diff options
| author | rwatson <rwatson@FreeBSD.org> | 2001-09-26 20:44:41 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2001-09-26 20:44:41 +0000 |
| commit | 9eed33b6434e112b2461310924a8851634e765ec (patch) | |
| tree | 0b11be9f17d8c85cd9ac6f262954f866ccf55b47 /sys/ufs | |
| parent | c3b85750019e1db5db54add33f31308979fb356f (diff) | |
| download | FreeBSD-src-9eed33b6434e112b2461310924a8851634e765ec.zip FreeBSD-src-9eed33b6434e112b2461310924a8851634e765ec.tar.gz | |
o Re-enable support of system file flags in jail() by adding back the
PRISON_ROOT to the suser_xxx() check. Since securelevels may now
be raised in specific jails, use of system flags can still be
restricted in jail(), but in a more configurable way.
o Users of jail() expecting system flags (such as schg) to restrict
jail()'s should be sure to set the securelevel appropriately in
jail()'s.
o This fixes activities involving automated system flag removal in
jail(), including installkernel and friends.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/ufs')
| -rw-r--r-- | sys/ufs/ufs/ufs_vnops.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index ae63a4e..b7d0c28 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -487,7 +487,7 @@ ufs_setattr(ap) * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. */ - if (!suser_xxx(cred, NULL, 0)) { + if (!suser_xxx(cred, NULL, PRISON_ROOT)) { if (ip->i_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); |
