Do allow PIOCSFL in jail for setguid processes; this is more consistent

with other debugging checks elsewhere. XXX comment on the fact that p_candebug() is not being used here remains.
author: rwatson <rwatson@FreeBSD.org> 2007-02-19 13:04:25 +0000
committer: rwatson <rwatson@FreeBSD.org> 2007-02-19 13:04:25 +0000
commit: 228e8a2b29d7c94285648c37d782ba794782e3a8 (patch)
tree: d363777ece09cb115f563d396c780f1ef69c269a /sys
parent: cbc91eef43818d482a3516d6c0bc240eb2c492b5 (diff)
download: FreeBSD-src-228e8a2b29d7c94285648c37d782ba794782e3a8.zip
FreeBSD-src-228e8a2b29d7c94285648c37d782ba794782e3a8.tar.gz
1 files changed, 2 insertions, 4 deletions
diff --git a/sys/fs/procfs/procfs_ioctl.c b/sys/fs/procfs/procfs_ioctl.c
index d737d96..ec08da5 100644
--- a/sys/fs/procfs/procfs_ioctl.c
+++ b/sys/fs/procfs/procfs_ioctl.c
@@ -110,11 +110,9 @@ procfs_ioctl(PFS_IOCTL_ARGS)
 			 * XXXRW: Is this specific check required here, as
 			 * p_candebug() should implement it, or other checks
 			 * are missing.
-			 *
-			 * XXXRW: Other debugging privileges are granted in
-			 * jail, why isn't this?
 			 */
-			error = priv_check(td, PRIV_DEBUG_SUGID);
+			error = priv_check_cred(td->td_ucred,
+			    PRIV_DEBUG_SUGID, SUSER_ALLOWJAIL);
 			if (error)
 				break;
 		}
author	rwatson <rwatson@FreeBSD.org>	2007-02-19 13:04:25 +0000
committer	rwatson <rwatson@FreeBSD.org>	2007-02-19 13:04:25 +0000
commit	228e8a2b29d7c94285648c37d782ba794782e3a8 (patch)
tree	d363777ece09cb115f563d396c780f1ef69c269a /sys
parent	cbc91eef43818d482a3516d6c0bc240eb2c492b5 (diff)
download	FreeBSD-src-228e8a2b29d7c94285648c37d782ba794782e3a8.zip FreeBSD-src-228e8a2b29d7c94285648c37d782ba794782e3a8.tar.gz