Sync up PRIV_IPC_{ADMIN,READ,WRITE} priv checks in ipcperm() with

kern_jail.c: allow jailed root these privileges.  This only has an
effect if System V IPC is administratively enabled for the jail.

1 files changed, 6 insertions, 3 deletions

diff --git a/sys/kern/sysv_ipc.c b/sys/kern/sysv_ipc.c
index 0cbb4bb..7503760 100644
--- a/sys/kern/sysv_ipc.c
+++ b/sys/kern/sysv_ipc.c
@@ -125,19 +125,22 @@ ipcperm(struct thread *td, struct ipc_perm *perm, int acc_mode)
 	 */
 	priv_granted = 0;
 	if ((acc_mode & IPC_M) && !(dac_granted & IPC_M)) {
-		error = priv_check(td, PRIV_IPC_ADMIN);
+		error = priv_check_cred(td->td_ucred, PRIV_IPC_ADMIN,
+		    SUSER_ALLOWJAIL);
 		if (error == 0)
 			priv_granted |= IPC_M;
 	}
 
 	if ((acc_mode & IPC_R) && !(dac_granted & IPC_R)) {
-		error = priv_check(td, PRIV_IPC_READ);
+		error = priv_check_cred(td->td_ucred, PRIV_IPC_READ,
+		    SUSER_ALLOWJAIL);
 		if (error == 0)
 			priv_granted |= IPC_R;
 	}
 
 	if ((acc_mode & IPC_W) && !(dac_granted & IPC_W)) {
-		error = priv_check(td, PRIV_IPC_WRITE);
+		error = priv_check_cred(td->td_ucred, PRIV_IPC_WRITE,
+		    SUSER_ALLOWJAIL);
 		if (error == 0)
 			priv_granted |= IPC_W;
 	}