diff options
Diffstat (limited to 'sys/compat')
-rw-r--r-- | sys/compat/linux/linux_misc.c | 3 | ||||
-rw-r--r-- | sys/compat/linux/linux_uid16.c | 3 | ||||
-rw-r--r-- | sys/compat/opensolaris/kern/opensolaris_policy.c | 29 | ||||
-rw-r--r-- | sys/compat/svr4/svr4_fcntl.c | 3 | ||||
-rw-r--r-- | sys/compat/svr4/svr4_misc.c | 3 |
5 files changed, 16 insertions, 25 deletions
diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index 926efbc..9c066fc 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -1079,8 +1079,7 @@ linux_setgroups(struct thread *td, struct linux_setgroups_args *args) * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, - SUSER_ALLOWJAIL)) != 0) { + if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); diff --git a/sys/compat/linux/linux_uid16.c b/sys/compat/linux/linux_uid16.c index a8a1f5d..c474382 100644 --- a/sys/compat/linux/linux_uid16.c +++ b/sys/compat/linux/linux_uid16.c @@ -124,8 +124,7 @@ linux_setgroups16(struct thread *td, struct linux_setgroups16_args *args) * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, - SUSER_ALLOWJAIL)) != 0) { + if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); diff --git a/sys/compat/opensolaris/kern/opensolaris_policy.c b/sys/compat/opensolaris/kern/opensolaris_policy.c index c109a4c..a09c9ec 100644 --- a/sys/compat/opensolaris/kern/opensolaris_policy.c +++ b/sys/compat/opensolaris/kern/opensolaris_policy.c @@ -72,7 +72,7 @@ secpolicy_basic_link(struct ucred *cred) if (!hardlink_check_uid) return (0); - return (priv_check_cred(cred, PRIV_VFS_LINK, SUSER_ALLOWJAIL)); + return (priv_check_cred(cred, PRIV_VFS_LINK, 0)); } int @@ -86,7 +86,7 @@ int secpolicy_vnode_remove(struct ucred *cred) { - return (priv_check_cred(cred, PRIV_VFS_ADMIN, SUSER_ALLOWJAIL)); + return (priv_check_cred(cred, PRIV_VFS_ADMIN, 0)); } int @@ -94,23 +94,20 @@ secpolicy_vnode_access(struct ucred *cred, struct vnode *vp, uint64_t owner, int mode) { - if ((mode & VREAD) && - priv_check_cred(cred, PRIV_VFS_READ, SUSER_ALLOWJAIL) != 0) { + if ((mode & VREAD) && priv_check_cred(cred, PRIV_VFS_READ, 0) != 0) { return (EACCES); } if ((mode & VWRITE) && - priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL) != 0) { + priv_check_cred(cred, PRIV_VFS_WRITE, 0) != 0) { return (EACCES); } if (mode & VEXEC) { if (vp->v_type == VDIR) { - if (priv_check_cred(cred, PRIV_VFS_LOOKUP, - SUSER_ALLOWJAIL) != 0) { + if (priv_check_cred(cred, PRIV_VFS_LOOKUP, 0) != 0) { return (EACCES); } } else { - if (priv_check_cred(cred, PRIV_VFS_EXEC, - SUSER_ALLOWJAIL) != 0) { + if (priv_check_cred(cred, PRIV_VFS_EXEC, 0) != 0) { return (EACCES); } } @@ -124,7 +121,7 @@ secpolicy_vnode_setdac(struct ucred *cred, uid_t owner) if (owner == cred->cr_uid) return (0); - return (priv_check_cred(cred, PRIV_VFS_ADMIN, SUSER_ALLOWJAIL)); + return (priv_check_cred(cred, PRIV_VFS_ADMIN, 0)); } int @@ -173,8 +170,7 @@ secpolicy_vnode_setattr(struct ucred *cred, struct vnode *vp, struct vattr *vap, if (((mask & AT_UID) && vap->va_uid != ovap->va_uid) || ((mask & AT_GID) && vap->va_gid != ovap->va_gid && !groupmember(vap->va_gid, cred))) { - error = priv_check_cred(cred, PRIV_VFS_CHOWN, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0); if (error) return (error); } @@ -214,7 +210,7 @@ secpolicy_vnode_setids_setgids(struct ucred *cred, gid_t gid) { if (!groupmember(gid, cred)) - return (priv_check_cred(cred, PRIV_VFS_SETGID, SUSER_ALLOWJAIL)); + return (priv_check_cred(cred, PRIV_VFS_SETGID, 0)); return (0); } @@ -222,7 +218,7 @@ int secpolicy_vnode_setid_retain(struct ucred *cred, boolean_t issuidroot __unused) { - return (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, SUSER_ALLOWJAIL)); + return (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)); } void @@ -230,8 +226,7 @@ secpolicy_setid_clear(struct vattr *vap, struct ucred *cred) { if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0) { - if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, - SUSER_ALLOWJAIL)) { + if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) { vap->va_mask |= AT_MODE; vap->va_mode &= ~(S_ISUID|S_ISGID); } @@ -250,7 +245,7 @@ secpolicy_setid_setsticky_clear(struct vnode *vp, struct vattr *vap, * is not a member of. Both of these are allowed in jail(8). */ if (vp->v_type != VDIR && (vap->va_mode & S_ISTXT)) { - if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, SUSER_ALLOWJAIL)) + if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0)) return (EFTYPE); } /* diff --git a/sys/compat/svr4/svr4_fcntl.c b/sys/compat/svr4/svr4_fcntl.c index 6073e0d..8735abb 100644 --- a/sys/compat/svr4/svr4_fcntl.c +++ b/sys/compat/svr4/svr4_fcntl.c @@ -281,8 +281,7 @@ fd_revoke(td, fd) goto out; if (td->td_ucred->cr_uid != vattr.va_uid && - (error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN, - SUSER_ALLOWJAIL)) != 0) + (error = priv_check(td, PRIV_VFS_ADMIN)) != 0) goto out; if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) diff --git a/sys/compat/svr4/svr4_misc.c b/sys/compat/svr4/svr4_misc.c index a158fd7..e4c48c0 100644 --- a/sys/compat/svr4/svr4_misc.c +++ b/sys/compat/svr4/svr4_misc.c @@ -612,8 +612,7 @@ svr4_sys_fchroot(td, uap) struct file *fp; int error, vfslocked; - if ((error = priv_check_cred(td->td_ucred, PRIV_VFS_FCHROOT, - SUSER_ALLOWJAIL)) != 0) + if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0) return error; if ((error = getvnode(fdp, uap->fd, &fp)) != 0) return error; |