priv: Use PRIV_VFS_CHFLAGS_DEV
[dragonfly.git] / sys / kern / kern_jail.c
index ef56764..bde34e7 100644 (file)
@@ -659,3 +659,46 @@ prison_free(struct prison *pr)
        cache_drop(&pr->pr_root);
        kfree(pr, M_PRISON);
 }
+
+/*
+ * Check if permisson for a specific privilege is granted within jail.
+ */
+int
+prison_priv_check(struct ucred *cred, int priv)
+{
+       if (!jailed(cred))
+               return (0);
+
+       switch (priv) {
+       case PRIV_CRED_SETUID:
+       case PRIV_CRED_SETEUID:
+       case PRIV_CRED_SETGID:
+       case PRIV_CRED_SETEGID:
+       case PRIV_CRED_SETGROUPS:
+       case PRIV_CRED_SETREUID:
+       case PRIV_CRED_SETREGID:
+       case PRIV_CRED_SETRESUID:
+       case PRIV_CRED_SETRESGID:
+
+       case PRIV_VFS_SYSFLAGS:
+       case PRIV_VFS_CHOWN:
+       case PRIV_VFS_CHMOD:
+       case PRIV_VFS_CHROOT:
+       case PRIV_VFS_LINK:
+       case PRIV_VFS_CHFLAGS_DEV:
+       case PRIV_VFS_MKNOD_BAD:
+       case PRIV_VFS_MKNOD_WHT:
+       case PRIV_VFS_MKNOD_DIR:
+
+       case PRIV_PROC_SETRLIMIT:
+       case PRIV_PROC_SETLOGIN:
+
+       case PRIV_SYSCTL_WRITEJAIL:
+
+               return (0);
+
+       default:
+
+               return (EPERM);
+       }
+}