Replace the last susers calls in netinet6/ with privilege checks.

Introduce a new privilege allowing to set certain IP header options (hop-by-hop, routing headers). Leave a few comments to be addressed later. Reviewed by: rwatson (older version, before addressing his comments)
author: bz <bz@FreeBSD.org> 2008-01-24 08:25:59 +0000
committer: bz <bz@FreeBSD.org> 2008-01-24 08:25:59 +0000
commit: 1c376286e046dbe30549b705bd310d6218ffc824 (patch)
tree: 54dfe6089b6177f2bd726f05233e0c1a76433c3e /sys/kern/kern_jail.c
parent: ca561e0217663df7e35502550d299ef5f818e4e8 (diff)
download: FreeBSD-src-1c376286e046dbe30549b705bd310d6218ffc824.zip
FreeBSD-src-1c376286e046dbe30549b705bd310d6218ffc824.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 9e7442f..62fae6f 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -720,6 +720,12 @@ prison_priv_check(struct ucred *cred, int priv)
 		return (0);
 
 		/*
+		 * Allow jailed root to set certian IPv4/6 (option) headers.
+		 */
+	case PRIV_NETINET_SETHDROPTS:
+		return (0);
+
+		/*
 		 * Conditionally allow creating raw sockets in jail.
 		 */
 	case PRIV_NETINET_RAW:
author	bz <bz@FreeBSD.org>	2008-01-24 08:25:59 +0000
committer	bz <bz@FreeBSD.org>	2008-01-24 08:25:59 +0000
commit	1c376286e046dbe30549b705bd310d6218ffc824 (patch)
tree	54dfe6089b6177f2bd726f05233e0c1a76433c3e /sys/kern/kern_jail.c
parent	ca561e0217663df7e35502550d299ef5f818e4e8 (diff)
download	FreeBSD-src-1c376286e046dbe30549b705bd310d6218ffc824.zip FreeBSD-src-1c376286e046dbe30549b705bd310d6218ffc824.tar.gz