PERFORCE change 114294 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=114294

Change 114294 by rwatson at rwatson_cinnamon on 2007/02/09 14:59:00

	Narrow scope of quota privileges allowed in jail by default: don't
	let superuser manipulate the usage counts or configuration of quotas.

Affected files ...

.. //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#14 edit
.. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#6 edit

Differences ...

==== //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#14 (text+ko) ====

@@ -616,14 +616,11 @@
 
 		/*
 		 * Allow root in jail to manage a variety of quota
-		 * properties.  Some are a bit surprising and should be
-		 * reconsidered.
+		 * properties.  These should likely be conditional on a
+		 * configuration option.
 		 */
 	case PRIV_UFS_GETQUOTA:
-	case PRIV_UFS_QUOTAOFF:		/* XXXRW: Slightly surprising. */
-	case PRIV_UFS_QUOTAON:		/* XXXRW: Slightly surprising. */
 	case PRIV_UFS_SETQUOTA:
-	case PRIV_UFS_SETUSE:		/* XXXRW: Slightly surprising. */
 
 		/*
 		 * Since Jail relies on chroot() to implement file system

==== //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#6 (text+ko) ====

@@ -426,11 +426,7 @@
 	int error, flags;
 	struct nameidata nd;
 
-	/*
-	 * XXXRW: Can this be right?  Jail is allowed to do this?
-	 */
-	error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON,
-	    SUSER_ALLOWJAIL);
+	error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON, 0);
 	if (error)
 		return (error);
 
@@ -524,11 +520,7 @@
 	struct inode *ip;
 	int error;
 
-	/*
-	 * XXXRW: This also seems wrong to allow in a jail?
-	 */
-	error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF,
-	    SUSER_ALLOWJAIL);
+	error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF, 0);
 	if (error)
 		return (error);
 
@@ -713,8 +705,7 @@
 	struct dqblk usage;
 	int error;
 
-	error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE,
-	    SUSER_ALLOWJAIL);
+	error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE, 0);
 	if (error)
 		return (error);