priv: Use PRIV_VFS_CHFLAGS_DEV

author Michael Neumann <mneumann@ntecs.de>

Sun, 12 Jul 2009 15:59:42 +0000 (17:59 +0200)

committer Michael Neumann <mneumann@ntecs.de>

Sun, 12 Jul 2009 15:59:42 +0000 (17:59 +0200)
author Michael Neumann <mneumann@ntecs.de>
Sun, 12 Jul 2009 15:59:42 +0000 (17:59 +0200)
committer Michael Neumann <mneumann@ntecs.de>
Sun, 12 Jul 2009 15:59:42 +0000 (17:59 +0200)
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c

index 74eeb09..bde34e7 100644 (file)
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -685,6 +685,7 @@ prison_priv_check(struct ucred *cred, int priv)
        case PRIV_VFS_CHMOD:
        case PRIV_VFS_CHROOT:
        case PRIV_VFS_LINK:
+       case PRIV_VFS_CHFLAGS_DEV:
        case PRIV_VFS_MKNOD_BAD:
        case PRIV_VFS_MKNOD_WHT:
        case PRIV_VFS_MKNOD_DIR:
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c

index 954e90a..ede5d73 100644 (file)
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -2537,7 +2537,7 @@ setfflags(struct vnode *vp, int flags)
         * chown can't fail when done as root.
         */
        if ((vp->v_type == VCHR || vp->v_type == VBLK) && 
-           ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT)) != 0))
+           ((error = priv_check_cred(p->p_ucred, PRIV_VFS_CHFLAGS_DEV, 0)) != 0))
                return (error);
 
        /*
author	Michael Neumann <mneumann@ntecs.de>
	Sun, 12 Jul 2009 15:59:42 +0000 (17:59 +0200)
committer	Michael Neumann <mneumann@ntecs.de>
	Sun, 12 Jul 2009 15:59:42 +0000 (17:59 +0200)
sys/kern/kern_jail.c		patch \| blob \| blame \| history
sys/kern/vfs_syscalls.c		patch \| blob \| blame \| history