From owner-trustedbsd-cvs@FreeBSD.ORG Sat Sep 9 10:04:01 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA20616A417 for ; Sat, 9 Sep 2006 10:04:01 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47AA343D46 for ; Sat, 9 Sep 2006 10:04:01 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 940E346CC1 for ; Sat, 9 Sep 2006 06:04:00 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 66250588A4; Sat, 9 Sep 2006 10:03:51 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 607A716A416; Sat, 9 Sep 2006 10:03:51 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3AA5C16A403 for ; Sat, 9 Sep 2006 10:03:51 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id D636D43D64 for ; Sat, 9 Sep 2006 10:03:48 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k89A3mXB025658 for ; Sat, 9 Sep 2006 10:03:48 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k89A3mRr025655 for perforce@freebsd.org; Sat, 9 Sep 2006 10:03:48 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sat, 9 Sep 2006 10:03:48 GMT Message-Id: <200609091003.k89A3mRr025655@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 105882 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Sep 2006 10:04:02 -0000 http://perforce.freebsd.org/chv.cgi?CH=105882 Change 105882 by rwatson@rwatson_sesame on 2006/09/09 10:02:52 Add a new sysctl privilege associated with a sysctl writable in jail, in contrast the sysctls not writable in jail. That way jail can grant access to some, but not all, sysctls without further special casing in the sysctl code. Affected files ... .. //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#3 edit Differences ... ==== //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#3 (text+ko) ==== @@ -1253,7 +1253,8 @@ /* Is this sysctl writable by only privileged users? */ if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) { if (oid->oid_kind & CTLFLAG_PRISON) - error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL); + error = priv_check_cred(req->td->td_ucred, + PRIV_SYSCTL_WRITEJAIL, SUSER_ALLOWJAIL); else error = priv_check(req->td, PRIV_SYSCTL_WRITE); if (error)