o Add a comment clarifying interaction between jail(), privileged processes,
and UFS file flags. Here's what the comment says, for reference: Privileged processes in jail() are permitted to modify arbitrary user flags on files, but are not permitted to modify system flags. In other words, privilege does allow a process in jail to modify user flags for objects that the process does not own, but privilege will not permit the setting of system flags on the file. Obtained from: TrustedBSD Project
This commit is contained in:
parent
ea57890740
commit
f5770bb46a
@ -408,6 +408,11 @@ ufs_setattr(ap)
|
||||
if (vap->va_flags != VNOVAL) {
|
||||
if (vp->v_mount->mnt_flag & MNT_RDONLY)
|
||||
return (EROFS);
|
||||
/*
|
||||
* Privileged processes in jail() are permitted to modify
|
||||
* arbitrary user flags on files, but are not permitted
|
||||
* to modify system flags.
|
||||
*/
|
||||
if (cred->cr_uid != ip->i_uid &&
|
||||
(error = suser_xxx(cred, p, PRISON_ROOT)))
|
||||
return (error);
|
||||
|
Loading…
Reference in New Issue
Block a user