diff options
| author | ed <ed@FreeBSD.org> | 2009-06-20 14:50:32 +0000 |
|---|---|---|
| committer | ed <ed@FreeBSD.org> | 2009-06-20 14:50:32 +0000 |
| commit | 63a4c7f5226e69853f4c0d15a1c6d0e35ea5523e (patch) | |
| tree | f0fd4ecb52c9718823a0b05d1efd9e87c9c6be2c /sys/sys/priv.h | |
| parent | 51b981d72bb852d8a1bf8627132b440a55357373 (diff) | |
| download | FreeBSD-src-63a4c7f5226e69853f4c0d15a1c6d0e35ea5523e.zip FreeBSD-src-63a4c7f5226e69853f4c0d15a1c6d0e35ea5523e.tar.gz | |
Improve nested jail awareness of devfs by handling credentials.
Now that we start to use credentials on character devices more often
(because of MPSAFE TTY), move the prison-checks that are in place in the
TTY code into devfs.
Instead of strictly comparing the prisons, use the more common
prison_check() function to compare credentials. This means that
pseudo-terminals are only visible in devfs by processes within the same
jail and parent jails.
Even though regular users in parent jails can now interact with
pseudo-terminals from child jails, this seems to be the right approach.
These processes are also capable of interacting with the jailed
processes anyway, through signals for example.
Reviewed by: kib, rwatson (older version)
Diffstat (limited to 'sys/sys/priv.h')
| -rw-r--r-- | sys/sys/priv.h | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/sys/sys/priv.h b/sys/sys/priv.h index d82341f..2af31eb 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -211,7 +211,6 @@ #define PRIV_TTY_DRAINWAIT 251 /* Set tty drain wait time. */ #define PRIV_TTY_DTRWAIT 252 /* Set DTR wait on tty. */ #define PRIV_TTY_EXCLUSIVE 253 /* Override tty exclusive flag. */ -#define PRIV_TTY_PRISON 254 /* Can open pts across jails. */ #define PRIV_TTY_STI 255 /* Simulate input on another tty. */ #define PRIV_TTY_SETA 256 /* Set tty termios structure. */ |
