Do allow bypass of mac_seeotheruids in jail in order to be consistent

with other uses of PRIV_SEEOTHERUIDS. This will automatically be scoped to the jail by the jail policy.
2007-02-19 13:25:17 +00:00 · 2007-02-19 13:25:17 +00:00 · 8bd5639f18
commit 8bd5639f18
parent ea04d82da8
1 changed files with 2 additions and 1 deletions
--- a/sys/security/mac_seeotheruids/mac_seeotheruids.c
+++ b/sys/security/mac_seeotheruids/mac_seeotheruids.c
@ -126,7 +126,8 @@ mac_seeotheruids_check(struct ucred *u1, struct ucred *u2)
 		return (0);

 	if (suser_privileged) {
-		if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, 0) == 0)
+		if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL)
+		    == 0)
 			return (0);
 	}