Teach discretionary access control methods for files about VAPPEND

and VALLPERM.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

1 files changed, 4 insertions, 4 deletions

diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c
index e620d4a..4d87718 100644
--- a/sys/kern/vfs_subr.c
+++ b/sys/kern/vfs_subr.c
@@ -3251,7 +3251,7 @@ vaccess(type, file_mode, file_uid, file_gid, acc_mode, cred, privused)
 		if (file_mode & S_IRUSR)
 			dac_granted |= VREAD;
 		if (file_mode & S_IWUSR)
-			dac_granted |= VWRITE;
+			dac_granted |= (VWRITE | VAPPEND);
 
 		if ((acc_mode & dac_granted) == acc_mode)
 			return (0);
@@ -3266,7 +3266,7 @@ vaccess(type, file_mode, file_uid, file_gid, acc_mode, cred, privused)
 		if (file_mode & S_IRGRP)
 			dac_granted |= VREAD;
 		if (file_mode & S_IWGRP)
-			dac_granted |= VWRITE;
+			dac_granted |= (VWRITE | VAPPEND);
 
 		if ((acc_mode & dac_granted) == acc_mode)
 			return (0);
@@ -3280,7 +3280,7 @@ vaccess(type, file_mode, file_uid, file_gid, acc_mode, cred, privused)
 	if (file_mode & S_IROTH)
 		dac_granted |= VREAD;
 	if (file_mode & S_IWOTH)
-		dac_granted |= VWRITE;
+		dac_granted |= (VWRITE | VAPPEND);
 	if ((acc_mode & dac_granted) == acc_mode)
 		return (0);
 
@@ -3322,7 +3322,7 @@ privcheck:
 
 	if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
 	    !cap_check(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT))
-		cap_granted |= VWRITE;
+		cap_granted |= (VWRITE | VAPPEND);
 
 	if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
 	    !cap_check(cred, NULL, CAP_FOWNER, PRISON_ROOT))