Require CAP_CREATE on directory descriptor for symlinkat(2).

Sponsored by: FreeBSD Foundation MFC after: 2 weeks
2012-09-25 20:59:12 +00:00 · 2012-09-25 20:59:12 +00:00 · cffcbad2bf
commit cffcbad2bf
parent d2e166e654
1 changed files with 2 additions and 2 deletions
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@ -1719,8 +1719,8 @@ kern_symlinkat(struct thread *td, char *path1, int fd, char *path2,
 	AUDIT_ARG_TEXT(syspath);
 restart:
 	bwillwrite();
-	NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
-	    segflg, path2, fd, td);
+	NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE |
+	    AUDITVNODE1, segflg, path2, fd, CAP_CREATE, td);
 	if ((error = namei(&nd)) != 0)
 		goto out;
 	vfslocked = NDHASGIANT(&nd);