priv: Introduce and use PRIV_VFS_CHMOD
authorMichael Neumann <mneumann@ntecs.de>
Sun, 12 Jul 2009 15:44:23 +0000 (17:44 +0200)
committerMichael Neumann <mneumann@ntecs.de>
Sun, 12 Jul 2009 15:44:23 +0000 (17:44 +0200)
sys/kern/kern_jail.c
sys/kern/vfs_helper.c
sys/sys/priv.h

index a89fb9c..03d0115 100644 (file)
@@ -682,6 +682,7 @@ prison_priv_check(struct ucred *cred, int priv)
 
        case PRIV_VFS_SYSFLAGS:
        case PRIV_VFS_CHOWN:
+       case PRIV_VFS_CHMOD:
        case PRIV_VFS_CHROOT:
        case PRIV_VFS_MKNOD_BAD:
        case PRIV_VFS_MKNOD_WHT:
index 74e8605..9a1808d 100644 (file)
@@ -221,7 +221,7 @@ vop_helper_chmod(struct vnode *vp, mode_t new_mode, struct ucred *cred,
        }
 
        if (cred->cr_uid != cur_uid) {
-               error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
+               error = priv_check_cred(cred, PRIV_VFS_CHMOD, 0);
                if (error)
                        return (error);
        }
index b2ca0b1..56fdd4c 100644 (file)
 
 #define        PRIV_VFS_MKNOD_DIR      345     /* Can mknod() to create special */
                                        /* directories for HAMMER. */
+#define        PRIV_VFS_CHMOD          346     /* Can chmod() if not owner */
 
 /*
  * Virtual memory privileges.