diff options
| author | cperciva <cperciva@FreeBSD.org> | 2004-07-26 07:24:04 +0000 |
|---|---|---|
| committer | cperciva <cperciva@FreeBSD.org> | 2004-07-26 07:24:04 +0000 |
| commit | d9fecc83c80e01cb4e66d1fd0a02e96b1fcbcbc5 (patch) | |
| tree | e24e86995427678a1313e8f62cc17f84bdcaf82b | |
| parent | 5997e4b6ce7d492b2ccb725239af23a268509c09 (diff) | |
| download | FreeBSD-src-d9fecc83c80e01cb4e66d1fd0a02e96b1fcbcbc5.zip FreeBSD-src-d9fecc83c80e01cb4e66d1fd0a02e96b1fcbcbc5.tar.gz | |
Rename suser_cred()'s PRISON_ROOT flag to SUSER_ALLOWJAIL. This is
somewhat clearer, but more importantly allows for a consistent naming
scheme for suser_cred flags.
The old name is still defined, but will be removed in a few days (unless I
hear any complaints...)
Discussed with: rwatson, scottl
Requested by: jhb
33 files changed, 111 insertions, 110 deletions
diff --git a/share/man/man9/suser.9 b/share/man/man9/suser.9 index c8be714..ac10438 100644 --- a/share/man/man9/suser.9 +++ b/share/man/man9/suser.9 @@ -72,7 +72,7 @@ been imprisoned by the system call. There are cases however where this is appropriate, and this can be done by passing -.Dv PRISON_ROOT +.Dv SUSER_ALLOWJAIL in the .Fa flag argument to the diff --git a/sys/alpha/osf1/osf1_misc.c b/sys/alpha/osf1/osf1_misc.c index 373fcc1..2fbea57 100644 --- a/sys/alpha/osf1/osf1_misc.c +++ b/sys/alpha/osf1/osf1_misc.c @@ -1048,7 +1048,7 @@ osf1_setuid(td, uap) PROC_LOCK(p); oldcred = p->p_ucred; - if ((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0 && + if ((error = suser_cred(p->p_ucred, SUSER_ALLOWJAIL)) != 0 && uid != oldcred->cr_ruid && uid != oldcred->cr_svuid) { PROC_UNLOCK(p); uifree(uip); @@ -1102,7 +1102,7 @@ osf1_setgid(td, uap) PROC_LOCK(p); oldcred = p->p_ucred; - if (((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0 ) && + if (((error = suser_cred(p->p_ucred, SUSER_ALLOWJAIL)) != 0 ) && gid != oldcred->cr_rgid && gid != oldcred->cr_svgid) { PROC_UNLOCK(p); crfree(newcred); diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index 2be8fdf..15184f5 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -998,7 +998,7 @@ linux_setgroups(struct thread *td, struct linux_setgroups_args *args) * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); diff --git a/sys/compat/linux/linux_uid16.c b/sys/compat/linux/linux_uid16.c index aa0528f..5afcf2d 100644 --- a/sys/compat/linux/linux_uid16.c +++ b/sys/compat/linux/linux_uid16.c @@ -116,7 +116,7 @@ linux_setgroups16(struct thread *td, struct linux_setgroups16_args *args) * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index 88cff6a..08a7abe 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -766,7 +766,7 @@ devfs_setattr(ap) if (uid != de->de_uid || gid != de->de_gid) { if (((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid || (gid != de->de_gid && !groupmember(gid, ap->a_cred))) && - (error = suser_cred(ap->a_td->td_ucred, PRISON_ROOT)) != 0) + (error = suser_cred(ap->a_td->td_ucred, SUSER_ALLOWJAIL)) != 0) return (error); de->de_uid = uid; de->de_gid = gid; @@ -775,7 +775,7 @@ devfs_setattr(ap) if (vap->va_mode != (mode_t)VNOVAL) { if ((ap->a_cred->cr_uid != de->de_uid) && - (error = suser_cred(ap->a_td->td_ucred, PRISON_ROOT))) + (error = suser_cred(ap->a_td->td_ucred, SUSER_ALLOWJAIL))) return (error); de->de_mode = vap->va_mode; c = 1; diff --git a/sys/fs/hpfs/hpfs_vnops.c b/sys/fs/hpfs/hpfs_vnops.c index 86c2d4c..1641546 100644 --- a/sys/fs/hpfs/hpfs_vnops.c +++ b/sys/fs/hpfs/hpfs_vnops.c @@ -501,7 +501,7 @@ hpfs_setattr(ap) if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != hp->h_uid && - (error = suser_cred(cred, PRISON_ROOT)) && + (error = suser_cred(cred, SUSER_ALLOWJAIL)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(vp, VWRITE, cred, td)))) return (error); diff --git a/sys/fs/msdosfs/msdosfs_vnops.c b/sys/fs/msdosfs/msdosfs_vnops.c index 05a296e..9e32989 100644 --- a/sys/fs/msdosfs/msdosfs_vnops.c +++ b/sys/fs/msdosfs/msdosfs_vnops.c @@ -387,7 +387,7 @@ msdosfs_setattr(ap) if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && - (error = suser_cred(cred, PRISON_ROOT))) + (error = suser_cred(cred, SUSER_ALLOWJAIL))) return (error); /* * We are very inconsistent about handling unsupported @@ -401,7 +401,7 @@ msdosfs_setattr(ap) * set ATTR_ARCHIVE for directories `cp -pr' from a more * sensible filesystem attempts it a lot. */ - if (suser_cred(cred, PRISON_ROOT)) { + if (suser_cred(cred, SUSER_ALLOWJAIL)) { if (vap->va_flags & SF_SETTABLE) return EPERM; } @@ -428,7 +428,7 @@ msdosfs_setattr(ap) gid = pmp->pm_gid; if ((cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid || (gid != pmp->pm_gid && !groupmember(gid, cred))) && - (error = suser_cred(cred, PRISON_ROOT))) + (error = suser_cred(cred, SUSER_ALLOWJAIL))) return error; if (uid != pmp->pm_uid || gid != pmp->pm_gid) return EINVAL; @@ -460,7 +460,7 @@ msdosfs_setattr(ap) if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && - (error = suser_cred(cred, PRISON_ROOT)) && + (error = suser_cred(cred, SUSER_ALLOWJAIL)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(ap->a_vp, VWRITE, cred, ap->a_td)))) return (error); @@ -489,7 +489,7 @@ msdosfs_setattr(ap) if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && - (error = suser_cred(cred, PRISON_ROOT))) + (error = suser_cred(cred, SUSER_ALLOWJAIL))) return (error); if (vp->v_type != VDIR) { /* We ignore the read and execute bits. */ diff --git a/sys/fs/smbfs/smbfs_vnops.c b/sys/fs/smbfs/smbfs_vnops.c index c6e031f..c051b69 100644 --- a/sys/fs/smbfs/smbfs_vnops.c +++ b/sys/fs/smbfs/smbfs_vnops.c @@ -371,7 +371,7 @@ smbfs_setattr(ap) atime = &vap->va_atime; if (mtime != atime) { if (ap->a_cred->cr_uid != VTOSMBFS(vp)->sm_args.uid && - (error = suser_cred(ap->a_cred, PRISON_ROOT)) && + (error = suser_cred(ap->a_cred, SUSER_ALLOWJAIL)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(vp, VWRITE, ap->a_cred, ap->a_td)))) return (error); diff --git a/sys/gnu/ext2fs/ext2_vnops.c b/sys/gnu/ext2fs/ext2_vnops.c index 192d510..3964632 100644 --- a/sys/gnu/ext2fs/ext2_vnops.c +++ b/sys/gnu/ext2fs/ext2_vnops.c @@ -480,7 +480,7 @@ ext2_setattr(ap) * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. */ - if (!suser_cred(cred, PRISON_ROOT)) { + if (!suser_cred(cred, SUSER_ALLOWJAIL)) { if (ip->i_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); @@ -599,7 +599,7 @@ ext2_chmod(vp, mode, cred, td) * as well as set the setgid bit on a file with a group that the * process is not a member of. */ - if (suser_cred(cred, PRISON_ROOT)) { + if (suser_cred(cred, SUSER_ALLOWJAIL)) { if (vp->v_type != VDIR && (mode & S_ISTXT)) return (EFTYPE); if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) @@ -645,14 +645,14 @@ ext2_chown(vp, uid, gid, cred, td) */ if ((uid != ip->i_uid || (gid != ip->i_gid && !groupmember(gid, cred))) && - (error = suser_cred(cred, PRISON_ROOT))) + (error = suser_cred(cred, SUSER_ALLOWJAIL))) return (error); ogid = ip->i_gid; ouid = ip->i_uid; ip->i_gid = gid; ip->i_uid = uid; ip->i_flag |= IN_CHANGE; - if (suser_cred(cred, PRISON_ROOT) && (ouid != uid || ogid != gid)) + if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid)) ip->i_mode &= ~(ISUID | ISGID); return (0); } @@ -1829,7 +1829,7 @@ ext2_makeinode(mode, dvp, vpp, cnp) tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ ip->i_nlink = 1; if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - suser_cred(cnp->cn_cred, PRISON_ROOT)) + suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL)) ip->i_mode &= ~ISGID; if (cnp->cn_flags & ISWHITEOUT) diff --git a/sys/gnu/fs/ext2fs/ext2_vnops.c b/sys/gnu/fs/ext2fs/ext2_vnops.c index 192d510..3964632 100644 --- a/sys/gnu/fs/ext2fs/ext2_vnops.c +++ b/sys/gnu/fs/ext2fs/ext2_vnops.c @@ -480,7 +480,7 @@ ext2_setattr(ap) * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. */ - if (!suser_cred(cred, PRISON_ROOT)) { + if (!suser_cred(cred, SUSER_ALLOWJAIL)) { if (ip->i_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); @@ -599,7 +599,7 @@ ext2_chmod(vp, mode, cred, td) * as well as set the setgid bit on a file with a group that the * process is not a member of. */ - if (suser_cred(cred, PRISON_ROOT)) { + if (suser_cred(cred, SUSER_ALLOWJAIL)) { if (vp->v_type != VDIR && (mode & S_ISTXT)) return (EFTYPE); if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) @@ -645,14 +645,14 @@ ext2_chown(vp, uid, gid, cred, td) */ if ((uid != ip->i_uid || (gid != ip->i_gid && !groupmember(gid, cred))) && - (error = suser_cred(cred, PRISON_ROOT))) + (error = suser_cred(cred, SUSER_ALLOWJAIL))) return (error); ogid = ip->i_gid; ouid = ip->i_uid; ip->i_gid = gid; ip->i_uid = uid; ip->i_flag |= IN_CHANGE; - if (suser_cred(cred, PRISON_ROOT) && (ouid != uid || ogid != gid)) + if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid)) ip->i_mode &= ~(ISUID | ISGID); return (0); } @@ -1829,7 +1829,7 @@ ext2_makeinode(mode, dvp, vpp, cnp) tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ ip->i_nlink = 1; if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - suser_cred(cnp->cn_cred, PRISON_ROOT)) + suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL)) ip->i_mode &= ~ISGID; if (cnp->cn_flags & ISWHITEOUT) diff --git a/sys/kern/kern_acl.c b/sys/kern/kern_acl.c index 01e5e3ba..7beca5c 100644 --- a/sys/kern/kern_acl.c +++ b/sys/kern/kern_acl.c @@ -92,7 +92,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, * a DAC entry that matches but has failed to allow access. */ #ifndef CAPABILITIES - if (suser_cred(cred, PRISON_ROOT) == 0) + if (suser_cred(cred, SUSER_ALLOWJAIL) == 0) cap_granted = VALLPERM; else cap_granted = 0; @@ -101,24 +101,24 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, if (type == VDIR) { if ((acc_mode & VEXEC) && !cap_check(cred, NULL, - CAP_DAC_READ_SEARCH, PRISON_ROOT)) + CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } else { if ((acc_mode & VEXEC) && !cap_check(cred, NULL, - CAP_DAC_EXECUTE, PRISON_ROOT)) + CAP_DAC_EXECUTE, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } if ((acc_mode & VREAD) && !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, - PRISON_ROOT)) + SUSER_ALLOWJAIL)) cap_granted |= VREAD; if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) && - !cap_check(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT)) + !cap_check(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL)) cap_granted |= (VWRITE | VAPPEND); if ((acc_mode & VADMIN) && !cap_check(cred, NULL, CAP_FOWNER, - PRISON_ROOT)) + SUSER_ALLOWJAIL)) cap_granted |= VADMIN; #endif /* CAPABILITIES */ diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 3f99b8d..7357468 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -536,7 +536,7 @@ interpret: */ setsugid(p); #ifdef KTRACE - if (p->p_tracevp != NULL && suser_cred(oldcred, PRISON_ROOT)) { + if (p->p_tracevp != NULL && suser_cred(oldcred, SUSER_ALLOWJAIL)) { mtx_lock(&ktrace_mtx); p->p_traceflag = 0; tracevp = p->p_tracevp; diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 694634a..98c0872 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -895,7 +895,7 @@ ktrcanset(td, targetp) PROC_LOCK_ASSERT(targetp, MA_OWNED); if (targetp->p_traceflag & KTRFAC_ROOT && - suser_cred(td->td_ucred, PRISON_ROOT)) + suser_cred(td->td_ucred, SUSER_ALLOWJAIL)) return (0); if (p_candebug(td, targetp) != 0) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 221a84c..2a0aafb 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -524,7 +524,7 @@ setuid(struct thread *td, struct setuid_args *uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ uid != oldcred->cr_uid && /* allow setuid(geteuid()) */ #endif - (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); uifree(uip); crfree(newcred); @@ -544,7 +544,7 @@ setuid(struct thread *td, struct setuid_args *uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */ uid == oldcred->cr_uid || #endif - suser_cred(oldcred, PRISON_ROOT) == 0) /* we are using privs */ + suser_cred(oldcred, SUSER_ALLOWJAIL) == 0) /* we are using privs */ #endif { /* @@ -606,7 +606,7 @@ seteuid(struct thread *td, struct seteuid_args *uap) oldcred = p->p_ucred; if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */ euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */ - (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); uifree(euip); crfree(newcred); @@ -668,7 +668,7 @@ setgid(struct thread *td, struct setgid_args *uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */ #endif - (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); @@ -684,7 +684,7 @@ setgid(struct thread *td, struct setgid_args *uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */ gid == oldcred->cr_groups[0] || #endif - suser_cred(oldcred, PRISON_ROOT) == 0) /* we are using privs */ + suser_cred(oldcred, SUSER_ALLOWJAIL) == 0) /* we are using privs */ #endif { /* @@ -743,7 +743,7 @@ setegid(struct thread *td, struct setegid_args *uap) oldcred = p->p_ucred; if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */ egid != oldcred->cr_svgid && /* allow setegid(saved gid) */ - (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); @@ -789,7 +789,7 @@ setgroups(struct thread *td, struct setgroups_args *uap) newcred = crget(); PROC_LOCK(p); oldcred = p->p_ucred; - error = suser_cred(oldcred, PRISON_ROOT); + error = suser_cred(oldcred, SUSER_ALLOWJAIL); if (error) { PROC_UNLOCK(p); crfree(newcred); @@ -853,7 +853,7 @@ setreuid(register struct thread *td, struct setreuid_args *uap) ruid != oldcred->cr_svuid) || (euid != (uid_t)-1 && euid != oldcred->cr_uid && euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) && - (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); uifree(ruip); uifree(euip); @@ -909,7 +909,7 @@ setregid(register struct thread *td, struct setregid_args *uap) rgid != oldcred->cr_svgid) || (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] && egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) && - (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); @@ -977,7 +977,7 @@ setresuid(register struct thread *td, struct setresuid_args *uap) (suid != (uid_t)-1 && suid != oldcred->cr_ruid && suid != oldcred->cr_svuid && suid != oldcred->cr_uid)) && - (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); uifree(ruip); uifree(euip); @@ -1045,7 +1045,7 @@ setresgid(register struct thread *td, struct setresgid_args *uap) (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid && sgid != oldcred->cr_svgid && sgid != oldcred->cr_groups[0])) && - (error = suser_cred(oldcred, PRISON_ROOT)) != 0) { + (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); @@ -1233,7 +1233,7 @@ suser_cred(struct ucred *cred, int flag) return (EPERM); if (((flag & SUSER_RUID) ? cred->cr_ruid : cred->cr_uid) != 0) return (EPERM); - if (jailed(cred) && !(flag & PRISON_ROOT)) + if (jailed(cred) && !(flag & SUSER_ALLOWJAIL)) return (EPERM); return (0); } @@ -1324,7 +1324,7 @@ cr_seeotheruids(struct ucred *u1, struct ucred *u2) { if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) { - if (suser_cred(u1, PRISON_ROOT) != 0) + if (suser_cred(u1, SUSER_ALLOWJAIL) != 0) return (ESRCH); } return (0); @@ -1363,7 +1363,7 @@ cr_seeothergids(struct ucred *u1, struct ucred *u2) break; } if (!match) { - if (suser_cred(u1, PRISON_ROOT) != 0) + if (suser_cred(u1, SUSER_ALLOWJAIL) != 0) return (ESRCH); } } @@ -1480,7 +1480,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum) break; default: /* Not permitted without privilege. */ - error = suser_cred(cred, PRISON_ROOT); + error = suser_cred(cred, SUSER_ALLOWJAIL); if (error) return (error); } @@ -1495,7 +1495,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum) cred->cr_uid != proc->p_ucred->cr_ruid && cred->cr_uid != proc->p_ucred->cr_svuid) { /* Not permitted without privilege. */ - error = suser_cred(cred, PRISON_ROOT); + error = suser_cred(cred, SUSER_ALLOWJAIL); if (error) return (error); } @@ -1564,11 +1564,11 @@ p_cansched(struct thread *td, struct proc *p) return (0); if (td->td_ucred->cr_uid == p->p_ucred->cr_ruid) return (0); - if (suser_cred(td->td_ucred, PRISON_ROOT) == 0) + if (suser_cred(td->td_ucred, SUSER_ALLOWJAIL) == 0) return (0); #ifdef CAPABILITIES - if (!cap_check(NULL, td, CAP_SYS_NICE, PRISON_ROOT)) + if (!cap_check(NULL, td, CAP_SYS_NICE, SUSER_ALLOWJAIL)) return (0); #endif @@ -1607,7 +1607,7 @@ p_candebug(struct thread *td, struct proc *p) KASSERT(td == curthread, ("%s: td not curthread", __func__)); PROC_LOCK_ASSERT(p, MA_OWNED); if (!unprivileged_proc_debug) { - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); } @@ -1659,7 +1659,7 @@ p_candebug(struct thread *td, struct proc *p) * require CAP_SYS_PTRACE. */ if (!grpsubset || !uidsubset || credentialchanged) { - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); } @@ -1927,7 +1927,7 @@ setlogin(struct thread *td, struct setlogin_args *uap) int error; char logintmp[MAXLOGNAME]; - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); error = copyinstr(uap->namebuf, logintmp, sizeof(logintmp), NULL); diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index 189a95a..0398b75 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -573,7 +573,7 @@ kern_setrlimit(td, which, limp) alimp = &oldlim->pl_rlimit[which]; if (limp->rlim_cur > alimp->rlim_max || limp->rlim_max > alimp->rlim_max) - if ((error = suser_cred(td->td_ucred, PRISON_ROOT))) { + if ((error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL))) { PROC_UNLOCK(p); lim_free(newlim); return (error); diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 39214de..d407b24 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1196,7 +1196,7 @@ sysctl_root(SYSCTL_HANDLER_ARGS) int flags; if (oid->oid_kind & CTLFLAG_PRISON) - flags = PRISON_ROOT; + flags = SUSER_ALLOWJAIL; else flags = 0; error = suser_cred(req->td->td_ucred, flags); diff --git a/sys/kern/kern_xxx.c b/sys/kern/kern_xxx.c index f52dd98..6840e64 100644 --- a/sys/kern/kern_xxx.c +++ b/sys/kern/kern_xxx.c @@ -95,7 +95,7 @@ osethostname(td, uap) name[0] = CTL_KERN; name[1] = KERN_HOSTNAME; mtx_lock(&Giant); - if ((error = suser_cred(td->td_ucred, PRISON_ROOT)) == 0) { + if ((error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL)) == 0) { error = userland_sysctl(td, name, 2, 0, 0, 0, uap->hostname, uap->len, 0); } diff --git a/sys/kern/subr_acl_posix1e.c b/sys/kern/subr_acl_posix1e.c index 01e5e3ba..7beca5c 100644 --- a/sys/kern/subr_acl_posix1e.c +++ b/sys/kern/subr_acl_posix1e.c @@ -92,7 +92,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, * a DAC entry that matches but has failed to allow access. */ #ifndef CAPABILITIES - if (suser_cred(cred, PRISON_ROOT) == 0) + if (suser_cred(cred, SUSER_ALLOWJAIL) == 0) cap_granted = VALLPERM; else cap_granted = 0; @@ -101,24 +101,24 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, if (type == VDIR) { if ((acc_mode & VEXEC) && !cap_check(cred, NULL, - CAP_DAC_READ_SEARCH, PRISON_ROOT)) + CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } else { if ((acc_mode & VEXEC) && !cap_check(cred, NULL, - CAP_DAC_EXECUTE, PRISON_ROOT)) + CAP_DAC_EXECUTE, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } if ((acc_mode & VREAD) && !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, - PRISON_ROOT)) + SUSER_ALLOWJAIL)) cap_granted |= VREAD; if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) && - !cap_check(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT)) + !cap_check(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL)) cap_granted |= (VWRITE | VAPPEND); if ((acc_mode & VADMIN) && !cap_check(cred, NULL, CAP_FOWNER, - PRISON_ROOT)) + SUSER_ALLOWJAIL)) cap_granted |= VADMIN; #endif /* CAPABILITIES */ diff --git a/sys/kern/vfs_acl.c b/sys/kern/vfs_acl.c index 01e5e3ba..7beca5c 100644 --- a/sys/kern/vfs_acl.c +++ b/sys/kern/vfs_acl.c @@ -92,7 +92,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, * a DAC entry that matches but has failed to allow access. */ #ifndef CAPABILITIES - if (suser_cred(cred, PRISON_ROOT) == 0) + if (suser_cred(cred, SUSER_ALLOWJAIL) == 0) cap_granted = VALLPERM; else cap_granted = 0; @@ -101,24 +101,24 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, if (type == VDIR) { if ((acc_mode & VEXEC) && !cap_check(cred, NULL, - CAP_DAC_READ_SEARCH, PRISON_ROOT)) + CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } else { if ((acc_mode & VEXEC) && !cap_check(cred, NULL, - CAP_DAC_EXECUTE, PRISON_ROOT)) + CAP_DAC_EXECUTE, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } if ((acc_mode & VREAD) && !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, - PRISON_ROOT)) + SUSER_ALLOWJAIL)) cap_granted |= VREAD; if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) && - !cap_check(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT)) + !cap_check(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL)) cap_granted |= (VWRITE | VAPPEND); if ((acc_mode & VADMIN) && !cap_check(cred, NULL, CAP_FOWNER, - PRISON_ROOT)) + SUSER_ALLOWJAIL)) cap_granted |= VADMIN; #endif /* CAPABILITIES */ diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index c22b194..38d6de6 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -812,7 +812,7 @@ chroot(td, uap) int error; struct nameidata nd; - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, uap->path, td); @@ -1170,7 +1170,7 @@ kern_mknod(struct thread *td, char *path, enum uio_seg pathseg, int mode, error = suser(td); break; default: - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); break; } if (error) @@ -1365,7 +1365,7 @@ can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred) struct vattr va; int error; - if (suser_cred(cred, PRISON_ROOT) == 0) + if (suser_cred(cred, SUSER_ALLOWJAIL) == 0) return (0); if (!hardlink_check_uid && !hardlink_check_gid) @@ -2300,7 +2300,7 @@ setfflags(td, vp, flags) * chown can't fail when done as root. */ if (vp->v_type == VCHR || vp->v_type == VBLK) { - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); } @@ -3727,7 +3727,7 @@ revoke(td, uap) } VOP_UNLOCK(vp, 0, td); if (td->td_ucred->cr_uid != vattr.va_uid) { - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) goto out; } diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index ca5ee2f..846ae76 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -3663,7 +3663,7 @@ vaccess(type, file_mode, file_uid, file_gid, acc_mode, cred, privused) return (0); privcheck: - if (!suser_cred(cred, PRISON_ROOT)) { + if (!suser_cred(cred, SUSER_ALLOWJAIL)) { /* XXX audit: privilege used */ if (privused != NULL) *privused = 1; @@ -3686,24 +3686,24 @@ privcheck: * VEXEC requests, instead of CAP_DAC_EXECUTE. */ if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) && - !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, PRISON_ROOT)) + !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } else { if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) && - !cap_check(cred, NULL, CAP_DAC_EXECUTE, PRISON_ROOT)) + !cap_check(cred, NULL, CAP_DAC_EXECUTE, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } if ((acc_mode & VREAD) && ((dac_granted & VREAD) == 0) && - !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, PRISON_ROOT)) + !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL)) cap_granted |= VREAD; if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) && - !cap_check(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT)) + !cap_check(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL)) cap_granted |= (VWRITE | VAPPEND); if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) && - !cap_check(cred, NULL, CAP_FOWNER, PRISON_ROOT)) + !cap_check(cred, NULL, CAP_FOWNER, SUSER_ALLOWJAIL)) cap_granted |= VADMIN; if ((acc_mode & (cap_granted | dac_granted)) == acc_mode) { diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index c22b194..38d6de6 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -812,7 +812,7 @@ chroot(td, uap) int error; struct nameidata nd; - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, uap->path, td); @@ -1170,7 +1170,7 @@ kern_mknod(struct thread *td, char *path, enum uio_seg pathseg, int mode, error = suser(td); break; default: - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); break; } if (error) @@ -1365,7 +1365,7 @@ can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred) struct vattr va; int error; - if (suser_cred(cred, PRISON_ROOT) == 0) + if (suser_cred(cred, SUSER_ALLOWJAIL) == 0) return (0); if (!hardlink_check_uid && !hardlink_check_gid) @@ -2300,7 +2300,7 @@ setfflags(td, vp, flags) * chown can't fail when done as root. */ if (vp->v_type == VCHR || vp->v_type == VBLK) { - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); } @@ -3727,7 +3727,7 @@ revoke(td, uap) } VOP_UNLOCK(vp, 0, td); if (td->td_ucred->cr_uid != vattr.va_uid) { - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) goto out; } diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 26076b9..9f40419 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -321,7 +321,7 @@ in_pcbbind_setup(inp, nam, laddrp, lportp, cred) /* GROSS */ if (ntohs(lport) <= ipport_reservedhigh && ntohs(lport) >= ipport_reservedlow && - suser_cred(cred, PRISON_ROOT)) + suser_cred(cred, SUSER_ALLOWJAIL)) return (EACCES); if (jailed(cred)) prison = 1; @@ -392,7 +392,7 @@ in_pcbbind_setup(inp, nam, laddrp, lportp, cred) last = ipport_hilastauto; lastport = &pcbinfo->lasthi; } else if (inp->inp_flags & INP_LOWPORT) { - if ((error = suser_cred(cred, PRISON_ROOT)) != 0) + if ((error = suser_cred(cred, SUSER_ALLOWJAIL)) != 0) return error; first = ipport_lowfirstauto; /* 1023 */ last = ipport_lowlastauto; /* 600 */ diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index ade4920..6b854c0 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -557,7 +557,7 @@ rip_attach(struct socket *so, int proto, struct thread *td) INP_INFO_WUNLOCK(&ripcbinfo); return (EPERM); } - if (td && (error = suser_cred(td->td_ucred, PRISON_ROOT)) != 0) { + if (td && (error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL)) != 0) { INP_INFO_WUNLOCK(&ripcbinfo); return error; } diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 9c9ac7f..2064df6 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -996,7 +996,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s; - error = suser_cred(req->td->td_ucred, PRISON_ROOT); + error = suser_cred(req->td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -1042,7 +1042,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s, mapped = 0; - error = suser_cred(req->td->td_ucred, PRISON_ROOT); + error = suser_cred(req->td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index 9c9ac7f..2064df6 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -996,7 +996,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s; - error = suser_cred(req->td->td_ucred, PRISON_ROOT); + error = suser_cred(req->td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -1042,7 +1042,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s, mapped = 0; - error = suser_cred(req->td->td_ucred, PRISON_ROOT); + error = suser_cred(req->td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 0997f9a..fc146d4 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -684,7 +684,7 @@ udp_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s; - error = suser_cred(req->td->td_ucred, PRISON_ROOT); + error = suser_cred(req->td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index b1a5a71..16a4555 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -187,7 +187,7 @@ in6_pcbbind(inp, nam, cred) /* GROSS */ if (ntohs(lport) < IPV6PORT_RESERVED && - suser_cred(cred, PRISON_ROOT)) + suser_cred(cred, SUSER_ALLOWJAIL)) return (EACCES); if (so->so_cred->cr_uid != 0 && !IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { diff --git a/sys/sys/systm.h b/sys/sys/systm.h index f8f4ac3..ad25ec9 100644 --- a/sys/sys/systm.h +++ b/sys/sys/systm.h @@ -216,7 +216,8 @@ void cpu_startprofclock(void); void cpu_stopprofclock(void); /* flags for suser() and suser_cred() */ -#define PRISON_ROOT 1 +#define SUSER_ALLOWJAIL 1 +#define PRISON_ROOT SUSER_ALLOWJAIL /* XXX Old name, will be removed */ #define SUSER_RUID 2 int suser(struct thread *td); diff --git a/sys/ufs/ffs/ffs_alloc.c b/sys/ufs/ffs/ffs_alloc.c index a48ea78..0703b05 100644 --- a/sys/ufs/ffs/ffs_alloc.c +++ b/sys/ufs/ffs/ffs_alloc.c @@ -136,7 +136,7 @@ ffs_alloc(ip, lbn, bpref, size, cred, bnp) retry: if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0) goto nospace; - if (suser_cred(cred, PRISON_ROOT) && + if (suser_cred(cred, SUSER_ALLOWJAIL) && freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0) goto nospace; #ifdef QUOTA @@ -217,7 +217,7 @@ ffs_realloccg(ip, lbprev, bprev, bpref, osize, nsize, cred, bpp) #endif /* DIAGNOSTIC */ reclaimed = 0; retry: - if (suser_cred(cred, PRISON_ROOT) && + if (suser_cred(cred, SUSER_ALLOWJAIL) && freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0) goto nospace; if (bprev == 0) { diff --git a/sys/ufs/ffs/ffs_vnops.c b/sys/ufs/ffs/ffs_vnops.c index 3013ec5..c3ab5f0 100644 --- a/sys/ufs/ffs/ffs_vnops.c +++ b/sys/ufs/ffs/ffs_vnops.c @@ -720,7 +720,7 @@ ffs_write(ap) * tampering. */ if (resid > uio->uio_resid && ap->a_cred && - suser_cred(ap->a_cred, PRISON_ROOT)) { + suser_cred(ap->a_cred, SUSER_ALLOWJAIL)) { ip->i_mode &= ~(ISUID | ISGID); DIP(ip, i_mode) = ip->i_mode; } @@ -1158,7 +1158,7 @@ ffs_extwrite(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *ucred) * tampering. */ if (resid > uio->uio_resid && ucred && - suser_cred(ucred, PRISON_ROOT)) { + suser_cred(ucred, SUSER_ALLOWJAIL)) { ip->i_mode &= ~(ISUID | ISGID); dp->di_mode = ip->i_mode; } diff --git a/sys/ufs/ufs/ufs_quota.c b/sys/ufs/ufs/ufs_quota.c index ca70d4b..35e09f9 100644 --- a/sys/ufs/ufs/ufs_quota.c +++ b/sys/ufs/ufs/ufs_quota.c @@ -408,7 +408,7 @@ quotaon(td, mp, type, fname) int error, flags; struct nameidata nd; - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); @@ -496,7 +496,7 @@ quotaoff(td, mp, type) struct inode *ip; int error; - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); @@ -563,7 +563,7 @@ getquota(td, mp, id, type, addr) switch (type) { case USRQUOTA: if ((td->td_ucred->cr_uid != id) && !unprivileged_get_quota) { - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); } @@ -571,7 +571,7 @@ getquota(td, mp, id, type, addr) case GRPQUOTA: if (!groupmember(id, td->td_ucred) && !unprivileged_get_quota) { - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); } @@ -606,7 +606,7 @@ setquota(td, mp, id, type, addr) struct dqblk newlim; int error; - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); @@ -672,7 +672,7 @@ setuse(td, mp, id, type, addr) struct dqblk usage; int error; - error = suser_cred(td->td_ucred, PRISON_ROOT); + error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index 4381f57..cabb16e 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -499,7 +499,7 @@ ufs_setattr(ap) * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. */ - if (!suser_cred(cred, PRISON_ROOT)) { + if (!suser_cred(cred, SUSER_ALLOWJAIL)) { if (ip->i_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); @@ -646,11 +646,11 @@ ufs_chmod(vp, mode, cred, td) * jail(8). */ if (vp->v_type != VDIR && (mode & S_ISTXT)) { - if (suser_cred(cred, PRISON_ROOT)) + if (suser_cred(cred, SUSER_ALLOWJAIL)) return (EFTYPE); } if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { - error = suser_cred(cred, PRISON_ROOT); + error = suser_cred(cred, SUSER_ALLOWJAIL); if (error) return (error); } @@ -699,7 +699,7 @@ ufs_chown(vp, uid, gid, cred, td) */ if ((uid != ip->i_uid || (gid != ip->i_gid && !groupmember(gid, cred))) && - (error = suser_cred(cred, PRISON_ROOT))) + (error = suser_cred(cred, SUSER_ALLOWJAIL))) return (error); ogid = ip->i_gid; ouid = ip->i_uid; @@ -770,7 +770,7 @@ good: panic("ufs_chown: lost quota"); #endif /* QUOTA */ ip->i_flag |= IN_CHANGE; - if (suser_cred(cred, PRISON_ROOT) && (ouid != uid || ogid != gid)) { + if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid)) { ip->i_mode &= ~(ISUID | ISGID); DIP(ip, i_mode) = ip->i_mode; } @@ -2509,7 +2509,7 @@ ufs_makeinode(mode, dvp, vpp, cnp) if (DOINGSOFTDEP(tvp)) softdep_change_linkcnt(ip); if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - suser_cred(cnp->cn_cred, PRISON_ROOT)) { + suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL)) { ip->i_mode &= ~ISGID; DIP(ip, i_mode) = ip->i_mode; } |
