Require CAP_DELETE on directory descriptor for unlinkat(2).

Sponsored by: FreeBSD Foundation MFC after: 2 weeks
2012-09-25 21:00:36 +00:00 · 2012-09-25 21:00:36 +00:00 · 1d5d62ac36
commit 1d5d62ac36
parent 4816885ff1
1 changed files with 2 additions and 2 deletions
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@ -1881,8 +1881,8 @@ kern_unlinkat(struct thread *td, int fd, char *path, enum uio_seg pathseg,

 restart:
 	bwillwrite();
-	NDINIT_AT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNODE1,
-	    pathseg, path, fd, td);
+	NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE |
+	    AUDITVNODE1, pathseg, path, fd, CAP_DELETE, td);
 	if ((error = namei(&nd)) != 0)
 		return (error == EINVAL ? EPERM : error);
 	vfslocked = NDHASGIANT(&nd);