From 63a4c7f5226e69853f4c0d15a1c6d0e35ea5523e Mon Sep 17 00:00:00 2001
From: ed <ed@FreeBSD.org>
Date: Sat, 20 Jun 2009 14:50:32 +0000
Subject: Improve nested jail awareness of devfs by handling credentials.

Now that we start to use credentials on character devices more often
(because of MPSAFE TTY), move the prison-checks that are in place in the
TTY code into devfs.

Instead of strictly comparing the prisons, use the more common
prison_check() function to compare credentials. This means that
pseudo-terminals are only visible in devfs by processes within the same
jail and parent jails.

Even though regular users in parent jails can now interact with
pseudo-terminals from child jails, this seems to be the right approach.
These processes are also capable of interacting with the jailed
processes anyway, through signals for example.

Reviewed by:	kib, rwatson (older version)
---
 sys/kern/tty.c | 7 -------
 1 file changed, 7 deletions(-)

(limited to 'sys/kern/tty.c')

diff --git a/sys/kern/tty.c b/sys/kern/tty.c
index 2603cac..61c8785 100644
--- a/sys/kern/tty.c
+++ b/sys/kern/tty.c
@@ -219,13 +219,6 @@ ttydev_open(struct cdev *dev, int oflags, int devtype, struct thread *td)
 	struct tty *tp = dev->si_drv1;
 	int error = 0;
 
-	/* Disallow access when the TTY belongs to a different prison. */
-	if (dev->si_cred != NULL &&
-	    dev->si_cred->cr_prison != td->td_ucred->cr_prison &&
-	    priv_check(td, PRIV_TTY_PRISON)) {
-		return (EPERM);
-	}
-
 	tty_lock(tp);
 	if (tty_gone(tp)) {
 		/* Device is already gone. */
-- 
cgit v1.1