From 00b02345d424dac8a490ff28ff75fd9386196583 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Tue, 12 Jun 2007 00:12:01 +0000
Subject: Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred();
 in some cases, move to priv_check() if it was an operation on a thread and no
 other flags were present.

Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.

We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths.  Do, however, move those prototypes to priv.h.

Reviewed by:	csjp
Obtained from:	TrustedBSD Project
---
 sys/fs/msdosfs/msdosfs_vnops.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

(limited to 'sys/fs/msdosfs')

diff --git a/sys/fs/msdosfs/msdosfs_vnops.c b/sys/fs/msdosfs/msdosfs_vnops.c
index 33e5292..3231267 100644
--- a/sys/fs/msdosfs/msdosfs_vnops.c
+++ b/sys/fs/msdosfs/msdosfs_vnops.c
@@ -408,8 +408,7 @@ msdosfs_setattr(ap)
 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
 			return (EROFS);
 		if (cred->cr_uid != pmp->pm_uid) {
-			error = priv_check_cred(cred, PRIV_VFS_ADMIN,
-			    SUSER_ALLOWJAIL);
+			error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
 			if (error)
 				return (error);
 		}
@@ -426,8 +425,7 @@ msdosfs_setattr(ap)
 		 * sensible filesystem attempts it a lot.
 		 */
 		if (vap->va_flags & SF_SETTABLE) {
-			error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS,
-			    SUSER_ALLOWJAIL);
+			error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0);
 			if (error)
 				return (error);
 		}
@@ -454,8 +452,7 @@ msdosfs_setattr(ap)
 			gid = pmp->pm_gid;
 		if (cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
 		    (gid != pmp->pm_gid && !groupmember(gid, cred))) {
-			error = priv_check_cred(cred, PRIV_VFS_CHOWN,
-			    SUSER_ALLOWJAIL);
+			error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
 			if (error)
 				return (error);
 		}
@@ -520,8 +517,7 @@ msdosfs_setattr(ap)
 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
 			return (EROFS);
 		if (cred->cr_uid != pmp->pm_uid) {
-			error = priv_check_cred(cred, PRIV_VFS_ADMIN,
-			    SUSER_ALLOWJAIL);
+			error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
 			if (error)
 				return (error);
 		}
-- 
cgit v1.1