o Further clarify comment: ad Udo's request, re-insert the 'if'

refering to securelevels; also, update the unprivileged process text to better indicate the scope of actions permittable when any system flags are already set (limited). Submitted by: Udo Schweigert <udo.schweigert@siemens.com>
2001-09-25 12:02:44 +00:00 · 2001-09-25 12:02:44 +00:00 · 07802b14d0
commit 07802b14d0
parent b6d95abd08
1 changed files with 4 additions and 3 deletions
--- a/sys/ufs/ufs/ufs_vnops.c
+++ b/sys/ufs/ufs/ufs_vnops.c
@ -482,9 +482,10 @@ ufs_setattr(ap)
 			return (error);
 		/*
 		 * Unprivileged processes and privileged processes in
-		 * jail() are not permitted to set system flags.
-		 * Privileged non-jail processes may not set system flags
-		 * securelevel > 0.
+		 * jail() are not permitted to unset system flags, or
+		 * modify flags if any system flags are set.
+		 * Privileged non-jail processes may not modify system flags
+		 * if securelevel > 0 and any existing system flags are set.
 		 */
 		if (!suser_xxx(cred, NULL, 0)) {
 			if ((ip->i_flags