Require CAP_CREATE on directory descriptor for linkat(2).

Sponsored by: FreeBSD Foundation MFC after: 2 weeks
2012-09-25 20:58:15 +00:00 · 2012-09-25 20:58:15 +00:00 · 5ca6c6bd61
commit 5ca6c6bd61
parent 76c124139f
1 changed files with 2 additions and 2 deletions
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@ -1622,8 +1622,8 @@ kern_linkat(struct thread *td, int fd1, int fd2, char *path1, char *path2,
 		VFS_UNLOCK_GIANT(vfslocked);
 		return (error);
 	}
-	NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE2,
-	    segflg, path2, fd2, td);
+	NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE |
+	    AUDITVNODE2, segflg, path2, fd2, CAP_CREATE, td);
 	if ((error = namei(&nd)) == 0) {
 		lvfslocked = NDHASGIANT(&nd);
 		if (nd.ni_vp != NULL) {