summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_prot.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/kern/kern_prot.c')
-rw-r--r--sys/kern/kern_prot.c42
1 files changed, 21 insertions, 21 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 221a84c..2a0aafb 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -524,7 +524,7 @@ setuid(struct thread *td, struct setuid_args *uap)
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
uid != oldcred->cr_uid && /* allow setuid(geteuid()) */
#endif
- (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+ (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
PROC_UNLOCK(p);
uifree(uip);
crfree(newcred);
@@ -544,7 +544,7 @@ setuid(struct thread *td, struct setuid_args *uap)
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */
uid == oldcred->cr_uid ||
#endif
- suser_cred(oldcred, PRISON_ROOT) == 0) /* we are using privs */
+ suser_cred(oldcred, SUSER_ALLOWJAIL) == 0) /* we are using privs */
#endif
{
/*
@@ -606,7 +606,7 @@ seteuid(struct thread *td, struct seteuid_args *uap)
oldcred = p->p_ucred;
if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */
euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */
- (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+ (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
PROC_UNLOCK(p);
uifree(euip);
crfree(newcred);
@@ -668,7 +668,7 @@ setgid(struct thread *td, struct setgid_args *uap)
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
#endif
- (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+ (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
@@ -684,7 +684,7 @@ setgid(struct thread *td, struct setgid_args *uap)
#ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */
gid == oldcred->cr_groups[0] ||
#endif
- suser_cred(oldcred, PRISON_ROOT) == 0) /* we are using privs */
+ suser_cred(oldcred, SUSER_ALLOWJAIL) == 0) /* we are using privs */
#endif
{
/*
@@ -743,7 +743,7 @@ setegid(struct thread *td, struct setegid_args *uap)
oldcred = p->p_ucred;
if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */
egid != oldcred->cr_svgid && /* allow setegid(saved gid) */
- (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+ (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
@@ -789,7 +789,7 @@ setgroups(struct thread *td, struct setgroups_args *uap)
newcred = crget();
PROC_LOCK(p);
oldcred = p->p_ucred;
- error = suser_cred(oldcred, PRISON_ROOT);
+ error = suser_cred(oldcred, SUSER_ALLOWJAIL);
if (error) {
PROC_UNLOCK(p);
crfree(newcred);
@@ -853,7 +853,7 @@ setreuid(register struct thread *td, struct setreuid_args *uap)
ruid != oldcred->cr_svuid) ||
(euid != (uid_t)-1 && euid != oldcred->cr_uid &&
euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) &&
- (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+ (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
PROC_UNLOCK(p);
uifree(ruip);
uifree(euip);
@@ -909,7 +909,7 @@ setregid(register struct thread *td, struct setregid_args *uap)
rgid != oldcred->cr_svgid) ||
(egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
- (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+ (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
@@ -977,7 +977,7 @@ setresuid(register struct thread *td, struct setresuid_args *uap)
(suid != (uid_t)-1 && suid != oldcred->cr_ruid &&
suid != oldcred->cr_svuid &&
suid != oldcred->cr_uid)) &&
- (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+ (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
PROC_UNLOCK(p);
uifree(ruip);
uifree(euip);
@@ -1045,7 +1045,7 @@ setresgid(register struct thread *td, struct setresgid_args *uap)
(sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
sgid != oldcred->cr_svgid &&
sgid != oldcred->cr_groups[0])) &&
- (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+ (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
@@ -1233,7 +1233,7 @@ suser_cred(struct ucred *cred, int flag)
return (EPERM);
if (((flag & SUSER_RUID) ? cred->cr_ruid : cred->cr_uid) != 0)
return (EPERM);
- if (jailed(cred) && !(flag & PRISON_ROOT))
+ if (jailed(cred) && !(flag & SUSER_ALLOWJAIL))
return (EPERM);
return (0);
}
@@ -1324,7 +1324,7 @@ cr_seeotheruids(struct ucred *u1, struct ucred *u2)
{
if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) {
- if (suser_cred(u1, PRISON_ROOT) != 0)
+ if (suser_cred(u1, SUSER_ALLOWJAIL) != 0)
return (ESRCH);
}
return (0);
@@ -1363,7 +1363,7 @@ cr_seeothergids(struct ucred *u1, struct ucred *u2)
break;
}
if (!match) {
- if (suser_cred(u1, PRISON_ROOT) != 0)
+ if (suser_cred(u1, SUSER_ALLOWJAIL) != 0)
return (ESRCH);
}
}
@@ -1480,7 +1480,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
break;
default:
/* Not permitted without privilege. */
- error = suser_cred(cred, PRISON_ROOT);
+ error = suser_cred(cred, SUSER_ALLOWJAIL);
if (error)
return (error);
}
@@ -1495,7 +1495,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
cred->cr_uid != proc->p_ucred->cr_ruid &&
cred->cr_uid != proc->p_ucred->cr_svuid) {
/* Not permitted without privilege. */
- error = suser_cred(cred, PRISON_ROOT);
+ error = suser_cred(cred, SUSER_ALLOWJAIL);
if (error)
return (error);
}
@@ -1564,11 +1564,11 @@ p_cansched(struct thread *td, struct proc *p)
return (0);
if (td->td_ucred->cr_uid == p->p_ucred->cr_ruid)
return (0);
- if (suser_cred(td->td_ucred, PRISON_ROOT) == 0)
+ if (suser_cred(td->td_ucred, SUSER_ALLOWJAIL) == 0)
return (0);
#ifdef CAPABILITIES
- if (!cap_check(NULL, td, CAP_SYS_NICE, PRISON_ROOT))
+ if (!cap_check(NULL, td, CAP_SYS_NICE, SUSER_ALLOWJAIL))
return (0);
#endif
@@ -1607,7 +1607,7 @@ p_candebug(struct thread *td, struct proc *p)
KASSERT(td == curthread, ("%s: td not curthread", __func__));
PROC_LOCK_ASSERT(p, MA_OWNED);
if (!unprivileged_proc_debug) {
- error = suser_cred(td->td_ucred, PRISON_ROOT);
+ error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
if (error)
return (error);
}
@@ -1659,7 +1659,7 @@ p_candebug(struct thread *td, struct proc *p)
* require CAP_SYS_PTRACE.
*/
if (!grpsubset || !uidsubset || credentialchanged) {
- error = suser_cred(td->td_ucred, PRISON_ROOT);
+ error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
if (error)
return (error);
}
@@ -1927,7 +1927,7 @@ setlogin(struct thread *td, struct setlogin_args *uap)
int error;
char logintmp[MAXLOGNAME];
- error = suser_cred(td->td_ucred, PRISON_ROOT);
+ error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
if (error)
return (error);
error = copyinstr(uap->namebuf, logintmp, sizeof(logintmp), NULL);
OpenPOWER on IntegriCloud