //depot/projects/trustedbsd/priv/sys/kern/kern_ktrace.c#9 (text+ko) ====

@@ -793,8 +793,7 @@
 			p->p_tracecred = crhold(td->td_ucred);
 		}
 		p->p_traceflag |= facs;
-		if (priv_check_cred(td->td_ucred, PRIV_KTRACE,
-		    SUSER_ALLOWJAIL) == 0)
+		if (priv_check(td, PRIV_KTRACE) == 0)
 			p->p_traceflag |= KTRFAC_ROOT;
 	} else {
 		/* KTROP_CLEAR */
@@ -1000,7 +999,7 @@
 
 	PROC_LOCK_ASSERT(targetp, MA_OWNED);
 	if (targetp->p_traceflag & KTRFAC_ROOT &&
-	    priv_check_cred(td->td_ucred, PRIV_KTRACE, SUSER_ALLOWJAIL))
+	    priv_check(td, PRIV_KTRACE))
 		return (0);
 
 	if (p_candebug(td, targetp) != 0)

==== //depot/projects/trustedbsd/priv/sys/kern/kern_prot.c#8 (text+ko) ====

@@ -511,8 +511,7 @@
 #ifdef POSIX_APPENDIX_B_4_2_2	/* Use BSD-compat clause from B.4.2.2 */
 	    uid != oldcred->cr_uid &&		/* allow setuid(geteuid()) */
 #endif
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETUID,
-	    SUSER_ALLOWJAIL)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETUID, 0)) != 0)
 		goto fail;
 
 	/*
@@ -529,7 +528,7 @@
 	    uid == oldcred->cr_uid ||
 #endif
 	    /* We are using privs. */
-	    priv_check_cred(oldcred, PRIV_CRED_SETUID, SUSER_ALLOWJAIL) == 0)
+	    priv_check_cred(oldcred, PRIV_CRED_SETUID, 0) == 0)
 #endif
 	{
 		/*
@@ -602,8 +601,7 @@
 
 	if (euid != oldcred->cr_ruid &&		/* allow seteuid(getuid()) */
 	    euid != oldcred->cr_svuid &&	/* allow seteuid(saved uid) */
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID,
-	    SUSER_ALLOWJAIL)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID, 0)) != 0)
 		goto fail;
 
 	/*
@@ -672,8 +670,7 @@
 #ifdef POSIX_APPENDIX_B_4_2_2	/* Use BSD-compat clause from B.4.2.2 */
 	    gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
 #endif
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETGID,
-	    SUSER_ALLOWJAIL)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETGID, 0)) != 0)
 		goto fail;
 
 	crcopy(newcred, oldcred);
@@ -687,7 +684,7 @@
 	    gid == oldcred->cr_groups[0] ||
 #endif
 	    /* We are using privs. */
-	    priv_check_cred(oldcred, PRIV_CRED_SETGID, SUSER_ALLOWJAIL) == 0)
+	    priv_check_cred(oldcred, PRIV_CRED_SETGID, 0) == 0)
 #endif
 	{
 		/*
@@ -756,8 +753,7 @@
 
 	if (egid != oldcred->cr_rgid &&		/* allow setegid(getgid()) */
 	    egid != oldcred->cr_svgid &&	/* allow setegid(saved gid) */
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID,
-	    SUSER_ALLOWJAIL)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, 0)) != 0)
 		goto fail;
 
 	crcopy(newcred, oldcred);
@@ -817,8 +813,7 @@
 		goto fail;
 #endif
 
-	error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
-	    SUSER_ALLOWJAIL);
+	error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0);
 	if (error)
 		goto fail;
 
@@ -887,8 +882,7 @@
 	      ruid != oldcred->cr_svuid) ||
 	     (euid != (uid_t)-1 && euid != oldcred->cr_uid &&
 	      euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) &&
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID,
-	     SUSER_ALLOWJAIL)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID, 0)) != 0)
 		goto fail;
 
 	crcopy(newcred, oldcred);
@@ -953,8 +947,7 @@
 	    rgid != oldcred->cr_svgid) ||
 	     (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
 	     egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID,
-	     SUSER_ALLOWJAIL)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID, 0)) != 0)
 		goto fail;
 
 	crcopy(newcred, oldcred);
@@ -1030,8 +1023,7 @@
 	     (suid != (uid_t)-1 && suid != oldcred->cr_ruid &&
 	    suid != oldcred->cr_svuid &&
 	      suid != oldcred->cr_uid)) &&
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID,
-	     SUSER_ALLOWJAIL)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID, 0)) != 0)
 		goto fail;
 
 	crcopy(newcred, oldcred);
@@ -1108,8 +1100,7 @@
 	     (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
 	      sgid != oldcred->cr_svgid &&
 	      sgid != oldcred->cr_groups[0])) &&
-	    (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID,
-	     SUSER_ALLOWJAIL)) != 0)
+	    (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID, 0)) != 0)
 		goto fail;
 
 	crcopy(newcred, oldcred);
@@ -1317,8 +1308,7 @@
 {
 
 	if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) {
-		if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL)
-		    != 0)
+		if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, 0) != 0)
 			return (ESRCH);
 	}
 	return (0);
@@ -1357,8 +1347,7 @@
 				break;
 		}
 		if (!match) {
-			if (priv_check_cred(u1, PRIV_SEEOTHERGIDS,
-			    SUSER_ALLOWJAIL) != 0)
+			if (priv_check_cred(u1, PRIV_SEEOTHERGIDS, 0) != 0)
 				return (ESRCH);
 		}
 	}
@@ -1475,8 +1464,7 @@
 			break;
 		default:
 			/* Not permitted without privilege. */
-			error = priv_check_cred(cred, PRIV_SIGNAL_SUGID,
-			    SUSER_ALLOWJAIL);
+			error = priv_check_cred(cred, PRIV_SIGNAL_SUGID, 0);
 			if (error)
 				return (error);
 		}
@@ -1490,9 +1478,7 @@
 	    cred->cr_ruid != proc->p_ucred->cr_svuid &&
 	    cred->cr_uid != proc->p_ucred->cr_ruid &&
 	    cred->cr_uid != proc->p_ucred->cr_svuid) {
-		/* Not permitted without privilege. */
-		error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED,
-		    SUSER_ALLOWJAIL);
+		error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED, 0);
 		if (error)
 			return (error);
 	}
@@ -1570,8 +1556,7 @@
 		return (error);
 	if (td->td_ucred->cr_ruid != p->p_ucred->cr_ruid &&
 	    td->td_ucred->cr_uid != p->p_ucred->cr_ruid) {
-		error = priv_check_cred(td->td_ucred, PRIV_SCHED_DIFFCRED,
-		    SUSER_ALLOWJAIL);
+		error = priv_check(td, PRIV_SCHED_DIFFCRED);
 		if (error)
 			return (error);
 	}
@@ -1610,8 +1595,7 @@
 	KASSERT(td == curthread, ("%s: td not curthread", __func__));
 	PROC_LOCK_ASSERT(p, MA_OWNED);
 	if (!unprivileged_proc_debug) {
-		error = priv_check_cred(td->td_ucred, PRIV_DEBUG_UNPRIV,
-		    SUSER_ALLOWJAIL);
+		error = priv_check(td, PRIV_DEBUG_UNPRIV);
 		if (error)
 			return (error);
 	}
@@ -1662,15 +1646,13 @@
 	 * for td to debug p.
 	 */
 	if (!grpsubset || !uidsubset) {
-		error = priv_check_cred(td->td_ucred, PRIV_DEBUG_DIFFCRED,
-		    SUSER_ALLOWJAIL);
+		error = priv_check(td, PRIV_DEBUG_DIFFCRED);
 		if (error)
 			return (error);
 	}
 
 	if (credentialchanged) {
-		error = priv_check_cred(td->td_ucred, PRIV_DEBUG_SUGID,
-		    SUSER_ALLOWJAIL);
+		error = priv_check(td, PRIV_DEBUG_SUGID);
 		if (error)
 			return (error);
 	}
@@ -1931,8 +1913,7 @@
 	int error;
 	char logintmp[MAXLOGNAME];
 
-	error = priv_check_cred(td->td_ucred, PRIV_PROC_SETLOGIN,
-	    SUSER_ALLOWJAIL);
+	error = priv_check(td, PRIV_PROC_SETLOGIN);
 	if (error)
 		return (error);
 	error = copyinstr(uap->namebuf, logintmp, sizeof(logintmp), NULL);

==== //depot/projects/trustedbsd/priv/sys/kern/kern_resource.c#12 (text+ko) ====

@@ -650,8 +650,7 @@
 	alimp = &oldlim->pl_rlimit[which];
 	if (limp->rlim_cur > alimp->rlim_max ||
 	    limp->rlim_max > alimp->rlim_max)
-		if ((error = priv_check_cred(td->td_ucred,
-		    PRIV_PROC_SETRLIMIT, SUSER_ALLOWJAIL))) {
+		if ((error = priv_check(td, PRIV_PROC_SETRLIMIT))) {
 			PROC_UNLOCK(p);
 			lim_free(newlim);
 			return (error);

==== //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#7 (text+ko) ====

@@ -1255,8 +1255,7 @@
 	/* Is this sysctl writable by only privileged users? */
 	if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
 		if (oid->oid_kind & CTLFLAG_PRISON)
-			error = priv_check_cred(req->td->td_ucred,
-			    PRIV_SYSCTL_WRITEJAIL, SUSER_ALLOWJAIL);
+			error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL);
 		else
 			error = priv_check(req->td, PRIV_SYSCTL_WRITE);
 		if (error)

==== //depot/projects/trustedbsd/priv/sys/kern/subr_acl_posix1e.c#4 (text+ko) ====

@@ -82,24 +82,22 @@
 
 	if (type == VDIR) {
 		if ((acc_mode & VEXEC) && !priv_check_cred(cred,
-		     PRIV_VFS_LOOKUP, SUSER_ALLOWJAIL))
+		     PRIV_VFS_LOOKUP, 0))
 			priv_granted |= VEXEC;
 	} else {
 		if ((acc_mode & VEXEC) && !priv_check_cred(cred,
-		    PRIV_VFS_EXEC, SUSER_ALLOWJAIL))
+		    PRIV_VFS_EXEC, 0))
 			priv_granted |= VEXEC;
 	}
 
-	if ((acc_mode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ,
-	    SUSER_ALLOWJAIL))
+	if ((acc_mode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0))
 		priv_granted |= VREAD;
 
 	if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) &&
-	    !priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL))
+	    !priv_check_cred(cred, PRIV_VFS_WRITE, 0))
 		priv_granted |= (VWRITE | VAPPEND);
 
-	if ((acc_mode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN,
-	    SUSER_ALLOWJAIL))
+	if ((acc_mode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
 		priv_granted |= VADMIN;
 
 	/*

==== //depot/projects/trustedbsd/priv/sys/kern/sysv_ipc.c#6 (text+ko) ====

@@ -125,22 +125,19 @@
 	 */
 	priv_granted = 0;
 	if ((acc_mode & IPC_M) && !(dac_granted & IPC_M)) {
-		error = priv_check_cred(td->td_ucred, PRIV_IPC_ADMIN,
-		    SUSER_ALLOWJAIL);
+		error = priv_check(td, PRIV_IPC_ADMIN);
 		if (error == 0)
 			priv_granted |= IPC_M;
 	}
 
 	if ((acc_mode & IPC_R) && !(dac_granted & IPC_R)) {
-		error = priv_check_cred(td->td_ucred, PRIV_IPC_READ,
-		    SUSER_ALLOWJAIL);
+		error = priv_check(td, PRIV_IPC_READ);
 		if (error == 0)
 			priv_granted |= IPC_R;
 	}
 
 	if ((acc_mode & IPC_W) && !(dac_granted & IPC_W)) {
-		error = priv_check_cred(td->td_ucred, PRIV_IPC_WRITE,
-		    SUSER_ALLOWJAIL);
+		error = priv_check(td, PRIV_IPC_WRITE);
 		if (error == 0)
 			priv_granted |= IPC_W;
 	}

==== //depot/projects/trustedbsd/priv/sys/kern/sysv_msg.c#10 (text+ko) ====

@@ -502,8 +502,7 @@
 		if ((error = ipcperm(td, &msqkptr->u.msg_perm, IPC_M)))
 			goto done2;
 		if (msqbuf->msg_qbytes > msqkptr->u.msg_qbytes) {
-			error = priv_check_cred(td->td_ucred,
-			    PRIV_IPC_MSGSIZE, SUSER_ALLOWJAIL);
+			error = priv_check(td, PRIV_IPC_MSGSIZE);
 			if (error)
 				goto done2;
 		}

==== //depot/projects/trustedbsd/priv/sys/kern/uipc_mqueue.c#12 (text+ko) ====

@@ -961,8 +961,7 @@
 	sx_assert(&pn->mn_info->mi_lock, SX_LOCKED);
 
 	if (ucred->cr_uid != pn->mn_uid &&
-	    (error = priv_check_cred(ucred, PRIV_MQ_ADMIN,
-	    SUSER_ALLOWJAIL)) != 0)
+	    (error = priv_check_cred(ucred, PRIV_MQ_ADMIN, 0)) != 0)
 		error = EACCES;
 	else if (!pn->mn_deleted) {
 		parent = pn->mn_parent;
@@ -1221,8 +1220,7 @@
 		 */
 		if (((ap->a_cred->cr_uid != pn->mn_uid) || uid != pn->mn_uid ||
 		    (gid != pn->mn_gid && !groupmember(gid, ap->a_cred))) &&
-		    (error = priv_check_cred(ap->a_td->td_ucred,
-		    PRIV_MQ_ADMIN, SUSER_ALLOWJAIL)) != 0)
+		    (error = priv_check(ap->a_td, PRIV_MQ_ADMIN)) != 0)
 			return (error);
 		pn->mn_uid = uid;
 		pn->mn_gid = gid;
@@ -1231,8 +1229,7 @@
 
 	if (vap->va_mode != (mode_t)VNOVAL) {
 		if ((ap->a_cred->cr_uid != pn->mn_uid) &&
-		    (error = priv_check_cred(ap->a_td->td_ucred,
-		    PRIV_MQ_ADMIN, SUSER_ALLOWJAIL)))
+		    (error = priv_check(ap->a_td, PRIV_MQ_ADMIN)))
 			return (error);
 		pn->mn_mode = vap->va_mode;
 		c = 1;

==== //depot/projects/trustedbsd/priv/sys/kern/vfs_mount.c#14 (text+ko) ====

@@ -918,7 +918,7 @@
 		}
 		if (va.va_uid != td->td_ucred->cr_uid) {
 			error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
-			    SUSER_ALLOWJAIL);
+			    0);
 			if (error) {
 				vput(vp);
 				return (error);

==== //depot/projects/trustedbsd/priv/sys/kern/vfs_subr.c#13 (text+ko) ====

@@ -3300,24 +3300,24 @@
 		 * requests, instead of PRIV_VFS_EXEC.
 		 */
 		if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
-		    !priv_check_cred(cred, PRIV_VFS_LOOKUP, SUSER_ALLOWJAIL))
+		    !priv_check_cred(cred, PRIV_VFS_LOOKUP, 0))
 			priv_granted |= VEXEC;
 	} else {
 		if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
-		    !priv_check_cred(cred, PRIV_VFS_EXEC, SUSER_ALLOWJAIL))
+		    !priv_check_cred(cred, PRIV_VFS_EXEC, 0))
 			priv_granted |= VEXEC;
 	}
 
 	if ((acc_mode & VREAD) && ((dac_granted & VREAD) == 0) &&
-	    !priv_check_cred(cred, PRIV_VFS_READ, SUSER_ALLOWJAIL))
+	    !priv_check_cred(cred, PRIV_VFS_READ, 0))
 		priv_granted |= VREAD;
 
 	if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
-	    !priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL))
+	    !priv_check_cred(cred, PRIV_VFS_WRITE, 0))
 		priv_granted |= (VWRITE | VAPPEND);
 
 	if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
-	    !priv_check_cred(cred, PRIV_VFS_ADMIN, SUSER_ALLOWJAIL))
+	    !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
 		priv_granted |= VADMIN;
 
 	if ((acc_mode & (priv_granted | dac_granted)) == acc_mode) {

==== //depot/projects/trustedbsd/priv/sys/kern/vfs_syscalls.c#13 (text+ko) ====

@@ -837,8 +837,7 @@
 	struct nameidata nd;
 	int vfslocked;
 
-	error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT,
-	    SUSER_ALLOWJAIL);
+	error = priv_check(td, PRIV_VFS_CHROOT);
 	if (error)
 		return (error);
 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
@@ -1379,15 +1378,13 @@
 		return (error);
 
 	if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
-		error = priv_check_cred(cred, PRIV_VFS_LINK,
-		    SUSER_ALLOWJAIL);
+		error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
 		if (error)
 			return (error);
 	}
 
 	if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
-		error = priv_check_cred(cred, PRIV_VFS_LINK,
-		    SUSER_ALLOWJAIL);
+		error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
 		if (error)
 			return (error);
 	}
@@ -2349,8 +2346,7 @@
 	 * chown can't fail when done as root.
 	 */
 	if (vp->v_type == VCHR || vp->v_type == VBLK) {
-		error = priv_check_cred(td->td_ucred, PRIV_VFS_CHFLAGS_DEV,
-		    SUSER_ALLOWJAIL);
+		error = priv_check(td, PRIV_VFS_CHFLAGS_DEV);
 		if (error)
 			return (error);
 	}
@@ -3852,8 +3848,7 @@
 	if (error)
 		goto out;
 	if (td->td_ucred->cr_uid != vattr.va_uid) {
-		error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
-		    SUSER_ALLOWJAIL);
+		error = priv_check(td, PRIV_VFS_ADMIN);
 		if (error)
 			goto out;
 	}

==== //depot/projects/trustedbsd/priv/sys/netinet/in_pcb.c#10 (text+ko) ====

@@ -340,13 +340,13 @@
 			if (ntohs(lport) <= ipport_reservedhigh &&
 			    ntohs(lport) >= ipport_reservedlow &&
 			    priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
-			    SUSER_ALLOWJAIL))
+			    0))
 				return (EACCES);
 			if (jailed(cred))
 				prison = 1;
 			if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) &&
 			    priv_check_cred(so->so_cred,
-			    PRIV_NETINET_REUSEPORT, SUSER_ALLOWJAIL) != 0) {
+			    PRIV_NETINET_REUSEPORT, 0) != 0) {
 				t = in_pcblookup_local(inp->inp_pcbinfo,
 				    sin->sin_addr, lport,
 				    prison ? 0 :  INPLOOKUP_WILDCARD);
@@ -411,7 +411,7 @@
 			lastport = &pcbinfo->ipi_lasthi;
 		} else if (inp->inp_flags & INP_LOWPORT) {
 			error = priv_check_cred(cred,
-			    PRIV_NETINET_RESERVEDPORT, SUSER_ALLOWJAIL);
+			    PRIV_NETINET_RESERVEDPORT, 0);
 			if (error)
 				return error;
 			first = ipport_lowfirstauto;	/* 1023 */

==== //depot/projects/trustedbsd/priv/sys/netinet/raw_ip.c#10 (text+ko) ====

@@ -607,13 +607,8 @@
 
 	inp = sotoinpcb(so);
 	KASSERT(inp == NULL, ("rip_attach: inp != NULL"));
-	/*
-	 * XXXRW: Centralize privilege decision in kern_jail.c.
-	 */
-	if (jailed(td->td_ucred) && !jail_allow_raw_sockets)
-		return (EPERM);
-	error = priv_check_cred(td->td_ucred, PRIV_NETINET_RAW,
-	    SUSER_ALLOWJAIL);
+
+	error = priv_check(td, PRIV_NETINET_RAW);
 	if (error)
 		return error;
 	if (proto >= IPPROTO_MAX || proto < 0)

==== //depot/projects/trustedbsd/priv/sys/netinet/sctp_pcb.c#8 (text+ko) ====

@@ -2120,10 +2120,7 @@
 		/* got to be root to get at low ports */
 		if (ntohs(lport) < IPPORT_RESERVED) {
 			if (p && (error =
-			    priv_check_cred(p->td_ucred,
-			    PRIV_NETINET_RESERVEDPORT,
-			    SUSER_ALLOWJAIL
-			    )
+			    priv_check(p, PRIV_NETINET_RESERVEDPORT)
 			    )) {
 				SCTP_INP_DECR_REF(inp);
 				SCTP_INP_WUNLOCK(inp);

==== //depot/projects/trustedbsd/priv/sys/netinet/sctp_usrreq.c#8 (text+ko) ====

@@ -385,13 +385,8 @@
 	/* FIX, for non-bsd is this right? */
 	vrf_id = SCTP_DEFAULT_VRFID;
 
-	/*
-	 * XXXRW: Other instances of getcred use SUSER_ALLOWJAIL, as socket
-	 * visibility is scoped using cr_canseesocket(), which it is not
-	 * here.
-	 */
-	error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
-	    SUSER_ALLOWJAIL);
+	error = priv_check(req->td, PRIV_NETINET_GETCRED);
+
 	if (error)
 		return (error);
 
@@ -3302,9 +3297,8 @@
 		{
 			union sctp_sockstore *ss;
 
-			error = priv_check_cred(curthread->td_ucred,
-			    PRIV_NETINET_RESERVEDPORT,
-			    SUSER_ALLOWJAIL);
+			error = priv_check(curthread,
+			    PRIV_NETINET_RESERVEDPORT);
 			if (error)
 				break;
 

==== //depot/projects/trustedbsd/priv/sys/netinet/tcp_subr.c#13 (text+ko) ====

@@ -1019,8 +1019,7 @@
 	struct inpcb *inp;
 	int error;
 
-	error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
-	    SUSER_ALLOWJAIL);
+	error = priv_check(req->td, PRIV_NETINET_GETCRED);
 	if (error)
 		return (error);
 	error = SYSCTL_IN(req, addrs, sizeof(addrs));
@@ -1064,8 +1063,7 @@
 	struct inpcb *inp;
 	int error, mapped = 0;
 
-	error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
-	    SUSER_ALLOWJAIL);
+	error = priv_check(req->td, PRIV_NETINET_GETCRED);
 	if (error)
 		return (error);
 	error = SYSCTL_IN(req, addrs, sizeof(addrs));

==== //depot/projects/trustedbsd/priv/sys/netinet/udp_usrreq.c#9 (text+ko) ====

@@ -696,8 +696,7 @@
 	struct inpcb *inp;
 	int error;
 
-	error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
-	    SUSER_ALLOWJAIL);
+	error = priv_check(req->td, PRIV_NETINET_GETCRED);
 	if (error)
 		return (error);
 	error = SYSCTL_IN(req, addrs, sizeof(addrs));

==== //depot/projects/trustedbsd/priv/sys/netinet6/in6_pcb.c#6 (text+ko) ====

@@ -192,11 +192,11 @@
 			if (ntohs(lport) <= ipport_reservedhigh &&
 			    ntohs(lport) >= ipport_reservedlow &&
 			    priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
-			    SUSER_ALLOWJAIL))
+			    0))
 				return (EACCES);
 			if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) &&
 			    priv_check_cred(so->so_cred,
-			    PRIV_NETINET_REUSEPORT, SUSER_ALLOWJAIL) != 0) {
+			    PRIV_NETINET_REUSEPORT, 0) != 0) {
 				t = in6_pcblookup_local(pcbinfo,
 				    &sin6->sin6_addr, lport,
 				    INPLOOKUP_WILDCARD);

==== //depot/projects/trustedbsd/priv/sys/netinet6/in6_src.c#8 (text+ko) ====

@@ -775,8 +775,7 @@
 		last  = ipport_hilastauto;
 		lastport = &pcbinfo->ipi_lasthi;
 	} else if (inp->inp_flags & INP_LOWPORT) {
-		error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
-		    SUSER_ALLOWJAIL);
+		error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0);
 		if (error)
 			return error;
 		first = ipport_lowfirstauto;	/* 1023 */

==== //depot/projects/trustedbsd/priv/sys/security/mac_portacl/mac_portacl.c#10 (text+ko) ====

@@ -419,8 +419,7 @@
 	mtx_unlock(&rule_mtx);
 
 	if (error != 0 && mac_portacl_suser_exempt != 0)
-		error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
-		    SUSER_ALLOWJAIL);
+		error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0);
 
 	return (error);
 }

==== //depot/projects/trustedbsd/priv/sys/security/mac_seeotheruids/mac_seeotheruids.c#10 (text+ko) ====

@@ -114,8 +114,7 @@
 		return (0);
 
 	if (suser_privileged) {
-		if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL)
-		    == 0)
+		if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, 0) == 0)
 			return (0);
 	}
 

==== //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_alloc.c#7 (text+ko) ====

@@ -173,7 +173,7 @@
 #endif
 	if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0)
 		goto nospace;
-	if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, SUSER_ALLOWJAIL) &&
+	if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) &&
 	    freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0)
 		goto nospace;
 	if (bpref >= fs->fs_size)
@@ -268,7 +268,7 @@
 #endif /* DIAGNOSTIC */
 	reclaimed = 0;
 retry:
-	if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, SUSER_ALLOWJAIL) &&
+	if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) &&
 	    freespace(fs, fs->fs_minfree) -  numfrags(fs, nsize - osize) < 0) {
 		goto nospace;
 	}

==== //depot/projects/trustedbsd/priv/sys/ufs/ffs/ffs_vnops.c#9 (text+ko) ====

@@ -790,8 +790,7 @@
 	 */
 	if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid &&
 	    ap->a_cred) {
-		if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID,
-		    SUSER_ALLOWJAIL)) {
+		if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, 0)) {
 			ip->i_mode &= ~(ISUID | ISGID);
 			DIP_SET(ip, i_mode, ip->i_mode);
 		}
@@ -1121,8 +1120,7 @@
 	 * tampering.
 	 */
 	if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ucred) {
-		if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID,
-		    SUSER_ALLOWJAIL)) {
+		if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID, 0)) {
 			ip->i_mode &= ~(ISUID | ISGID);
 			dp->di_mode = ip->i_mode;
 		}

==== //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#10 (text+ko) ====

@@ -515,7 +515,7 @@
 	int error, flags, vfslocked;
 	struct nameidata nd;
 
-	error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON, 0);
+	error = priv_check(td, PRIV_UFS_QUOTAON);
 	if (error)
 		return (error);
 
@@ -747,10 +747,7 @@
 	struct ufsmount *ump;
 	int error;
 
-	/*
-	 * XXXRW: This also seems wrong to allow in a jail?
-	 */
-	error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF, 0);
+	error = priv_check(td, PRIV_UFS_QUOTAOFF);
 	if (error)
 		return (error);
 
@@ -783,8 +780,7 @@
 	switch (type) {
 	case USRQUOTA:
 		if ((td->td_ucred->cr_uid != id) && !unprivileged_get_quota) {
-			error = priv_check_cred(td->td_ucred,
-			    PRIV_VFS_GETQUOTA, SUSER_ALLOWJAIL);
+			error = priv_check(td, PRIV_VFS_GETQUOTA);
 			if (error)
 				return (error);
 		}
@@ -793,8 +789,7 @@
 	case GRPQUOTA:
 		if (!groupmember(id, td->td_ucred) &&
 		    !unprivileged_get_quota) {
-			error = priv_check_cred(td->td_ucred,
-			    PRIV_VFS_GETQUOTA, SUSER_ALLOWJAIL);
+			error = priv_check(td, PRIV_VFS_GETQUOTA);
 			if (error)
 				return (error);
 		}
@@ -830,8 +825,7 @@
 	struct dqblk newlim;
 	int error;
 
-	error = priv_check_cred(td->td_ucred, PRIV_VFS_SETQUOTA,
-	    SUSER_ALLOWJAIL);
+	error = priv_check(td, PRIV_VFS_SETQUOTA);
 	if (error)
 		return (error);
 
@@ -901,7 +895,7 @@
 	struct dqblk usage;
 	int error;
 
-	error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE, 0);
+	error = priv_check(td, PRIV_UFS_SETUSE);
 	if (error)
 		return (error);

>>> TRUNCATED FOR MAIL (1000 lines) <<<



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705311405.l4VE5uR5002193>