From: Michael Neumann Date: Wed, 17 Jun 2009 19:21:36 +0000 (+0200) Subject: priv: Introduce PRIV_VM_RESIDENT and use it X-Git-Tag: v2.3.2~147^2~1 X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/3af2f17173f49e55f60a337ded8b742672119eb5 priv: Introduce PRIV_VM_RESIDENT and use it --- diff --git a/sys/kern/imgact_resident.c b/sys/kern/imgact_resident.c index 6389c0e42b..769f1b291b 100644 --- a/sys/kern/imgact_resident.c +++ b/sys/kern/imgact_resident.c @@ -133,7 +133,7 @@ sysctl_vm_resident(SYSCTL_HANDLER_ARGS) /* only super-user should call this sysctl */ td = req->td; - if ((priv_check(td, PRIV_ROOT)) != 0) + if ((priv_check(td, PRIV_VM_RESIDENT)) != 0) return EPERM; error = count = 0; @@ -185,7 +185,8 @@ exec_resident_imgact(struct image_params *imgp) /* * exec_sys_register(entry) * - * Register ourselves for resident execution. Only root can do this. This + * Register ourselves for resident execution. Only root (i.e. a process with + * PRIV_VM_RESIDENT credentials) can do this. This * will snapshot the vmspace and cause future exec's of the specified binary * to use the snapshot directly rather then load & relocate a new copy. */ @@ -198,7 +199,7 @@ sys_exec_sys_register(struct exec_sys_register_args *uap) int error; p = curproc; - if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, 0)) != 0) + if ((error = priv_check_cred(p->p_ucred, PRIV_VM_RESIDENT, 0)) != 0) return(error); if ((vp = p->p_textvp) == NULL) return(ENOENT); @@ -238,7 +239,7 @@ sys_exec_sys_unregister(struct exec_sys_unregister_args *uap) int count; p = curproc; - if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, 0)) != 0) + if ((error = priv_check_cred(p->p_ucred, PRIV_VM_RESIDENT, 0)) != 0) return(error); /* diff --git a/sys/sys/priv.h b/sys/sys/priv.h index 1d194415f2..128d9d5843 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -286,6 +286,7 @@ #define PRIV_VM_MADV_PROTECT 360 /* Can set MADV_PROTECT. */ #define PRIV_VM_MLOCK 361 /* Can mlock(), mlockall(). */ #define PRIV_VM_MUNLOCK 362 /* Can munlock(), munlockall(). */ +#define PRIV_VM_RESIDENT 363 /* Can use resident(8) */ /* * Device file system privileges.