priv: Define and use PRIV_HAMMER_IOCTL
authorMichael Neumann <mneumann@ntecs.de>
Sun, 12 Jul 2009 21:48:14 +0000 (23:48 +0200)
committerMichael Neumann <mneumann@ntecs.de>
Sun, 12 Jul 2009 21:48:14 +0000 (23:48 +0200)
sys/kern/kern_jail.c
sys/sys/priv.h
sys/vfs/hammer/hammer_ioctl.c

index 2696094..d2369ff 100644 (file)
@@ -728,6 +728,9 @@ prison_priv_check(struct ucred *cred, int priv)
                else
                        return (EPERM);
 
+       case PRIV_HAMMER_IOCTL:
+               return (0);
+
        default:
 
                return (EPERM);
index 382c730..3e4e7cb 100644 (file)
 #define PRIV_CPUCTL_WRMSR      640     /* Write model-specific register. */
 #define PRIV_CPUCTL_UPDATE     641     /* Update cpu microcode. */
 
+/*
+ * Hammer privileges.
+ */
+#define PRIV_HAMMER_IOCTL      650     /* can hammer_ioctl(). */
+
 /*
  * Track end of privilege list.
  */
-#define        _PRIV_HIGHEST           642
+#define        _PRIV_HIGHEST           651
 
 /*
  * Validate that a named privilege is known by the privilege system.  Invalid
index 9e12382..91ef547 100644 (file)
@@ -58,7 +58,7 @@ hammer_ioctl(hammer_inode_t ip, u_long com, caddr_t data, int fflag,
        struct hammer_transaction trans;
        int error;
 
-       error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
+       error = priv_check_cred(cred, PRIV_HAMMER_IOCTL, 0);
 
        hammer_start_transaction(&trans, ip->hmp);