Merge from POSIX.1e Capabilities development tree:

o POSIX.1e capabilities authorize overriding of VEXEC for VDIR based
  on CAP_DAC_READ_SEARCH, but of !VDIR based on CAP_DAC_EXECUTE.  Add
  appropriate conditionals to vaccess() to take that into account.
o Synchronization cap_check_xxx() -> cap_check() change.

Obtained from:	TrustedBSD Project

1 files changed, 17 insertions, 6 deletions

diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c
index bebb319..2b822e9 100644
--- a/sys/kern/vfs_subr.c
+++ b/sys/kern/vfs_subr.c
@@ -3006,20 +3006,31 @@ privcheck:
 	 * or the request type onto the cap_granted mask.
 	 */
 	cap_granted = 0;
-	if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
-	    !cap_check_xxx(cred, NULL, CAP_DAC_EXECUTE, PRISON_ROOT))
-	    cap_granted |= VEXEC;
+
+	if (type == VDIR) {
+		/*
+		 * For directories, use CAP_DAC_READ_SEARCH to satisfy
+		 * VEXEC requests, instead of CAP_DAC_EXECUTE.
+		 */
+		if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
+		    !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, PRISON_ROOT))
+			cap_granted |= VEXEC;
+	} else {
+		if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
+		    !cap_check(cred, NULL, CAP_DAC_EXECUTE, PRISON_ROOT))
+			cap_granted |= VEXEC;
+	}
 
 	if ((acc_mode & VREAD) && ((dac_granted & VREAD) == 0) &&
-	    !cap_check_xxx(cred, NULL, CAP_DAC_READ_SEARCH, PRISON_ROOT))
+	    !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, PRISON_ROOT))
 		cap_granted |= VREAD;
 
 	if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
-	    !cap_check_xxx(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT))
+	    !cap_check(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT))
 		cap_granted |= VWRITE;
 
 	if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
-	    !cap_check_xxx(cred, NULL, CAP_FOWNER, PRISON_ROOT))
+	    !cap_check(cred, NULL, CAP_FOWNER, PRISON_ROOT))
 		cap_granted |= VADMIN;
 
 	if ((acc_mode & (cap_granted | dac_granted)) == acc_mode) {