From d7dd2bd6ed9d590b133388ad5c9f951635b59eee Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Tue, 10 Oct 2006 17:04:19 +0000 Subject: [PATCH] Do allow jailed superuser to override the port ACL. MFC after: 3 days Submitted by: Michal Mertl --- sys/security/mac_portacl/mac_portacl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/security/mac_portacl/mac_portacl.c b/sys/security/mac_portacl/mac_portacl.c index 589ba67bc796..80cd0539c90d 100644 --- a/sys/security/mac_portacl/mac_portacl.c +++ b/sys/security/mac_portacl/mac_portacl.c @@ -427,7 +427,7 @@ rules_check(struct ucred *cred, int family, int type, u_int16_t port) mtx_unlock(&rule_mtx); if (error != 0 && mac_portacl_suser_exempt != 0) - error = suser_cred(cred, 0); + error = suser_cred(cred, SUSER_ALLOWJAIL); return (error); }