diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
commit | 00b02345d424dac8a490ff28ff75fd9386196583 (patch) | |
tree | c439df85bebf079d07319c231d64ac481577b036 /sys/kern/uipc_mqueue.c | |
parent | e93b04c2868ee901613297bfbd90ff9990d8300e (diff) | |
download | FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.zip FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.tar.gz |
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in
some cases, move to priv_check() if it was an operation on a thread and
no other flags were present.
Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.
We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths. Do, however, move those prototypes to priv.h.
Reviewed by: csjp
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/kern/uipc_mqueue.c')
-rw-r--r-- | sys/kern/uipc_mqueue.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/sys/kern/uipc_mqueue.c b/sys/kern/uipc_mqueue.c index 82cd070..1c5cadb 100644 --- a/sys/kern/uipc_mqueue.c +++ b/sys/kern/uipc_mqueue.c @@ -961,8 +961,7 @@ int do_unlink(struct mqfs_node *pn, struct ucred *ucred) sx_assert(&pn->mn_info->mi_lock, SX_LOCKED); if (ucred->cr_uid != pn->mn_uid && - (error = priv_check_cred(ucred, PRIV_MQ_ADMIN, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check_cred(ucred, PRIV_MQ_ADMIN, 0)) != 0) error = EACCES; else if (!pn->mn_deleted) { parent = pn->mn_parent; @@ -1221,8 +1220,7 @@ mqfs_setattr(struct vop_setattr_args *ap) */ if (((ap->a_cred->cr_uid != pn->mn_uid) || uid != pn->mn_uid || (gid != pn->mn_gid && !groupmember(gid, ap->a_cred))) && - (error = priv_check_cred(ap->a_td->td_ucred, - PRIV_MQ_ADMIN, SUSER_ALLOWJAIL)) != 0) + (error = priv_check(ap->a_td, PRIV_MQ_ADMIN)) != 0) return (error); pn->mn_uid = uid; pn->mn_gid = gid; @@ -1231,8 +1229,7 @@ mqfs_setattr(struct vop_setattr_args *ap) if (vap->va_mode != (mode_t)VNOVAL) { if ((ap->a_cred->cr_uid != pn->mn_uid) && - (error = priv_check_cred(ap->a_td->td_ucred, - PRIV_MQ_ADMIN, SUSER_ALLOWJAIL))) + (error = priv_check(ap->a_td, PRIV_MQ_ADMIN))) return (error); pn->mn_mode = vap->va_mode; c = 1; |