From 10d0d9cf473dc5f0ce1bf263ead445ffe7819154 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Mon, 6 Nov 2006 13:42:10 +0000
Subject: Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
 specific privilege names to a broad range of privileges.  These may require
 some future tweaking.

Sponsored by:           nCircle Network Security, Inc.
Obtained from:          TrustedBSD Project
Discussed on:           arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                        Alex Lyashkov <umka at sevcity dot net>,
                        Skip Ford <skip dot ford at verizon dot net>,
                        Antoine Brodin <antoine dot brodin at laposte dot net>
---
 sys/security/mac_lomac/mac_lomac.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'sys/security/mac_lomac/mac_lomac.c')

diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index 07484d1..7ca6e77 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -48,6 +48,7 @@
 #include <sys/malloc.h>
 #include <sys/mman.h>
 #include <sys/mount.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/sbuf.h>
 #include <sys/systm.h>
@@ -1697,8 +1698,10 @@ mac_lomac_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
 		 * Rely on the traditional superuser status for the LOMAC
 		 * interface relabel requirements.  XXXMAC: This will go
 		 * away.
+		 *
+		 * XXXRW: This is also redundant to a higher layer check.
 		 */
-		error = suser_cred(cred, 0);
+		error = priv_check_cred(cred, PRIV_NET_SETIFMAC, 0);
 		if (error)
 			return (EPERM);
 
-- 
cgit v1.1