priv: Narrow down privileges; new PRIV_JAIL_CREATE
authorMichael Neumann <mneumann@ntecs.de>
Wed, 17 Jun 2009 20:25:43 +0000 (22:25 +0200)
committerMichael Neumann <mneumann@ntecs.de>
Wed, 17 Jun 2009 20:25:43 +0000 (22:25 +0200)
sys/kern/kern_jail.c
sys/sys/priv.h

index 15e9456..ef56764 100644 (file)
@@ -203,7 +203,7 @@ sys_jail(struct jail_args *uap)
 
        uap->sysmsg_result = -1;
 
-       error = priv_check(td, PRIV_ROOT);
+       error = priv_check(td, PRIV_JAIL_CREATE);
        if (error)
                return (error);
 
@@ -294,7 +294,7 @@ sys_jail_attach(struct jail_attach_args *uap)
        struct thread *td = curthread;
        int error;
 
-       error = priv_check(td, PRIV_ROOT);
+       error = priv_check(td, PRIV_JAIL_ATTACH);
        if (error)
                return(error);
 
index 128d9d5..df5a972 100644 (file)
  * Jail privileges.
  */
 #define        PRIV_JAIL_ATTACH        110     /* Attach to a jail. */
+#define PRIV_JAIL_CREATE        111     /* Create a jail. */
 
 /*
  * Kernel environment priveleges.