Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in

some cases, move to priv_check() if it was an operation on a thread and
no other flags were present.

Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.

We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths.  Do, however, move those prototypes to priv.h.

Reviewed by:	csjp
Obtained from:	TrustedBSD Project

1 files changed, 1 insertions, 2 deletions

diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index 6100f41..893c54f 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1280,8 +1280,7 @@ sysctl_root(SYSCTL_HANDLER_ARGS)
 	/* Is this sysctl writable by only privileged users? */
 	if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
 		if (oid->oid_kind & CTLFLAG_PRISON)
-			error = priv_check_cred(req->td->td_ucred,
-			    PRIV_SYSCTL_WRITEJAIL, SUSER_ALLOWJAIL);
+			error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL);
 		else
 			error = priv_check(req->td, PRIV_SYSCTL_WRITE);
 		if (error)