Require CAP_CREATE on directory descriptor for symlinkat(2).

Sponsored by:	FreeBSD Foundation
MFC after:	2 weeks
This commit is contained in:
pjd 2012-09-25 20:59:12 +00:00
parent 5ca6c6bd61
commit 4816885ff1

View File

@ -1719,8 +1719,8 @@ kern_symlinkat(struct thread *td, char *path1, int fd, char *path2,
AUDIT_ARG_TEXT(syspath);
restart:
bwillwrite();
NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
segflg, path2, fd, td);
NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE |
AUDITVNODE1, segflg, path2, fd, CAP_CREATE, td);
if ((error = namei(&nd)) != 0)
goto out;
vfslocked = NDHASGIANT(&nd);