Date: Sat, 9 Sep 2006 10:03:48 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 105882 for review Message-ID: <200609091003.k89A3mRr025655@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=105882 Change 105882 by rwatson@rwatson_sesame on 2006/09/09 10:02:52 Add a new sysctl privilege associated with a sysctl writable in jail, in contrast the sysctls not writable in jail. That way jail can grant access to some, but not all, sysctls without further special casing in the sysctl code. Affected files ... .. //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#3 edit Differences ... ==== //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#3 (text+ko) ==== @@ -1253,7 +1253,8 @@ /* Is this sysctl writable by only privileged users? */ if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) { if (oid->oid_kind & CTLFLAG_PRISON) - error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL); + error = priv_check_cred(req->td->td_ucred, + PRIV_SYSCTL_WRITEJAIL, SUSER_ALLOWJAIL); else error = priv_check(req->td, PRIV_SYSCTL_WRITE); if (error)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609091003.k89A3mRr025655>