projects / dragonfly.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (parent: 47fac36)
priv: Use PRIV_VFS_LINK
authorMichael Neumann <mneumann@ntecs.de>
Sun, 12 Jul 2009 15:53:06 +0000 (17:53 +0200)
committerMichael Neumann <mneumann@ntecs.de>
Sun, 12 Jul 2009 15:53:06 +0000 (17:53 +0200)
sys/kern/kern_jail.c patch | blob | blame | history
sys/kern/vfs_syscalls.c patch | blob | blame | history
sys/sys/priv.h patch | blob | blame | history

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 03d0115..74eeb09 100644 (file)
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -684,6 +684,7 @@ prison_priv_check(struct ucred *cred, int priv)
        case PRIV_VFS_CHOWN:
        case PRIV_VFS_CHMOD:
        case PRIV_VFS_CHROOT:
+       case PRIV_VFS_LINK:
        case PRIV_VFS_MKNOD_BAD:
        case PRIV_VFS_MKNOD_WHT:
        case PRIV_VFS_MKNOD_DIR:
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 0ed5a2b..954e90a 100644 (file)
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1996,9 +1996,9 @@ can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
                return (0);
 
        /*
-        * root cred can always hardlink
+        * Privileged user can always hardlink
         */
-       if (priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT) == 0)
+       if (priv_check_cred(cred, PRIV_VFS_LINK, 0) == 0)
                return (0);
 
        /*
diff --git a/sys/sys/priv.h b/sys/sys/priv.h
index 56fdd4c..9847ad5 100644 (file)
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@@ -264,7 +264,7 @@
 #define        PRIV_VFS_GENERATION     326     /* stat() returns generation number. */
 #define        PRIV_VFS_GETFH          327     /* Can retrieve file handles. */
 #define        PRIV_VFS_GETQUOTA       328     /* getquota(). */
-#define        PRIV_VFS_LINK           329     /* bsd.hardlink_check_uid */
+#define        PRIV_VFS_LINK           329     /* security.hardlink_check_uid */
 #define        PRIV_VFS_MKNOD_BAD      330     /* Can mknod() to mark bad inodes. */
 #define        PRIV_VFS_MKNOD_DEV      331     /* Can mknod() to create dev nodes. */
 #define        PRIV_VFS_MKNOD_WHT      332     /* Can mknod() to create whiteout. */
DragonFly Project GIT Source repo