PERFORCE change 105882 for review

Sat Sep 9 10:03:51 UTC 2006

http://perforce.freebsd.org/chv.cgi?CH=105882

Change 105882 by rwatson at rwatson_sesame on 2006/09/09 10:02:52

	Add a new sysctl privilege associated with a sysctl writable in
	jail, in contrast the sysctls not writable in jail.  That way jail
	can grant access to some, but not all, sysctls without further
	special casing in the sysctl code.

Affected files ...

.. //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/priv/sys/kern/kern_sysctl.c#3 (text+ko) ====

@@ -1253,7 +1253,8 @@
 	/* Is this sysctl writable by only privileged users? */
 	if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
 		if (oid->oid_kind & CTLFLAG_PRISON)
-			error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL);
+			error = priv_check_cred(req->td->td_ucred,
+			    PRIV_SYSCTL_WRITEJAIL, SUSER_ALLOWJAIL);
 		else
 			error = priv_check(req->td, PRIV_SYSCTL_WRITE);
 		if (error)
