diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
commit | 00b02345d424dac8a490ff28ff75fd9386196583 (patch) | |
tree | c439df85bebf079d07319c231d64ac481577b036 /sys/compat/svr4 | |
parent | e93b04c2868ee901613297bfbd90ff9990d8300e (diff) | |
download | FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.zip FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.tar.gz |
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in
some cases, move to priv_check() if it was an operation on a thread and
no other flags were present.
Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.
We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths. Do, however, move those prototypes to priv.h.
Reviewed by: csjp
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/compat/svr4')
-rw-r--r-- | sys/compat/svr4/svr4_fcntl.c | 3 | ||||
-rw-r--r-- | sys/compat/svr4/svr4_misc.c | 3 |
2 files changed, 2 insertions, 4 deletions
diff --git a/sys/compat/svr4/svr4_fcntl.c b/sys/compat/svr4/svr4_fcntl.c index 6073e0d..8735abb 100644 --- a/sys/compat/svr4/svr4_fcntl.c +++ b/sys/compat/svr4/svr4_fcntl.c @@ -281,8 +281,7 @@ fd_revoke(td, fd) goto out; if (td->td_ucred->cr_uid != vattr.va_uid && - (error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check(td, PRIV_VFS_ADMIN)) != 0) goto out; if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) diff --git a/sys/compat/svr4/svr4_misc.c b/sys/compat/svr4/svr4_misc.c index a158fd7..e4c48c0 100644 --- a/sys/compat/svr4/svr4_misc.c +++ b/sys/compat/svr4/svr4_misc.c @@ -612,8 +612,7 @@ svr4_sys_fchroot(td, uap) struct file *fp; int error, vfslocked; - if ((error = priv_check_cred(td->td_ucred, PRIV_VFS_FCHROOT, - SUSER_ALLOWJAIL)) != 0) + if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0) return error; if ((error = getvnode(fdp, uap->fd, &fp)) != 0) return error; |