diff options
author | bz <bz@FreeBSD.org> | 2009-08-13 10:26:34 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2009-08-13 10:26:34 +0000 |
commit | 5307a46b8beef9afe39e5882ad38f5fe90f708a0 (patch) | |
tree | da85107d22a96dc6fa0f87abc22d5684fb84f53c /sys/kern/kern_sysctl.c | |
parent | b6a41509dfb07cf1dbc04a5b73c4a2bf7219e4db (diff) | |
download | FreeBSD-src-5307a46b8beef9afe39e5882ad38f5fe90f708a0.zip FreeBSD-src-5307a46b8beef9afe39e5882ad38f5fe90f708a0.tar.gz |
Make it possible to change the vnet sysctl variables on jails
with their own virtual network stack. Jails only inheriting a
network stack cannot change anything that cannot be changed from
within a prison.
Reviewed by: rwatson, zec
Approved by: re (kib)
Diffstat (limited to 'sys/kern/kern_sysctl.c')
-rw-r--r-- | sys/kern/kern_sysctl.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index bb5b6a0..b83502c 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1381,10 +1381,18 @@ sysctl_root(SYSCTL_HANDLER_ARGS) /* Is this sysctl writable by only privileged users? */ if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) { + int priv; + if (oid->oid_kind & CTLFLAG_PRISON) - error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL); + priv = PRIV_SYSCTL_WRITEJAIL; +#ifdef VIMAGE + else if ((oid->oid_kind & CTLFLAG_VNET) && + prison_owns_vnet(req->td->td_ucred)) + priv = PRIV_SYSCTL_WRITEJAIL; +#endif else - error = priv_check(req->td, PRIV_SYSCTL_WRITE); + priv = PRIV_SYSCTL_WRITE; + error = priv_check(req->td, priv); if (error) return (error); } |