o Further clarify comment: ad Udo's request, re-insert the 'if'

refering to securelevels; also, update the unprivileged process text to better indicate the scope of actions permittable when any system flags are already set (limited). Submitted by: Udo Schweigert <udo.schweigert@siemens.com>
author: rwatson <rwatson@FreeBSD.org> 2001-09-25 12:02:44 +0000
committer: rwatson <rwatson@FreeBSD.org> 2001-09-25 12:02:44 +0000
commit: 56db2a389f66651dd552255ae3b877e454f98a96 (patch)
tree: 7cf9e2db23fe7a46ac5c400c94687e797309a08f /sys/ufs
parent: c8a3d8ce02d7b30653752539a956a80365b2c892 (diff)
download: FreeBSD-src-56db2a389f66651dd552255ae3b877e454f98a96.zip
FreeBSD-src-56db2a389f66651dd552255ae3b877e454f98a96.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c
index 1b2fffa..c47d0f6 100644
--- a/sys/ufs/ufs/ufs_vnops.c
+++ b/sys/ufs/ufs/ufs_vnops.c
@@ -482,9 +482,10 @@ ufs_setattr(ap)
 			return (error);
 		/*
 		 * Unprivileged processes and privileged processes in
-		 * jail() are not permitted to set system flags.
-		 * Privileged non-jail processes may not set system flags
-		 * securelevel > 0.
+		 * jail() are not permitted to unset system flags, or
+		 * modify flags if any system flags are set.
+		 * Privileged non-jail processes may not modify system flags
+		 * if securelevel > 0 and any existing system flags are set.
 		 */
 		if (!suser_xxx(cred, NULL, 0)) {
 			if ((ip->i_flags
author	rwatson <rwatson@FreeBSD.org>	2001-09-25 12:02:44 +0000
committer	rwatson <rwatson@FreeBSD.org>	2001-09-25 12:02:44 +0000
commit	56db2a389f66651dd552255ae3b877e454f98a96 (patch)
tree	7cf9e2db23fe7a46ac5c400c94687e797309a08f /sys/ufs
parent	c8a3d8ce02d7b30653752539a956a80365b2c892 (diff)
download	FreeBSD-src-56db2a389f66651dd552255ae3b877e454f98a96.zip FreeBSD-src-56db2a389f66651dd552255ae3b877e454f98a96.tar.gz