From 00b02345d424dac8a490ff28ff75fd9386196583 Mon Sep 17 00:00:00 2001 From: rwatson Date: Tue, 12 Jun 2007 00:12:01 +0000 Subject: Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in some cases, move to priv_check() if it was an operation on a thread and no other flags were present. Eliminate caller-side jail exception checking (also now-unused); jail privilege exception code now goes solely in kern_jail.c. We can't yet eliminate suser() due to some cases in the KAME code where a privilege check is performed and then used in many different deferred paths. Do, however, move those prototypes to priv.h. Reviewed by: csjp Obtained from: TrustedBSD Project --- sys/kern/kern_priv.c | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'sys/kern/kern_priv.c') diff --git a/sys/kern/kern_priv.c b/sys/kern/kern_priv.c index 6d2d692..ebf01ba 100644 --- a/sys/kern/kern_priv.c +++ b/sys/kern/kern_priv.c @@ -77,18 +77,8 @@ priv_check_cred(struct ucred *cred, int priv, int flags) /* * Jail policy will restrict certain privileges that may otherwise be * be granted. - * - * While debugging the transition from SUSER_ALLOWJAIL to Jail being - * aware of specific privileges, perform run-time checking that the - * two versions of the policy align. This assertion will go away - * once the SUSER_ALLOWJAIL flag has gone away. */ error = prison_priv_check(cred, priv); -#ifdef NOTYET - KASSERT(!jailed(cred) || error == ((flags & SUSER_ALLOWJAIL) ? 0 : - EPERM), ("priv_check_cred: prison_priv_check %d but flags %s", - error, flags & SUSER_ALLOWJAIL ? "allowjail" : "!allowjail")); -#endif if (error) return (error); -- cgit v1.1