case PRIV_VFS_MKNOD_BAD:
case PRIV_VFS_MKNOD_WHT:
case PRIV_VFS_MKNOD_DIR:
+ case PRIV_VFS_SETATTR:
case PRIV_PROC_SETRLIMIT:
case PRIV_PROC_SETLOGIN:
/* directories for HAMMER. */
#define PRIV_VFS_CHMOD 346 /* Can chmod() if not owner */
#define PRIV_VFS_REVOKE 347 /* Can revoke() if not owner */
+#define PRIV_VFS_SETATTR 348 /* Can xxx_setattr() if not owner */
/*
* Virtual memory privileges.
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
- (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)))
return (error);
/*
* Note that a root chflags becomes a user chflags when
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
- (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
+ (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, cred))))
return (error);
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != hp->h_uid &&
- (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
+ (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, cred))))
return (error);
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid &&
- (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)))
return (error);
/*
* We are very inconsistent about handling unsupported
gid = pmp->pm_gid;
if ((cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
(gid != pmp->pm_gid && !groupmember(gid, cred))) &&
- (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)))
return error;
if (uid != pmp->pm_uid || gid != pmp->pm_gid)
return EINVAL;
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid &&
- (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
+ (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(ap->a_vp, VWRITE, cred))))
return (error);
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid &&
- (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)))
return (error);
if (vp->v_type != VDIR) {
/* We ignore the read and execute bits. */
atime = &vap->va_atime;
if (mtime != atime) {
if (ap->a_cred->cr_uid != VTOSMBFS(vp)->sm_args.uid &&
- (error = priv_check_cred(ap->a_cred, PRIV_ROOT, PRISON_ROOT)) &&
+ (error = priv_check_cred(ap->a_cred, PRIV_VFS_SETATTR, 0)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, ap->a_cred))))
return (error);
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
- (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)))
return (error);
/*
* Note that a root chflags becomes a user chflags when
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
- (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
+ (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, cred))))
return (error);
projects / dragonfly.git / commitdiff