Be consistent with UFS in a way how devfs_setattr() checks credentials

for chmod(2), chown(2) and utimes(2) with respect to jail(2).

Reviewed by:		rwatson, ru
Not objected by:	phk
Approved by:		ru

sys/fs/devfs/devfs_vnops.c

@@ -718,7 +718,8 @@ devfs_setattr(ap)
 	if (uid != de->de_uid || gid != de->de_gid) {
 		if (((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid ||
 		    (gid != de->de_gid && !groupmember(gid, ap->a_cred))) &&
-		    (error = suser(ap->a_td->td_proc)) != 0)
+		    (error = suser_xxx(NULL, ap->a_td->td_proc,
+		    PRISON_ROOT)) != 0)
 			return (error);
 		de->de_uid = uid;
 		de->de_gid = gid;
@@ -735,21 +736,21 @@ devfs_setattr(ap)
 
 	if (vap->va_mode != (mode_t)VNOVAL) {
 		if ((ap->a_cred->cr_uid != de->de_uid) &&
-		    (error = suser(ap->a_td->td_proc)))
+		    (error = suser_xxx(NULL, ap->a_td->td_proc, PRISON_ROOT)))
 			return (error);
 		de->de_mode = vap->va_mode;
 		c = 1;
 	}
 	if (vap->va_atime.tv_sec != VNOVAL) {
 		if ((ap->a_cred->cr_uid != de->de_uid) &&
-		    (error = suser(ap->a_td->td_proc)))
+		    (error = suser_xxx(NULL, ap->a_td->td_proc, PRISON_ROOT)))
 			return (error);
 		de->de_atime = vap->va_atime;
 		c = 1;
 	}
 	if (vap->va_mtime.tv_sec != VNOVAL) {
 		if ((ap->a_cred->cr_uid != de->de_uid) &&
-		    (error = suser(ap->a_td->td_proc)))
+		    (error = suser_xxx(NULL, ap->a_td->td_proc, PRISON_ROOT)))
 			return (error);
 		de->de_mtime = vap->va_mtime;
 		c = 1;