Rename suser_cred()'s PRISON_ROOT flag to SUSER_ALLOWJAIL. This is

somewhat clearer, but more importantly allows for a consistent naming
scheme for suser_cred flags.

The old name is still defined, but will be removed in a few days (unless I
hear any complaints...)

Discussed with:	rwatson, scottl
Requested by:	jhb

share/man/man9/suser.9

@@ -72,7 +72,7 @@ been imprisoned by the
 system call.
 There are cases however where this is appropriate, and this can
 be done by passing
-.Dv PRISON_ROOT
+.Dv SUSER_ALLOWJAIL
 in the
 .Fa flag
 argument to the

sys/alpha/osf1/osf1_misc.c

@@ -1048,7 +1048,7 @@ osf1_setuid(td, uap)
 	PROC_LOCK(p);
 	oldcred = p->p_ucred;
 
-	if ((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0 &&
+	if ((error = suser_cred(p->p_ucred, SUSER_ALLOWJAIL)) != 0 &&
 	    uid != oldcred->cr_ruid && uid != oldcred->cr_svuid) {
 		PROC_UNLOCK(p);
 		uifree(uip);
@@ -1102,7 +1102,7 @@ osf1_setgid(td, uap)
 	PROC_LOCK(p);
 	oldcred = p->p_ucred;
 
-	if (((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0 ) &&
+	if (((error = suser_cred(p->p_ucred, SUSER_ALLOWJAIL)) != 0 ) &&
 	    gid != oldcred->cr_rgid && gid != oldcred->cr_svgid) {
 		PROC_UNLOCK(p);
 		crfree(newcred);

sys/compat/linux/linux_misc.c

@@ -998,7 +998,7 @@ linux_setgroups(struct thread *td, struct linux_setgroups_args *args)
 	 * Keep cr_groups[0] unchanged to prevent that.
 	 */
 
-	if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+	if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
 		PROC_UNLOCK(p);
 		crfree(newcred);
 		return (error);

sys/compat/linux/linux_uid16.c

@@ -116,7 +116,7 @@ linux_setgroups16(struct thread *td, struct linux_setgroups16_args *args)
 	 * Keep cr_groups[0] unchanged to prevent that.
 	 */
 
-	if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+	if ((error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
 		PROC_UNLOCK(p);
 		crfree(newcred);
 		return (error);

sys/fs/devfs/devfs_vnops.c

@@ -766,7 +766,7 @@ devfs_setattr(ap)
 	if (uid != de->de_uid || gid != de->de_gid) {
 		if (((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid ||
 		    (gid != de->de_gid && !groupmember(gid, ap->a_cred))) &&
-		    (error = suser_cred(ap->a_td->td_ucred, PRISON_ROOT)) != 0)
+		    (error = suser_cred(ap->a_td->td_ucred, SUSER_ALLOWJAIL)) != 0)
 			return (error);
 		de->de_uid = uid;
 		de->de_gid = gid;
@@ -775,7 +775,7 @@ devfs_setattr(ap)
 
 	if (vap->va_mode != (mode_t)VNOVAL) {
 		if ((ap->a_cred->cr_uid != de->de_uid) &&
-		    (error = suser_cred(ap->a_td->td_ucred, PRISON_ROOT)))
+		    (error = suser_cred(ap->a_td->td_ucred, SUSER_ALLOWJAIL)))
 			return (error);
 		de->de_mode = vap->va_mode;
 		c = 1;

sys/fs/hpfs/hpfs_vnops.c

@@ -501,7 +501,7 @@ hpfs_setattr(ap)
 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
 			return (EROFS);
 		if (cred->cr_uid != hp->h_uid &&
-		    (error = suser_cred(cred, PRISON_ROOT)) &&
+		    (error = suser_cred(cred, SUSER_ALLOWJAIL)) &&
 		    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
 		    (error = VOP_ACCESS(vp, VWRITE, cred, td))))
 			return (error);

sys/fs/msdosfs/msdosfs_vnops.c

@@ -387,7 +387,7 @@ msdosfs_setattr(ap)
 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
 			return (EROFS);
 		if (cred->cr_uid != pmp->pm_uid &&
-		    (error = suser_cred(cred, PRISON_ROOT)))
+		    (error = suser_cred(cred, SUSER_ALLOWJAIL)))
 			return (error);
 		/*
 		 * We are very inconsistent about handling unsupported
@@ -401,7 +401,7 @@ msdosfs_setattr(ap)
 		 * set ATTR_ARCHIVE for directories `cp -pr' from a more
 		 * sensible filesystem attempts it a lot.
 		 */
-		if (suser_cred(cred, PRISON_ROOT)) {
+		if (suser_cred(cred, SUSER_ALLOWJAIL)) {
 			if (vap->va_flags & SF_SETTABLE)
 				return EPERM;
 		}
@@ -428,7 +428,7 @@ msdosfs_setattr(ap)
 			gid = pmp->pm_gid;
 		if ((cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
 		    (gid != pmp->pm_gid && !groupmember(gid, cred))) &&
-		    (error = suser_cred(cred, PRISON_ROOT)))
+		    (error = suser_cred(cred, SUSER_ALLOWJAIL)))
 			return error;
 		if (uid != pmp->pm_uid || gid != pmp->pm_gid)
 			return EINVAL;
@@ -460,7 +460,7 @@ msdosfs_setattr(ap)
 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
 			return (EROFS);
 		if (cred->cr_uid != pmp->pm_uid &&
-		    (error = suser_cred(cred, PRISON_ROOT)) &&
+		    (error = suser_cred(cred, SUSER_ALLOWJAIL)) &&
 		    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
 		    (error = VOP_ACCESS(ap->a_vp, VWRITE, cred, ap->a_td))))
 			return (error);
@@ -489,7 +489,7 @@ msdosfs_setattr(ap)
 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
 			return (EROFS);
 		if (cred->cr_uid != pmp->pm_uid &&
-		    (error = suser_cred(cred, PRISON_ROOT)))
+		    (error = suser_cred(cred, SUSER_ALLOWJAIL)))
 			return (error);
 		if (vp->v_type != VDIR) {
 			/* We ignore the read and execute bits. */

sys/fs/smbfs/smbfs_vnops.c

@@ -371,7 +371,7 @@ smbfs_setattr(ap)
 		atime = &vap->va_atime;
 	if (mtime != atime) {
 		if (ap->a_cred->cr_uid != VTOSMBFS(vp)->sm_args.uid &&
-		    (error = suser_cred(ap->a_cred, PRISON_ROOT)) &&
+		    (error = suser_cred(ap->a_cred, SUSER_ALLOWJAIL)) &&
 		    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
 		    (error = VOP_ACCESS(vp, VWRITE, ap->a_cred, ap->a_td))))
 			return (error);

sys/gnu/ext2fs/ext2_vnops.c

@@ -480,7 +480,7 @@ ext2_setattr(ap)
 		 * Privileged non-jail processes may not modify system flags
 		 * if securelevel > 0 and any existing system flags are set.
 		 */
-		if (!suser_cred(cred, PRISON_ROOT)) {
+		if (!suser_cred(cred, SUSER_ALLOWJAIL)) {
 			if (ip->i_flags
 			    & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
 				error = securelevel_gt(cred, 0);
@@ -599,7 +599,7 @@ ext2_chmod(vp, mode, cred, td)
 	 * as well as set the setgid bit on a file with a group that the
 	 * process is not a member of.
 	 */
-	if (suser_cred(cred, PRISON_ROOT)) {
+	if (suser_cred(cred, SUSER_ALLOWJAIL)) {
 		if (vp->v_type != VDIR && (mode & S_ISTXT))
 			return (EFTYPE);
 		if (!groupmember(ip->i_gid, cred) && (mode & ISGID))
@@ -645,14 +645,14 @@ ext2_chown(vp, uid, gid, cred, td)
 	 */
 	if ((uid != ip->i_uid || 
 	    (gid != ip->i_gid && !groupmember(gid, cred))) &&
-	    (error = suser_cred(cred, PRISON_ROOT)))
+	    (error = suser_cred(cred, SUSER_ALLOWJAIL)))
 		return (error);
 	ogid = ip->i_gid;
 	ouid = ip->i_uid;
 	ip->i_gid = gid;
 	ip->i_uid = uid;
 	ip->i_flag |= IN_CHANGE;
-	if (suser_cred(cred, PRISON_ROOT) && (ouid != uid || ogid != gid))
+	if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid))
 		ip->i_mode &= ~(ISUID | ISGID);
 	return (0);
 }
@@ -1829,7 +1829,7 @@ ext2_makeinode(mode, dvp, vpp, cnp)
 	tvp->v_type = IFTOVT(mode);	/* Rest init'd in getnewvnode(). */
 	ip->i_nlink = 1;
 	if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
-	    suser_cred(cnp->cn_cred, PRISON_ROOT))
+	    suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL))
 		ip->i_mode &= ~ISGID;
 
 	if (cnp->cn_flags & ISWHITEOUT)

sys/gnu/fs/ext2fs/ext2_vnops.c

@@ -480,7 +480,7 @@ ext2_setattr(ap)
 		 * Privileged non-jail processes may not modify system flags
 		 * if securelevel > 0 and any existing system flags are set.
 		 */
-		if (!suser_cred(cred, PRISON_ROOT)) {
+		if (!suser_cred(cred, SUSER_ALLOWJAIL)) {
 			if (ip->i_flags
 			    & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
 				error = securelevel_gt(cred, 0);
@@ -599,7 +599,7 @@ ext2_chmod(vp, mode, cred, td)
 	 * as well as set the setgid bit on a file with a group that the
 	 * process is not a member of.
 	 */
-	if (suser_cred(cred, PRISON_ROOT)) {
+	if (suser_cred(cred, SUSER_ALLOWJAIL)) {
 		if (vp->v_type != VDIR && (mode & S_ISTXT))
 			return (EFTYPE);
 		if (!groupmember(ip->i_gid, cred) && (mode & ISGID))
@@ -645,14 +645,14 @@ ext2_chown(vp, uid, gid, cred, td)
 	 */
 	if ((uid != ip->i_uid || 
 	    (gid != ip->i_gid && !groupmember(gid, cred))) &&
-	    (error = suser_cred(cred, PRISON_ROOT)))
+	    (error = suser_cred(cred, SUSER_ALLOWJAIL)))
 		return (error);
 	ogid = ip->i_gid;
 	ouid = ip->i_uid;
 	ip->i_gid = gid;
 	ip->i_uid = uid;
 	ip->i_flag |= IN_CHANGE;
-	if (suser_cred(cred, PRISON_ROOT) && (ouid != uid || ogid != gid))
+	if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid))
 		ip->i_mode &= ~(ISUID | ISGID);
 	return (0);
 }
@@ -1829,7 +1829,7 @@ ext2_makeinode(mode, dvp, vpp, cnp)
 	tvp->v_type = IFTOVT(mode);	/* Rest init'd in getnewvnode(). */
 	ip->i_nlink = 1;
 	if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
-	    suser_cred(cnp->cn_cred, PRISON_ROOT))
+	    suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL))
 		ip->i_mode &= ~ISGID;
 
 	if (cnp->cn_flags & ISWHITEOUT)

sys/kern/kern_acl.c

@@ -92,7 +92,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
 	 * a DAC entry that matches but has failed to allow access.
 	 */
 #ifndef CAPABILITIES
-	if (suser_cred(cred, PRISON_ROOT) == 0)
+	if (suser_cred(cred, SUSER_ALLOWJAIL) == 0)
 		cap_granted = VALLPERM;
 	else
 		cap_granted = 0;
@@ -101,24 +101,24 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
 
 	if (type == VDIR) {
 		if ((acc_mode & VEXEC) && !cap_check(cred, NULL,
-		     CAP_DAC_READ_SEARCH, PRISON_ROOT))
+		     CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL))
 			cap_granted |= VEXEC;
 	} else {
 		if ((acc_mode & VEXEC) && !cap_check(cred, NULL,
-		    CAP_DAC_EXECUTE, PRISON_ROOT))
+		    CAP_DAC_EXECUTE, SUSER_ALLOWJAIL))
 			cap_granted |= VEXEC;
 	}
 
 	if ((acc_mode & VREAD) && !cap_check(cred, NULL, CAP_DAC_READ_SEARCH,
-	    PRISON_ROOT))
+	    SUSER_ALLOWJAIL))
 		cap_granted |= VREAD;
 
 	if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) &&
-	    !cap_check(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT))
+	    !cap_check(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL))
 		cap_granted |= (VWRITE | VAPPEND);
 
 	if ((acc_mode & VADMIN) && !cap_check(cred, NULL, CAP_FOWNER,
-	    PRISON_ROOT))
+	    SUSER_ALLOWJAIL))
 		cap_granted |= VADMIN;
 #endif /* CAPABILITIES */
 

sys/kern/kern_exec.c

@@ -536,7 +536,7 @@ kern_execve(td, fname, argv, envv, mac_p)
 		 */
 		setsugid(p);
 #ifdef KTRACE
-		if (p->p_tracevp != NULL && suser_cred(oldcred, PRISON_ROOT)) {
+		if (p->p_tracevp != NULL && suser_cred(oldcred, SUSER_ALLOWJAIL)) {
 			mtx_lock(&ktrace_mtx);
 			p->p_traceflag = 0;
 			tracevp = p->p_tracevp;

sys/kern/kern_ktrace.c

@@ -895,7 +895,7 @@ ktrcanset(td, targetp)
 
 	PROC_LOCK_ASSERT(targetp, MA_OWNED);
 	if (targetp->p_traceflag & KTRFAC_ROOT &&
-	    suser_cred(td->td_ucred, PRISON_ROOT))
+	    suser_cred(td->td_ucred, SUSER_ALLOWJAIL))
 		return (0);
 
 	if (p_candebug(td, targetp) != 0)

sys/kern/kern_prot.c

@@ -524,7 +524,7 @@ setuid(struct thread *td, struct setuid_args *uap)
 #ifdef POSIX_APPENDIX_B_4_2_2	/* Use BSD-compat clause from B.4.2.2 */
 	    uid != oldcred->cr_uid &&		/* allow setuid(geteuid()) */
 #endif
-	    (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+	    (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
 		PROC_UNLOCK(p);
 		uifree(uip);
 		crfree(newcred);
@@ -544,7 +544,7 @@ setuid(struct thread *td, struct setuid_args *uap)
 #ifdef POSIX_APPENDIX_B_4_2_2	/* Use the clause from B.4.2.2 */
 	    uid == oldcred->cr_uid ||
 #endif
-	    suser_cred(oldcred, PRISON_ROOT) == 0) /* we are using privs */
+	    suser_cred(oldcred, SUSER_ALLOWJAIL) == 0) /* we are using privs */
 #endif
 	{
 		/*
@@ -606,7 +606,7 @@ seteuid(struct thread *td, struct seteuid_args *uap)
 	oldcred = p->p_ucred;
 	if (euid != oldcred->cr_ruid &&		/* allow seteuid(getuid()) */
 	    euid != oldcred->cr_svuid &&	/* allow seteuid(saved uid) */
-	    (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+	    (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
 		PROC_UNLOCK(p);
 		uifree(euip);
 		crfree(newcred);
@@ -668,7 +668,7 @@ setgid(struct thread *td, struct setgid_args *uap)
 #ifdef POSIX_APPENDIX_B_4_2_2	/* Use BSD-compat clause from B.4.2.2 */
 	    gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
 #endif
-	    (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+	    (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
 		PROC_UNLOCK(p);
 		crfree(newcred);
 		return (error);
@@ -684,7 +684,7 @@ setgid(struct thread *td, struct setgid_args *uap)
 #ifdef POSIX_APPENDIX_B_4_2_2	/* use the clause from B.4.2.2 */
 	    gid == oldcred->cr_groups[0] ||
 #endif
-	    suser_cred(oldcred, PRISON_ROOT) == 0) /* we are using privs */
+	    suser_cred(oldcred, SUSER_ALLOWJAIL) == 0) /* we are using privs */
 #endif
 	{
 		/*
@@ -743,7 +743,7 @@ setegid(struct thread *td, struct setegid_args *uap)
 	oldcred = p->p_ucred;
 	if (egid != oldcred->cr_rgid &&		/* allow setegid(getgid()) */
 	    egid != oldcred->cr_svgid &&	/* allow setegid(saved gid) */
-	    (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+	    (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
 		PROC_UNLOCK(p);
 		crfree(newcred);
 		return (error);
@@ -789,7 +789,7 @@ setgroups(struct thread *td, struct setgroups_args *uap)
 	newcred = crget();
 	PROC_LOCK(p);
 	oldcred = p->p_ucred;
-	error = suser_cred(oldcred, PRISON_ROOT);
+	error = suser_cred(oldcred, SUSER_ALLOWJAIL);
 	if (error) {
 		PROC_UNLOCK(p);
 		crfree(newcred);
@@ -853,7 +853,7 @@ setreuid(register struct thread *td, struct setreuid_args *uap)
 	      ruid != oldcred->cr_svuid) ||
 	     (euid != (uid_t)-1 && euid != oldcred->cr_uid &&
 	      euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) &&
-	    (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+	    (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
 		PROC_UNLOCK(p);
 		uifree(ruip);
 		uifree(euip);
@@ -909,7 +909,7 @@ setregid(register struct thread *td, struct setregid_args *uap)
 	    rgid != oldcred->cr_svgid) ||
 	     (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
 	     egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
-	    (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+	    (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
 		PROC_UNLOCK(p);
 		crfree(newcred);
 		return (error);
@@ -977,7 +977,7 @@ setresuid(register struct thread *td, struct setresuid_args *uap)
 	     (suid != (uid_t)-1 && suid != oldcred->cr_ruid &&
 	    suid != oldcred->cr_svuid &&
 	      suid != oldcred->cr_uid)) &&
-	    (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+	    (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
 		PROC_UNLOCK(p);
 		uifree(ruip);
 		uifree(euip);
@@ -1045,7 +1045,7 @@ setresgid(register struct thread *td, struct setresgid_args *uap)
 	     (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
 	      sgid != oldcred->cr_svgid &&
 	      sgid != oldcred->cr_groups[0])) &&
-	    (error = suser_cred(oldcred, PRISON_ROOT)) != 0) {
+	    (error = suser_cred(oldcred, SUSER_ALLOWJAIL)) != 0) {
 		PROC_UNLOCK(p);
 		crfree(newcred);
 		return (error);
@@ -1233,7 +1233,7 @@ suser_cred(struct ucred *cred, int flag)
 		return (EPERM);
 	if (((flag & SUSER_RUID) ? cred->cr_ruid : cred->cr_uid) != 0)
 		return (EPERM);
-	if (jailed(cred) && !(flag & PRISON_ROOT))
+	if (jailed(cred) && !(flag & SUSER_ALLOWJAIL))
 		return (EPERM);
 	return (0);
 }
@@ -1324,7 +1324,7 @@ cr_seeotheruids(struct ucred *u1, struct ucred *u2)
 {
 
 	if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) {
-		if (suser_cred(u1, PRISON_ROOT) != 0)
+		if (suser_cred(u1, SUSER_ALLOWJAIL) != 0)
 			return (ESRCH);
 	}
 	return (0);
@@ -1363,7 +1363,7 @@ cr_seeothergids(struct ucred *u1, struct ucred *u2)
 				break;
 		}
 		if (!match) {
-			if (suser_cred(u1, PRISON_ROOT) != 0)
+			if (suser_cred(u1, SUSER_ALLOWJAIL) != 0)
 				return (ESRCH);
 		}
 	}
@@ -1480,7 +1480,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
 			break;
 		default:
 			/* Not permitted without privilege. */
-			error = suser_cred(cred, PRISON_ROOT);
+			error = suser_cred(cred, SUSER_ALLOWJAIL);
 			if (error)
 				return (error);
 		}
@@ -1495,7 +1495,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
 	    cred->cr_uid != proc->p_ucred->cr_ruid &&
 	    cred->cr_uid != proc->p_ucred->cr_svuid) {
 		/* Not permitted without privilege. */
-		error = suser_cred(cred, PRISON_ROOT);
+		error = suser_cred(cred, SUSER_ALLOWJAIL);
 		if (error)
 			return (error);
 	}
@@ -1564,11 +1564,11 @@ p_cansched(struct thread *td, struct proc *p)
 		return (0);
 	if (td->td_ucred->cr_uid == p->p_ucred->cr_ruid)
 		return (0);
-	if (suser_cred(td->td_ucred, PRISON_ROOT) == 0)
+	if (suser_cred(td->td_ucred, SUSER_ALLOWJAIL) == 0)
 		return (0);
 
 #ifdef CAPABILITIES
-	if (!cap_check(NULL, td, CAP_SYS_NICE, PRISON_ROOT))
+	if (!cap_check(NULL, td, CAP_SYS_NICE, SUSER_ALLOWJAIL))
 		return (0);
 #endif
 
@@ -1607,7 +1607,7 @@ p_candebug(struct thread *td, struct proc *p)
 	KASSERT(td == curthread, ("%s: td not curthread", __func__));
 	PROC_LOCK_ASSERT(p, MA_OWNED);
 	if (!unprivileged_proc_debug) {
-		error = suser_cred(td->td_ucred, PRISON_ROOT);
+		error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 		if (error)
 			return (error);
 	}
@@ -1659,7 +1659,7 @@ p_candebug(struct thread *td, struct proc *p)
 	 * require CAP_SYS_PTRACE.
 	 */
 	if (!grpsubset || !uidsubset || credentialchanged) {
-		error = suser_cred(td->td_ucred, PRISON_ROOT);
+		error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 		if (error)
 			return (error);
 	}
@@ -1927,7 +1927,7 @@ setlogin(struct thread *td, struct setlogin_args *uap)
 	int error;
 	char logintmp[MAXLOGNAME];
 
-	error = suser_cred(td->td_ucred, PRISON_ROOT);
+	error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 	if (error)
 		return (error);
 	error = copyinstr(uap->namebuf, logintmp, sizeof(logintmp), NULL);

sys/kern/kern_resource.c

@@ -573,7 +573,7 @@ kern_setrlimit(td, which, limp)
 	alimp = &oldlim->pl_rlimit[which];
 	if (limp->rlim_cur > alimp->rlim_max ||
 	    limp->rlim_max > alimp->rlim_max)
-		if ((error = suser_cred(td->td_ucred, PRISON_ROOT))) {
+		if ((error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL))) {
 			PROC_UNLOCK(p);
 			lim_free(newlim);
 			return (error);

sys/kern/kern_sysctl.c

@@ -1196,7 +1196,7 @@ sysctl_root(SYSCTL_HANDLER_ARGS)
 		int flags;
 
 		if (oid->oid_kind & CTLFLAG_PRISON)
-			flags = PRISON_ROOT;
+			flags = SUSER_ALLOWJAIL;
 		else
 			flags = 0;
 		error = suser_cred(req->td->td_ucred, flags);

sys/kern/kern_xxx.c

@@ -95,7 +95,7 @@ osethostname(td, uap)
 	name[0] = CTL_KERN;
 	name[1] = KERN_HOSTNAME;
 	mtx_lock(&Giant);
-	if ((error = suser_cred(td->td_ucred, PRISON_ROOT)) == 0) {
+	if ((error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL)) == 0) {
 		error = userland_sysctl(td, name, 2, 0, 0, 0,
 		    uap->hostname, uap->len, 0);
 	}

sys/kern/subr_acl_posix1e.c

@@ -92,7 +92,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
 	 * a DAC entry that matches but has failed to allow access.
 	 */
 #ifndef CAPABILITIES
-	if (suser_cred(cred, PRISON_ROOT) == 0)
+	if (suser_cred(cred, SUSER_ALLOWJAIL) == 0)
 		cap_granted = VALLPERM;
 	else
 		cap_granted = 0;
@@ -101,24 +101,24 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
 
 	if (type == VDIR) {
 		if ((acc_mode & VEXEC) && !cap_check(cred, NULL,
-		     CAP_DAC_READ_SEARCH, PRISON_ROOT))
+		     CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL))
 			cap_granted |= VEXEC;
 	} else {
 		if ((acc_mode & VEXEC) && !cap_check(cred, NULL,
-		    CAP_DAC_EXECUTE, PRISON_ROOT))
+		    CAP_DAC_EXECUTE, SUSER_ALLOWJAIL))
 			cap_granted |= VEXEC;
 	}
 
 	if ((acc_mode & VREAD) && !cap_check(cred, NULL, CAP_DAC_READ_SEARCH,
-	    PRISON_ROOT))
+	    SUSER_ALLOWJAIL))
 		cap_granted |= VREAD;
 
 	if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) &&
-	    !cap_check(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT))
+	    !cap_check(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL))
 		cap_granted |= (VWRITE | VAPPEND);
 
 	if ((acc_mode & VADMIN) && !cap_check(cred, NULL, CAP_FOWNER,
-	    PRISON_ROOT))
+	    SUSER_ALLOWJAIL))
 		cap_granted |= VADMIN;
 #endif /* CAPABILITIES */
 

sys/kern/vfs_acl.c

@@ -92,7 +92,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
 	 * a DAC entry that matches but has failed to allow access.
 	 */
 #ifndef CAPABILITIES
-	if (suser_cred(cred, PRISON_ROOT) == 0)
+	if (suser_cred(cred, SUSER_ALLOWJAIL) == 0)
 		cap_granted = VALLPERM;
 	else
 		cap_granted = 0;
@@ -101,24 +101,24 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
 
 	if (type == VDIR) {
 		if ((acc_mode & VEXEC) && !cap_check(cred, NULL,
-		     CAP_DAC_READ_SEARCH, PRISON_ROOT))
+		     CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL))
 			cap_granted |= VEXEC;
 	} else {
 		if ((acc_mode & VEXEC) && !cap_check(cred, NULL,
-		    CAP_DAC_EXECUTE, PRISON_ROOT))
+		    CAP_DAC_EXECUTE, SUSER_ALLOWJAIL))
 			cap_granted |= VEXEC;
 	}
 
 	if ((acc_mode & VREAD) && !cap_check(cred, NULL, CAP_DAC_READ_SEARCH,
-	    PRISON_ROOT))
+	    SUSER_ALLOWJAIL))
 		cap_granted |= VREAD;
 
 	if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) &&
-	    !cap_check(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT))
+	    !cap_check(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL))
 		cap_granted |= (VWRITE | VAPPEND);
 
 	if ((acc_mode & VADMIN) && !cap_check(cred, NULL, CAP_FOWNER,
-	    PRISON_ROOT))
+	    SUSER_ALLOWJAIL))
 		cap_granted |= VADMIN;
 #endif /* CAPABILITIES */
 

sys/kern/vfs_extattr.c

@@ -812,7 +812,7 @@ chroot(td, uap)
 	int error;
 	struct nameidata nd;
 
-	error = suser_cred(td->td_ucred, PRISON_ROOT);
+	error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 	if (error)
 		return (error);
 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, uap->path, td);
@@ -1170,7 +1170,7 @@ kern_mknod(struct thread *td, char *path, enum uio_seg pathseg, int mode,
 		error = suser(td);
 		break;
 	default:
-		error = suser_cred(td->td_ucred, PRISON_ROOT);
+		error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 		break;
 	}
 	if (error)
@@ -1365,7 +1365,7 @@ can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
 	struct vattr va;
 	int error;
 
-	if (suser_cred(cred, PRISON_ROOT) == 0)
+	if (suser_cred(cred, SUSER_ALLOWJAIL) == 0)
 		return (0);
 
 	if (!hardlink_check_uid && !hardlink_check_gid)
@@ -2300,7 +2300,7 @@ setfflags(td, vp, flags)
 	 * chown can't fail when done as root.
 	 */
 	if (vp->v_type == VCHR || vp->v_type == VBLK) {
-		error = suser_cred(td->td_ucred, PRISON_ROOT);
+		error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 		if (error)
 			return (error);
 	}
@@ -3727,7 +3727,7 @@ revoke(td, uap)
 	}
 	VOP_UNLOCK(vp, 0, td);
 	if (td->td_ucred->cr_uid != vattr.va_uid) {
-		error = suser_cred(td->td_ucred, PRISON_ROOT);
+		error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 		if (error)
 			goto out;
 	}

sys/kern/vfs_subr.c

@@ -3663,7 +3663,7 @@ vaccess(type, file_mode, file_uid, file_gid, acc_mode, cred, privused)
 		return (0);
 
 privcheck:
-	if (!suser_cred(cred, PRISON_ROOT)) {
+	if (!suser_cred(cred, SUSER_ALLOWJAIL)) {
 		/* XXX audit: privilege used */
 		if (privused != NULL)
 			*privused = 1;
@@ -3686,24 +3686,24 @@ vaccess(type, file_mode, file_uid, file_gid, acc_mode, cred, privused)
 		 * VEXEC requests, instead of CAP_DAC_EXECUTE.
 		 */
 		if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
-		    !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, PRISON_ROOT))
+		    !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL))
 			cap_granted |= VEXEC;
 	} else {
 		if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
-		    !cap_check(cred, NULL, CAP_DAC_EXECUTE, PRISON_ROOT))
+		    !cap_check(cred, NULL, CAP_DAC_EXECUTE, SUSER_ALLOWJAIL))
 			cap_granted |= VEXEC;
 	}
 
 	if ((acc_mode & VREAD) && ((dac_granted & VREAD) == 0) &&
-	    !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, PRISON_ROOT))
+	    !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL))
 		cap_granted |= VREAD;
 
 	if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
-	    !cap_check(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT))
+	    !cap_check(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL))
 		cap_granted |= (VWRITE | VAPPEND);
 
 	if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
-	    !cap_check(cred, NULL, CAP_FOWNER, PRISON_ROOT))
+	    !cap_check(cred, NULL, CAP_FOWNER, SUSER_ALLOWJAIL))
 		cap_granted |= VADMIN;
 
 	if ((acc_mode & (cap_granted | dac_granted)) == acc_mode) {

sys/kern/vfs_syscalls.c

@@ -812,7 +812,7 @@ chroot(td, uap)
 	int error;
 	struct nameidata nd;
 
-	error = suser_cred(td->td_ucred, PRISON_ROOT);
+	error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 	if (error)
 		return (error);
 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, uap->path, td);
@@ -1170,7 +1170,7 @@ kern_mknod(struct thread *td, char *path, enum uio_seg pathseg, int mode,
 		error = suser(td);
 		break;
 	default:
-		error = suser_cred(td->td_ucred, PRISON_ROOT);
+		error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 		break;
 	}
 	if (error)
@@ -1365,7 +1365,7 @@ can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
 	struct vattr va;
 	int error;
 
-	if (suser_cred(cred, PRISON_ROOT) == 0)
+	if (suser_cred(cred, SUSER_ALLOWJAIL) == 0)
 		return (0);
 
 	if (!hardlink_check_uid && !hardlink_check_gid)
@@ -2300,7 +2300,7 @@ setfflags(td, vp, flags)
 	 * chown can't fail when done as root.
 	 */
 	if (vp->v_type == VCHR || vp->v_type == VBLK) {
-		error = suser_cred(td->td_ucred, PRISON_ROOT);
+		error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 		if (error)
 			return (error);
 	}
@@ -3727,7 +3727,7 @@ revoke(td, uap)
 	}
 	VOP_UNLOCK(vp, 0, td);
 	if (td->td_ucred->cr_uid != vattr.va_uid) {
-		error = suser_cred(td->td_ucred, PRISON_ROOT);
+		error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 		if (error)
 			goto out;
 	}

sys/netinet/in_pcb.c

@@ -321,7 +321,7 @@ in_pcbbind_setup(inp, nam, laddrp, lportp, cred)
 			/* GROSS */
 			if (ntohs(lport) <= ipport_reservedhigh &&
 			    ntohs(lport) >= ipport_reservedlow &&
-			    suser_cred(cred, PRISON_ROOT))
+			    suser_cred(cred, SUSER_ALLOWJAIL))
 				return (EACCES);
 			if (jailed(cred))
 				prison = 1;
@@ -392,7 +392,7 @@ in_pcbbind_setup(inp, nam, laddrp, lportp, cred)
 			last  = ipport_hilastauto;
 			lastport = &pcbinfo->lasthi;
 		} else if (inp->inp_flags & INP_LOWPORT) {
-			if ((error = suser_cred(cred, PRISON_ROOT)) != 0)
+			if ((error = suser_cred(cred, SUSER_ALLOWJAIL)) != 0)
 				return error;
 			first = ipport_lowfirstauto;	/* 1023 */
 			last  = ipport_lowlastauto;	/* 600 */

sys/netinet/raw_ip.c

@@ -557,7 +557,7 @@ rip_attach(struct socket *so, int proto, struct thread *td)
 		INP_INFO_WUNLOCK(&ripcbinfo);
 		return (EPERM);
 	}
-	if (td && (error = suser_cred(td->td_ucred, PRISON_ROOT)) != 0) {
+	if (td && (error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL)) != 0) {
 		INP_INFO_WUNLOCK(&ripcbinfo);
 		return error;
 	}

sys/netinet/tcp_subr.c

@@ -996,7 +996,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS)
 	struct inpcb *inp;
 	int error, s;
 
-	error = suser_cred(req->td->td_ucred, PRISON_ROOT);
+	error = suser_cred(req->td->td_ucred, SUSER_ALLOWJAIL);
 	if (error)
 		return (error);
 	error = SYSCTL_IN(req, addrs, sizeof(addrs));
@@ -1042,7 +1042,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS)
 	struct inpcb *inp;
 	int error, s, mapped = 0;
 
-	error = suser_cred(req->td->td_ucred, PRISON_ROOT);
+	error = suser_cred(req->td->td_ucred, SUSER_ALLOWJAIL);
 	if (error)
 		return (error);
 	error = SYSCTL_IN(req, addrs, sizeof(addrs));

sys/netinet/tcp_timewait.c

@@ -996,7 +996,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS)
 	struct inpcb *inp;
 	int error, s;
 
-	error = suser_cred(req->td->td_ucred, PRISON_ROOT);
+	error = suser_cred(req->td->td_ucred, SUSER_ALLOWJAIL);
 	if (error)
 		return (error);
 	error = SYSCTL_IN(req, addrs, sizeof(addrs));
@@ -1042,7 +1042,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS)
 	struct inpcb *inp;
 	int error, s, mapped = 0;
 
-	error = suser_cred(req->td->td_ucred, PRISON_ROOT);
+	error = suser_cred(req->td->td_ucred, SUSER_ALLOWJAIL);
 	if (error)
 		return (error);
 	error = SYSCTL_IN(req, addrs, sizeof(addrs));

sys/netinet/udp_usrreq.c

@@ -684,7 +684,7 @@ udp_getcred(SYSCTL_HANDLER_ARGS)
 	struct inpcb *inp;
 	int error, s;
 
-	error = suser_cred(req->td->td_ucred, PRISON_ROOT);
+	error = suser_cred(req->td->td_ucred, SUSER_ALLOWJAIL);
 	if (error)
 		return (error);
 	error = SYSCTL_IN(req, addrs, sizeof(addrs));

sys/netinet6/in6_pcb.c

@@ -187,7 +187,7 @@ in6_pcbbind(inp, nam, cred)
 
 			/* GROSS */
 			if (ntohs(lport) < IPV6PORT_RESERVED &&
-			    suser_cred(cred, PRISON_ROOT))
+			    suser_cred(cred, SUSER_ALLOWJAIL))
 				return (EACCES);
 			if (so->so_cred->cr_uid != 0 &&
 			    !IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {

sys/sys/systm.h

@@ -216,7 +216,8 @@ void	cpu_startprofclock(void);
 void	cpu_stopprofclock(void);
 
 /* flags for suser() and suser_cred() */
-#define PRISON_ROOT	1
+#define SUSER_ALLOWJAIL	1
+#define PRISON_ROOT	SUSER_ALLOWJAIL	/* XXX Old name, will be removed */
 #define SUSER_RUID	2
 
 int	suser(struct thread *td);

sys/ufs/ffs/ffs_alloc.c

@@ -136,7 +136,7 @@ ffs_alloc(ip, lbn, bpref, size, cred, bnp)
 retry:
 	if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0)
 		goto nospace;
-	if (suser_cred(cred, PRISON_ROOT) &&
+	if (suser_cred(cred, SUSER_ALLOWJAIL) &&
 	    freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0)
 		goto nospace;
 #ifdef QUOTA
@@ -217,7 +217,7 @@ ffs_realloccg(ip, lbprev, bprev, bpref, osize, nsize, cred, bpp)
 #endif /* DIAGNOSTIC */
 	reclaimed = 0;
 retry:
-	if (suser_cred(cred, PRISON_ROOT) &&
+	if (suser_cred(cred, SUSER_ALLOWJAIL) &&
 	    freespace(fs, fs->fs_minfree) -  numfrags(fs, nsize - osize) < 0)
 		goto nospace;
 	if (bprev == 0) {

sys/ufs/ffs/ffs_vnops.c

@@ -720,7 +720,7 @@ ffs_write(ap)
 	 * tampering.
 	 */
 	if (resid > uio->uio_resid && ap->a_cred && 
-	    suser_cred(ap->a_cred, PRISON_ROOT)) {
+	    suser_cred(ap->a_cred, SUSER_ALLOWJAIL)) {
 		ip->i_mode &= ~(ISUID | ISGID);
 		DIP(ip, i_mode) = ip->i_mode;
 	}
@@ -1158,7 +1158,7 @@ ffs_extwrite(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *ucred)
 	 * tampering.
 	 */
 	if (resid > uio->uio_resid && ucred && 
-	    suser_cred(ucred, PRISON_ROOT)) {
+	    suser_cred(ucred, SUSER_ALLOWJAIL)) {
 		ip->i_mode &= ~(ISUID | ISGID);
 		dp->di_mode = ip->i_mode;
 	}

sys/ufs/ufs/ufs_quota.c

@@ -408,7 +408,7 @@ quotaon(td, mp, type, fname)
 	int error, flags;
 	struct nameidata nd;
 
-	error = suser_cred(td->td_ucred, PRISON_ROOT);
+	error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 	if (error)
 		return (error);
 
@@ -496,7 +496,7 @@ quotaoff(td, mp, type)
 	struct inode *ip;
 	int error;
 
-	error = suser_cred(td->td_ucred, PRISON_ROOT);
+	error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 	if (error)
 		return (error);
 
@@ -563,7 +563,7 @@ getquota(td, mp, id, type, addr)
 	switch (type) {
 	case USRQUOTA:
 		if ((td->td_ucred->cr_uid != id) && !unprivileged_get_quota) {
-			error = suser_cred(td->td_ucred, PRISON_ROOT);
+			error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 			if (error)
 				return (error);
 		}
@@ -571,7 +571,7 @@ getquota(td, mp, id, type, addr)
 
 	case GRPQUOTA:
 		if (!groupmember(id, td->td_ucred) && !unprivileged_get_quota) {
-			error = suser_cred(td->td_ucred, PRISON_ROOT);
+			error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 			if (error)
 				return (error);
 		}
@@ -606,7 +606,7 @@ setquota(td, mp, id, type, addr)
 	struct dqblk newlim;
 	int error;
 
-	error = suser_cred(td->td_ucred, PRISON_ROOT);
+	error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 	if (error)
 		return (error);
 
@@ -672,7 +672,7 @@ setuse(td, mp, id, type, addr)
 	struct dqblk usage;
 	int error;
 
-	error = suser_cred(td->td_ucred, PRISON_ROOT);
+	error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
 	if (error)
 		return (error);
 

sys/ufs/ufs/ufs_vnops.c

@@ -499,7 +499,7 @@ ufs_setattr(ap)
 		 * Privileged non-jail processes may not modify system flags
 		 * if securelevel > 0 and any existing system flags are set.
 		 */
-		if (!suser_cred(cred, PRISON_ROOT)) {
+		if (!suser_cred(cred, SUSER_ALLOWJAIL)) {
 			if (ip->i_flags
 			    & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
 				error = securelevel_gt(cred, 0);
@@ -646,11 +646,11 @@ ufs_chmod(vp, mode, cred, td)
 	 * jail(8).
 	 */
 	if (vp->v_type != VDIR && (mode & S_ISTXT)) {
-		if (suser_cred(cred, PRISON_ROOT))
+		if (suser_cred(cred, SUSER_ALLOWJAIL))
 			return (EFTYPE);
 	}
 	if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
-		error = suser_cred(cred, PRISON_ROOT);
+		error = suser_cred(cred, SUSER_ALLOWJAIL);
 		if (error)
 			return (error);
 	}
@@ -699,7 +699,7 @@ ufs_chown(vp, uid, gid, cred, td)
 	 */
 	if ((uid != ip->i_uid || 
 	    (gid != ip->i_gid && !groupmember(gid, cred))) &&
-	    (error = suser_cred(cred, PRISON_ROOT)))
+	    (error = suser_cred(cred, SUSER_ALLOWJAIL)))
 		return (error);
 	ogid = ip->i_gid;
 	ouid = ip->i_uid;
@@ -770,7 +770,7 @@ ufs_chown(vp, uid, gid, cred, td)
 		panic("ufs_chown: lost quota");
 #endif /* QUOTA */
 	ip->i_flag |= IN_CHANGE;
-	if (suser_cred(cred, PRISON_ROOT) && (ouid != uid || ogid != gid)) {
+	if (suser_cred(cred, SUSER_ALLOWJAIL) && (ouid != uid || ogid != gid)) {
 		ip->i_mode &= ~(ISUID | ISGID);
 		DIP(ip, i_mode) = ip->i_mode;
 	}
@@ -2509,7 +2509,7 @@ ufs_makeinode(mode, dvp, vpp, cnp)
 	if (DOINGSOFTDEP(tvp))
 		softdep_change_linkcnt(ip);
 	if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
-	    suser_cred(cnp->cn_cred, PRISON_ROOT)) {
+	    suser_cred(cnp->cn_cred, SUSER_ALLOWJAIL)) {
 		ip->i_mode &= ~ISGID;
 		DIP(ip, i_mode) = ip->i_mode;
 	}