diff options
Diffstat (limited to 'sys/kern/subr_acl_posix1e.c')
-rw-r--r-- | sys/kern/subr_acl_posix1e.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sys/kern/subr_acl_posix1e.c b/sys/kern/subr_acl_posix1e.c index 01e5e3ba..7beca5c 100644 --- a/sys/kern/subr_acl_posix1e.c +++ b/sys/kern/subr_acl_posix1e.c @@ -92,7 +92,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, * a DAC entry that matches but has failed to allow access. */ #ifndef CAPABILITIES - if (suser_cred(cred, PRISON_ROOT) == 0) + if (suser_cred(cred, SUSER_ALLOWJAIL) == 0) cap_granted = VALLPERM; else cap_granted = 0; @@ -101,24 +101,24 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, if (type == VDIR) { if ((acc_mode & VEXEC) && !cap_check(cred, NULL, - CAP_DAC_READ_SEARCH, PRISON_ROOT)) + CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } else { if ((acc_mode & VEXEC) && !cap_check(cred, NULL, - CAP_DAC_EXECUTE, PRISON_ROOT)) + CAP_DAC_EXECUTE, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } if ((acc_mode & VREAD) && !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, - PRISON_ROOT)) + SUSER_ALLOWJAIL)) cap_granted |= VREAD; if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) && - !cap_check(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT)) + !cap_check(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL)) cap_granted |= (VWRITE | VAPPEND); if ((acc_mode & VADMIN) && !cap_check(cred, NULL, CAP_FOWNER, - PRISON_ROOT)) + SUSER_ALLOWJAIL)) cap_granted |= VADMIN; #endif /* CAPABILITIES */ |