From 1b6db7be47bf83cfbfa0049e438c9d5687f26563 Mon Sep 17 00:00:00 2001
From: Michael Neumann <mneumann@ntecs.de>
Date: Mon, 13 Jul 2009 00:38:20 +0200
Subject: [PATCH] priv: Finally get completely rid of PRISON_ROOT flag.

This means that from now on, what is allowed within a jail
is purely defined in function prison_priv_check().
---
 sys/kern/kern_prot.c | 9 +++------
 sys/sys/proc.h       | 2 ++
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index d7a3f3685a..8d059dac8e 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -884,12 +884,9 @@ priv_check_cred(struct ucred *cred, int priv, int flags)
 	if (cred->cr_uid != 0) 
 		return (EPERM);
 
-	if (jailed(cred) && !(flags & PRISON_ROOT))
-	{
-		error = prison_priv_check(cred, priv);
-		if (error)
-			return (error);
-	}
+	error = prison_priv_check(cred, priv);
+	if (error)
+		return (error);
 
 	/* NOTE: accounting for suser access (p_acflag/ASU) removed */
 	return (0);
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index 100f0d458a..c4c9af06ba 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -408,7 +408,9 @@ MALLOC_DECLARE(M_PARGS);
 #endif
 
 /* flags for suser_xxx() */
+#if 0
 #define PRISON_ROOT	0x1
+#endif
 #define	NULL_CRED_OKAY	0x2
 
 /* Handy macro to determine if p1 can mangle p2 */
-- 
2.41.0