PERFORCE change 51949 for review

Chris Vance cvance at FreeBSD.org
Fri Apr 30 00:08:44 GMT 2004 

http://perforce.freebsd.org/chv.cgi?CH=51949

Change 51949 by cvance at cvance_sony on 2004/04/29 17:08:25

	Replace suser and suser_cred checks with appropriate capability 
	checks.  The suser and suser_cred calls were introduced with code
	brought in during the recent integration from the MAC tree.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_mount.c#12 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_syscalls.c#11 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_vnops.c#9 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_mount.c#12 (text+ko) ====

@@ -744,7 +744,7 @@
 				}
 			}
 		} else {
-			if ((error = suser(td)) != 0) {
+			if ((error = cap_check(td, CAP_SYS_ADMIN)) != 0) {
 				vput(vp);
 				return (error);
 			}
@@ -1051,7 +1051,7 @@
 		return (EPERM);
 
 	if (usermount == 0) {
-		if ((error = suser(td)) != 0)
+		if ((error = cap_check(td, CAP_SYS_ADMIN)) != 0)
 			return (error);
 	}
 
@@ -1103,7 +1103,7 @@
 				return (error);
 		}
 	} else {
-		if ((error = suser(td)) != 0)
+		if ((error = cap_check(td, CAP_SYS_ADMIN)) != 0)
 			return (error);
 	}
 

==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_syscalls.c#11 (text+ko) ====

@@ -378,7 +378,7 @@
 				vfs_unbusy(mp, td);
 				continue;
 			}
-			if (suser(td)) {
+			if (cap_check(td, CAP_SYS_ADMIN)) {
 				bcopy(sp, &sb, sizeof(sb));
 				sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
 				sp = &sb;
@@ -602,7 +602,7 @@
 	/*
 	 * Must be super user
 	 */
-	error = suser(td);
+	error = cap_check(td, CAP_SYS_ADMIN);
 	if (error)
 		return (error);
 
@@ -659,7 +659,7 @@
 	    MIN(MFSNAMELEN, OMNAMELEN));
 	bcopy(nsp->f_mntfromname, osp->f_mntfromname,
 	    MIN(MFSNAMELEN, OMNAMELEN));
-	if (suser(td)) {
+	if (cap_check(td, CAP_SYS_ADMIN)) {
 		osp->f_fsid.val[0] = osp->f_fsid.val[1] = 0;
 	} else {
 		osp->f_fsid = nsp->f_fsid;
@@ -1386,7 +1386,7 @@
 	struct vattr va;
 	int error;
 
-	if (suser_cred(cred, PRISON_ROOT) == 0)
+	if (cap_check_cred(cred, NULL, CAP_SYS_ADMIN, PRISON_ROOT) == 0)
 		return (0);
 
 	if (!hardlink_check_uid && !hardlink_check_gid)

==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_vnops.c#9 (text+ko) ====

@@ -752,7 +752,7 @@
 	}
 	
 	sb->st_flags = vap->va_flags;
-	if (suser(td))
+	if (cap_check(td, CAP_SYS_ADMIN))
 	        sb->st_gen = 0;
 	else
 		sb->st_gen = vap->va_gen;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list