Do allow PIOCSFL in jail for setguid processes; this is more consistent

with other debugging checks elsewhere. XXX comment on the fact that p_candebug() is not being used here remains.
2007-02-19 13:04:25 +00:00 · 2007-02-19 13:04:25 +00:00 · 969e5bdcd0
commit 969e5bdcd0
parent 3c97ab97bf
1 changed files with 2 additions and 4 deletions
--- a/sys/fs/procfs/procfs_ioctl.c
+++ b/sys/fs/procfs/procfs_ioctl.c
@ -110,11 +110,9 @@ procfs_ioctl(PFS_IOCTL_ARGS)
 			 * XXXRW: Is this specific check required here, as
 			 * p_candebug() should implement it, or other checks
 			 * are missing.
-			 *
-			 * XXXRW: Other debugging privileges are granted in
-			 * jail, why isn't this?
 			 */
-			error = priv_check(td, PRIV_DEBUG_SUGID);
+			error = priv_check_cred(td->td_ucred,
+			    PRIV_DEBUG_SUGID, SUSER_ALLOWJAIL);
 			if (error)
 				break;
 		}