diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-02-19 13:33:10 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-02-19 13:33:10 +0000 |
| commit | d298e8c0c269ddbcd6979437a7f31d21acc482f1 (patch) | |
| tree | 1afe170b3c52f4fde379018a84f110d151b03de9 /sys/ufs | |
| parent | 58e926bc9496da2b6024e2b8f33bd40c45a00fd6 (diff) | |
| download | FreeBSD-src-d298e8c0c269ddbcd6979437a7f31d21acc482f1.zip FreeBSD-src-d298e8c0c269ddbcd6979437a7f31d21acc482f1.tar.gz | |
Rename three quota privileges from the UFS privilege namespace to the
VFS privilege namespace: exceedquota, getquota, and setquota. Leave
UFS-specific quota configuration privileges in the UFS name space.
This renumbers VFS and UFS privileges, so requires rebuilding modules
if you are using security policies aware of privilege identifiers.
This is likely no one at this point since none of the committed MAC
policies use the privilege checks.
Diffstat (limited to 'sys/ufs')
| -rw-r--r-- | sys/ufs/ufs/ufs_quota.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/ufs/ufs/ufs_quota.c b/sys/ufs/ufs/ufs_quota.c index 55e91b9..b02fd94 100644 --- a/sys/ufs/ufs/ufs_quota.c +++ b/sys/ufs/ufs/ufs_quota.c @@ -187,7 +187,7 @@ chkdq(ip, change, cred, flags) return (0); } if ((flags & FORCE) == 0 && priv_check_cred(cred, - PRIV_UFS_EXCEEDQUOTA, 0)) { + PRIV_VFS_EXCEEDQUOTA, 0)) { for (i = 0; i < MAXQUOTAS; i++) { if ((dq = ip->i_dquot[i]) == NODQUOT) continue; @@ -310,7 +310,7 @@ chkiq(ip, change, cred, flags) return (0); } if ((flags & FORCE) == 0 && priv_check_cred(cred, - PRIV_UFS_EXCEEDQUOTA, 0)) { + PRIV_VFS_EXCEEDQUOTA, 0)) { for (i = 0; i < MAXQUOTAS; i++) { if ((dq = ip->i_dquot[i]) == NODQUOT) continue; @@ -620,7 +620,7 @@ getquota(td, mp, id, type, addr) case USRQUOTA: if ((td->td_ucred->cr_uid != id) && !unprivileged_get_quota) { error = priv_check_cred(td->td_ucred, - PRIV_UFS_GETQUOTA, SUSER_ALLOWJAIL); + PRIV_VFS_GETQUOTA, SUSER_ALLOWJAIL); if (error) return (error); } @@ -630,7 +630,7 @@ getquota(td, mp, id, type, addr) if (!groupmember(id, td->td_ucred) && !unprivileged_get_quota) { error = priv_check_cred(td->td_ucred, - PRIV_UFS_GETQUOTA, SUSER_ALLOWJAIL); + PRIV_VFS_GETQUOTA, SUSER_ALLOWJAIL); if (error) return (error); } @@ -665,7 +665,7 @@ setquota(td, mp, id, type, addr) struct dqblk newlim; int error; - error = priv_check_cred(td->td_ucred, PRIV_UFS_SETQUOTA, + error = priv_check_cred(td->td_ucred, PRIV_VFS_SETQUOTA, SUSER_ALLOWJAIL); if (error) return (error); |
