o Add a comment clarifying interaction between jail(), privileged processes,

and UFS file flags. Here's what the comment says, for reference: Privileged processes in jail() are permitted to modify arbitrary user flags on files, but are not permitted to modify system flags. In other words, privilege does allow a process in jail to modify user flags for objects that the process does not own, but privilege will not permit the setting of system flags on the file. Obtained from: TrustedBSD Project
author: rwatson <rwatson@FreeBSD.org> 2000-09-18 17:58:15 +0000
committer: rwatson <rwatson@FreeBSD.org> 2000-09-18 17:58:15 +0000
commit: b324dcbd3d4209d0d74487538081082dbf904bed (patch)
tree: efe1e66d38bf05bcf278ff72040e294de7a648dd /sys/ufs/ufs
parent: f193def48efb15a891480d8492bad80da212ed27 (diff)
download: FreeBSD-src-b324dcbd3d4209d0d74487538081082dbf904bed.zip
FreeBSD-src-b324dcbd3d4209d0d74487538081082dbf904bed.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c
index 1ac7dd0..c214b4c 100644
--- a/sys/ufs/ufs/ufs_vnops.c
+++ b/sys/ufs/ufs/ufs_vnops.c
@@ -408,6 +408,11 @@ ufs_setattr(ap)
 	if (vap->va_flags != VNOVAL) {
 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
 			return (EROFS);
+		/*
+		 * Privileged processes in jail() are permitted to modify
+		 * arbitrary user flags on files, but are not permitted
+		 * to modify system flags.
+		 */
 		if (cred->cr_uid != ip->i_uid &&
 		    (error = suser_xxx(cred, p, PRISON_ROOT)))
 			return (error);
author	rwatson <rwatson@FreeBSD.org>	2000-09-18 17:58:15 +0000
committer	rwatson <rwatson@FreeBSD.org>	2000-09-18 17:58:15 +0000
commit	b324dcbd3d4209d0d74487538081082dbf904bed (patch)
tree	efe1e66d38bf05bcf278ff72040e294de7a648dd /sys/ufs/ufs
parent	f193def48efb15a891480d8492bad80da212ed27 (diff)
download	FreeBSD-src-b324dcbd3d4209d0d74487538081082dbf904bed.zip FreeBSD-src-b324dcbd3d4209d0d74487538081082dbf904bed.tar.gz