PERFORCE change 114294 for review
Robert Watson
rwatson at FreeBSD.org
Fri Feb 9 15:05:01 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=114294
Change 114294 by rwatson at rwatson_cinnamon on 2007/02/09 14:59:00
Narrow scope of quota privileges allowed in jail by default: don't
let superuser manipulate the usage counts or configuration of quotas.
Affected files ...
.. //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#14 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#6 edit
Differences ...
==== //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#14 (text+ko) ====
@@ -616,14 +616,11 @@
/*
* Allow root in jail to manage a variety of quota
- * properties. Some are a bit surprising and should be
- * reconsidered.
+ * properties. These should likely be conditional on a
+ * configuration option.
*/
case PRIV_UFS_GETQUOTA:
- case PRIV_UFS_QUOTAOFF: /* XXXRW: Slightly surprising. */
- case PRIV_UFS_QUOTAON: /* XXXRW: Slightly surprising. */
case PRIV_UFS_SETQUOTA:
- case PRIV_UFS_SETUSE: /* XXXRW: Slightly surprising. */
/*
* Since Jail relies on chroot() to implement file system
==== //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#6 (text+ko) ====
@@ -426,11 +426,7 @@
int error, flags;
struct nameidata nd;
- /*
- * XXXRW: Can this be right? Jail is allowed to do this?
- */
- error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON, 0);
if (error)
return (error);
@@ -524,11 +520,7 @@
struct inode *ip;
int error;
- /*
- * XXXRW: This also seems wrong to allow in a jail?
- */
- error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF, 0);
if (error)
return (error);
@@ -713,8 +705,7 @@
struct dqblk usage;
int error;
- error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE, 0);
if (error)
return (error);
More information about the trustedbsd-cvs
mailing list