diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-02-19 13:26:39 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-02-19 13:26:39 +0000 |
| commit | 58e926bc9496da2b6024e2b8f33bd40c45a00fd6 (patch) | |
| tree | a634e907bb5ce1f599aa62b8768068cf7639d1e9 /sys/ufs | |
| parent | 07f6768e54053b9220f8ce9a39ce7f5975c0a8aa (diff) | |
| download | FreeBSD-src-58e926bc9496da2b6024e2b8f33bd40c45a00fd6.zip FreeBSD-src-58e926bc9496da2b6024e2b8f33bd40c45a00fd6.tar.gz | |
Limit quota privileges in jail to PRIV_UFS_GETQUOTA and
PRIV_UFS_SETQUOTA.
Diffstat (limited to 'sys/ufs')
| -rw-r--r-- | sys/ufs/ufs/ufs_quota.c | 15 |
1 files changed, 3 insertions, 12 deletions
diff --git a/sys/ufs/ufs/ufs_quota.c b/sys/ufs/ufs/ufs_quota.c index 194c013..55e91b9 100644 --- a/sys/ufs/ufs/ufs_quota.c +++ b/sys/ufs/ufs/ufs_quota.c @@ -451,11 +451,7 @@ quotaon(td, mp, type, fname) int error, flags; struct nameidata nd; - /* - * XXXRW: Can this be right? Jail is allowed to do this? - */ - error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON, - SUSER_ALLOWJAIL); + error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON, 0); if (error) return (error); @@ -550,11 +546,7 @@ quotaoff(td, mp, type) struct inode *ip; int error; - /* - * XXXRW: This also seems wrong to allow in a jail? - */ - error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF, - SUSER_ALLOWJAIL); + error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF, 0); if (error) return (error); @@ -741,8 +733,7 @@ setuse(td, mp, id, type, addr) struct dqblk usage; int error; - error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE, - SUSER_ALLOWJAIL); + error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE, 0); if (error) return (error); |
