summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_sysctl.c
diff options
context:
space:
mode:
authorbz <bz@FreeBSD.org>2009-08-13 10:26:34 +0000
committerbz <bz@FreeBSD.org>2009-08-13 10:26:34 +0000
commit5307a46b8beef9afe39e5882ad38f5fe90f708a0 (patch)
treeda85107d22a96dc6fa0f87abc22d5684fb84f53c /sys/kern/kern_sysctl.c
parentb6a41509dfb07cf1dbc04a5b73c4a2bf7219e4db (diff)
downloadFreeBSD-src-5307a46b8beef9afe39e5882ad38f5fe90f708a0.zip
FreeBSD-src-5307a46b8beef9afe39e5882ad38f5fe90f708a0.tar.gz
Make it possible to change the vnet sysctl variables on jails
with their own virtual network stack. Jails only inheriting a network stack cannot change anything that cannot be changed from within a prison. Reviewed by: rwatson, zec Approved by: re (kib)
Diffstat (limited to 'sys/kern/kern_sysctl.c')
-rw-r--r--sys/kern/kern_sysctl.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index bb5b6a0..b83502c 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1381,10 +1381,18 @@ sysctl_root(SYSCTL_HANDLER_ARGS)
/* Is this sysctl writable by only privileged users? */
if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
+ int priv;
+
if (oid->oid_kind & CTLFLAG_PRISON)
- error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL);
+ priv = PRIV_SYSCTL_WRITEJAIL;
+#ifdef VIMAGE
+ else if ((oid->oid_kind & CTLFLAG_VNET) &&
+ prison_owns_vnet(req->td->td_ucred))
+ priv = PRIV_SYSCTL_WRITEJAIL;
+#endif
else
- error = priv_check(req->td, PRIV_SYSCTL_WRITE);
+ priv = PRIV_SYSCTL_WRITE;
+ error = priv_check(req->td, priv);
if (error)
return (error);
}
OpenPOWER on IntegriCloud