o Add a comment clarifying interaction between jail(), privileged processes,

and UFS file flags.  Here's what the comment says, for reference:

	Privileged processes in jail() are permitted to modify
	arbitrary user flags on files, but are not permitted
	to modify system flags.

  In other words, privilege does allow a process in jail to modify user
  flags for objects that the process does not own, but privilege will
  not permit the setting of system flags on the file.

Obtained from:	TrustedBSD Project
This commit is contained in:
Robert Watson 2000-09-18 17:58:15 +00:00
parent ea57890740
commit f5770bb46a

View File

@ -408,6 +408,11 @@ ufs_setattr(ap)
if (vap->va_flags != VNOVAL) {
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
/*
* Privileged processes in jail() are permitted to modify
* arbitrary user flags on files, but are not permitted
* to modify system flags.
*/
if (cred->cr_uid != ip->i_uid &&
(error = suser_xxx(cred, p, PRISON_ROOT)))
return (error);