cvs commit: src/sys/ufs/ufs ufs_vnops.c

Christian S.J. Peron csjp at
Wed Sep 1 18:12:20 PDT 2004

csjp        2004-09-02 01:12:20 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_5)
    sys/ufs/ufs          ufs_vnops.c 
  MFC v1.243:
  Currently, if the secure level is low enough, system flags can
  be manipulated by prison root. In 4.x prison root can not manipulate
  system flags, regardless of the security level. This behavior
  should remain consistent to avoid any surprises which could lead
  to security problems for system administrators which give out
  privileged access to jails.
  This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL
  to 0. This will prevent prison root from being able to manipulate
  system flags on files.
  Approved by:    re (kensmith)
  Revision   Changes    Path  +1 -1      src/sys/ufs/ufs/ufs_vnops.c

More information about the cvs-src mailing list