diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
| commit | 00b02345d424dac8a490ff28ff75fd9386196583 (patch) | |
| tree | c439df85bebf079d07319c231d64ac481577b036 /sys/kern/subr_acl_posix1e.c | |
| parent | e93b04c2868ee901613297bfbd90ff9990d8300e (diff) | |
| download | FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.zip FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.tar.gz | |
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in
some cases, move to priv_check() if it was an operation on a thread and
no other flags were present.
Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.
We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths. Do, however, move those prototypes to priv.h.
Reviewed by: csjp
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/kern/subr_acl_posix1e.c')
| -rw-r--r-- | sys/kern/subr_acl_posix1e.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/sys/kern/subr_acl_posix1e.c b/sys/kern/subr_acl_posix1e.c index 94c612f..d3f944d 100644 --- a/sys/kern/subr_acl_posix1e.c +++ b/sys/kern/subr_acl_posix1e.c @@ -82,24 +82,22 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, if (type == VDIR) { if ((acc_mode & VEXEC) && !priv_check_cred(cred, - PRIV_VFS_LOOKUP, SUSER_ALLOWJAIL)) + PRIV_VFS_LOOKUP, 0)) priv_granted |= VEXEC; } else { if ((acc_mode & VEXEC) && !priv_check_cred(cred, - PRIV_VFS_EXEC, SUSER_ALLOWJAIL)) + PRIV_VFS_EXEC, 0)) priv_granted |= VEXEC; } - if ((acc_mode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, - SUSER_ALLOWJAIL)) + if ((acc_mode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0)) priv_granted |= VREAD; if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) && - !priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL)) + !priv_check_cred(cred, PRIV_VFS_WRITE, 0)) priv_granted |= (VWRITE | VAPPEND); - if ((acc_mode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN, - SUSER_ALLOWJAIL)) + if ((acc_mode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN, 0)) priv_granted |= VADMIN; /* |
