PERFORCE change 117844 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=117844

Change 117844 by rwatson at rwatson_zoo on 2007/04/10 15:27:42

	Finish fleshing out review table for privileges.

Affected files ...

.. //depot/projects/trustedbsd/priv/notes.txt#3 edit

Differences ...

==== //depot/projects/trustedbsd/priv/notes.txt#3 (text+ko) ====

@@ -99,84 +99,84 @@
 PRIV_VFS_EXCEEDQUOTA 		no			no
 PRIV_VFS_EXTATTR_SYSTEM		no			no
 PRIV_VFS_FCHROOT   		no			yes
-PRIV_VFS_FHOPEN 					no
-PRIV_VFS_FHSTAT						no
-PRIV_VFS_FHSTATFS					no
-PRIV_VFS_GENERATION					no
-PRIV_VFS_GETFH						no
-PRIV_VFS_GETQUOTA					yes
-PRIV_VFS_LINK						yes
-PRIV_VFS_MKNOD_BAD					no
-PRIV_VFS_MKNOD_DEV					no
-PRIV_VFS_MKNOD_WHT					no
-PRIV_VFS_MOUNT						jail_mount_allowed
-PRIV_VFS_MOUNT_OWNER					no
-PRIV_VFS_MOUNT_EXPORTED					no
-PRIV_VFS_MOUNT_PERM					no
-PRIV_VFS_MOUNT_SUIDDIR					no
-PRIV_VFS_MOUNT_NONUSER					jail_mount_allowed
-PRIV_VFS_SETGID						yes
-PRIV_VFS_SETQUOTA					yes
-PRIV_VFS_STICKYFILE					yes
-PRIV_VFS_SYSFLAGS					jail_chflags_allowed
-PRIV_VFS_UNMOUNT					jail_mount_allowed
-PRIV_VM_MADV_PROTECT					no
-PRIV_VM_MLOCK						no
-PRIV_VM_MUNLOCK						no
-PRIV_DEVFS_RULE						no
-PRIV_DEVFS_SYMLINK					no
-PRIV_RANDOM_RESEED					no
-PRIV_NET_BRIDGE						no
-PRIV_NET_GRE						no
-PRIV_NET_PPP						no
-PRIV_NET_SLIP						no
-PRIV_NET_BPF						no
-PRIV_NET_RAW						no
-PRIV_NET_ROUTE						no
-PRIV_NET_TAP						no
-PRIV_NET_SETIFMTU					no
-PRIV_NET_SETIFFLAGS					no
-PRIV_NET_SETIFCAP					no
-PRIV_NET_SETIFNAME					no
-PRIV_NET_SETIFMETRIC					no
-PRIV_NET_SETIFPHYS					no
-PRIV_NET_SETIFMAC					no
-PRIV_NET_ADDMULTI					no
-PRIV_NET_DELMULTI					no
-PRIV_NET_HWIOCTL					no
-PRIV_NET_SETLLADDR					no
-PRIV_NET_ADDIFGROUP					no
-PRIV_NET_DELIFGROUP					no
-PRIV_NET_IFCREATE					no
-PRIV_NET_IFDESTROY					no
-PRIV_NET_ADDIFADDR					no
-PRIV_NET_DELIFADDR					no
-PRIV_NET80211_GETKEY					no
-PRIV_NET80211_MANAGE					no
-PRIV_NETATALK_RESERVEDPORT				yes
-PRIV_NETATM_CFG						no
-PRIV_NETATM_ADD						no
-PRIV_NETATM_DEL						no
-PRIV_NETATM_SET						no
-PRIV_NETBLUETOOTH_RAW					jail_allow_raw_sockets
-PRIV_NETGRAPH_CONTROL					no
-PRIV_NETGRAPH_TTY					no
-PRIV_NETINET_RESERVEDPORT				no
-PRIV_NETINET_IPFW					no
-PRIV_NETINET_DIVERT					no
-PRIV_NETINET_PF						no
-PRIV_NETINET_DUMMYNET					no
-PRIV_NETINET_CARP					no
-PRIV_NETINET_MROUTE					no
-PRIV_NETINET_RAW					no
-PRIV_NETINET_GETCRED					yes
-PRIV_NETINET_ADDRCTRL6					no
-PRIV_NETINET_ND6					no
-PRIV_NETINET_SCOPE6					no
-PRIV_NETINET_ALIFETIME6					no
-PRIV_NETINET_IPSEC					no
-PRIV_NETIPX_RESERVEDPORT				no
-PRIV_NETIPX_RAW						no
-PRIV_NETNCP						no
-PRIV_NETSMB						no
-PRIV_VM86_INTCALL					no
+PRIV_VFS_FHOPEN 		no			no
+PRIV_VFS_FHSTAT			no			no
+PRIV_VFS_FHSTATFS		no			no
+PRIV_VFS_GENERATION		no			no
+PRIV_VFS_GETFH			no			no
+PRIV_VFS_GETQUOTA		yes			yes
+PRIV_VFS_LINK			yes			yes
+PRIV_VFS_MKNOD_BAD		no			no
+PRIV_VFS_MKNOD_DEV		no			no
+PRIV_VFS_MKNOD_WHT		no			no
+PRIV_VFS_MOUNT			no			jail_mount_allowed
+PRIV_VFS_MOUNT_OWNER		no			no
+PRIV_VFS_MOUNT_EXPORTED		no			no
+PRIV_VFS_MOUNT_PERM		no			no
+PRIV_VFS_MOUNT_SUIDDIR		no			no
+PRIV_VFS_MOUNT_NONUSER		no			jail_mount_allowed
+PRIV_VFS_SETGID			yes			yes
+PRIV_VFS_SETQUOTA		yes			yes
+PRIV_VFS_STICKYFILE		yes			yes
+PRIV_VFS_SYSFLAGS		jail_chflags_allowed	jail_chflags_allowed	XXX old way sometimes not, see msdosfs, ext2fs
+PRIV_VFS_UNMOUNT		no			jail_mount_allowed
+PRIV_VM_MADV_PROTECT		no			no
+PRIV_VM_MLOCK			no			no
+PRIV_VM_MUNLOCK			no			no
+PRIV_DEVFS_RULE			no			no
+PRIV_DEVFS_SYMLINK		no			no
+PRIV_RANDOM_RESEED		no			no
+PRIV_NET_BRIDGE			no			no
+PRIV_NET_GRE			no			no
+PRIV_NET_PPP			no			no
+PRIV_NET_SLIP			no			no
+PRIV_NET_BPF			no			no
+PRIV_NET_RAW			no			no
+PRIV_NET_ROUTE			no			no
+PRIV_NET_TAP			no			no
+PRIV_NET_SETIFMTU		no			no
+PRIV_NET_SETIFFLAGS		no			no
+PRIV_NET_SETIFCAP		no			no
+PRIV_NET_SETIFNAME		no			no
+PRIV_NET_SETIFMETRIC		no			no
+PRIV_NET_SETIFPHYS		no			no
+PRIV_NET_SETIFMAC		no			no
+PRIV_NET_ADDMULTI		no			no
+PRIV_NET_DELMULTI		no			no
+PRIV_NET_HWIOCTL		no			no
+PRIV_NET_SETLLADDR		no			no
+PRIV_NET_ADDIFGROUP		no			no
+PRIV_NET_DELIFGROUP		no			no
+PRIV_NET_IFCREATE		no			no
+PRIV_NET_IFDESTROY		no			no
+PRIV_NET_ADDIFADDR		no			no
+PRIV_NET_DELIFADDR		no			no
+PRIV_NET80211_GETKEY		no			no
+PRIV_NET80211_MANAGE		no			no
+PRIV_NETATALK_RESERVEDPORT	no			no
+PRIV_NETATM_CFG			no			no
+PRIV_NETATM_ADD			no			no
+PRIV_NETATM_DEL			no			no
+PRIV_NETATM_SET			no			no
+PRIV_NETBLUETOOTH_RAW		no			no
+PRIV_NETGRAPH_CONTROL		no			no
+PRIV_NETGRAPH_TTY		no			no
+PRIV_NETINET_RESERVEDPORT	yes			yes
+PRIV_NETINET_IPFW		no			no
+PRIV_NETINET_DIVERT		no			no
+PRIV_NETINET_PF			no			no
+PRIV_NETINET_DUMMYNET		no			no
+PRIV_NETINET_CARP		no			no
+PRIV_NETINET_MROUTE		no			no
+PRIV_NETINET_RAW		jail_allow_raw_sockets	jail_allow_raw_sockets
+PRIV_NETINET_GETCRED		yes			yes
+PRIV_NETINET_ADDRCTRL6		no			no
+PRIV_NETINET_ND6		no			no
+PRIV_NETINET_SCOPE6		no			no
+PRIV_NETINET_ALIFETIME6		no			no
+PRIV_NETINET_IPSEC		no			no
+PRIV_NETIPX_RESERVEDPORT	no			no
+PRIV_NETIPX_RAW			no			no
+PRIV_NETNCP			no			no
+PRIV_NETSMB			no			no
+PRIV_VM86_INTCALL		no			no