aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2007-06-12 00:12:01 +0000
committerRobert Watson <rwatson@FreeBSD.org>2007-06-12 00:12:01 +0000
commit32f9753cfbfe844fa6c02c88c7ca96617e903d8e (patch)
treec439df85bebf079d07319c231d64ac481577b036
parentefe641b939baf83c13aa60cadaa44ad5a501e824 (diff)
downloadsrc-32f9753cfbfe844fa6c02c88c7ca96617e903d8e.tar.gz
src-32f9753cfbfe844fa6c02c88c7ca96617e903d8e.zip
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in
some cases, move to priv_check() if it was an operation on a thread and no other flags were present. Eliminate caller-side jail exception checking (also now-unused); jail privilege exception code now goes solely in kern_jail.c. We can't yet eliminate suser() due to some cases in the KAME code where a privilege check is performed and then used in many different deferred paths. Do, however, move those prototypes to priv.h. Reviewed by: csjp Obtained from: TrustedBSD Project
Notes
Notes: svn path=/head/; revision=170587
-rw-r--r--sys/cddl/compat/opensolaris/kern/opensolaris_policy.c29
-rw-r--r--sys/compat/linux/linux_misc.c3
-rw-r--r--sys/compat/linux/linux_uid16.c3
-rw-r--r--sys/compat/opensolaris/kern/opensolaris_policy.c29
-rw-r--r--sys/compat/svr4/svr4_fcntl.c3
-rw-r--r--sys/compat/svr4/svr4_misc.c3
-rw-r--r--sys/fs/devfs/devfs_vnops.c6
-rw-r--r--sys/fs/msdosfs/msdosfs_vnops.c12
-rw-r--r--sys/fs/procfs/procfs_ioctl.c3
-rw-r--r--sys/gnu/fs/ext2fs/ext2_vnops.c18
-rw-r--r--sys/kern/kern_exec.c3
-rw-r--r--sys/kern/kern_fork.c3
-rw-r--r--sys/kern/kern_ktrace.c5
-rw-r--r--sys/kern/kern_priv.c10
-rw-r--r--sys/kern/kern_prot.c59
-rw-r--r--sys/kern/kern_resource.c3
-rw-r--r--sys/kern/kern_sysctl.c3
-rw-r--r--sys/kern/subr_acl_posix1e.c12
-rw-r--r--sys/kern/sysv_ipc.c9
-rw-r--r--sys/kern/sysv_msg.c3
-rw-r--r--sys/kern/uipc_mqueue.c9
-rw-r--r--sys/kern/vfs_mount.c2
-rw-r--r--sys/kern/vfs_subr.c10
-rw-r--r--sys/kern/vfs_syscalls.c15
-rw-r--r--sys/netinet/in_pcb.c6
-rw-r--r--sys/netinet/raw_ip.c9
-rw-r--r--sys/netinet/sctp_pcb.c10
-rw-r--r--sys/netinet/sctp_usrreq.c14
-rw-r--r--sys/netinet/tcp_subr.c6
-rw-r--r--sys/netinet/udp_usrreq.c3
-rw-r--r--sys/netinet6/in6_pcb.c4
-rw-r--r--sys/netinet6/in6_src.c3
-rw-r--r--sys/netinet6/raw_ip6.c2
-rw-r--r--sys/netinet6/sctp6_usrreq.c8
-rw-r--r--sys/netinet6/udp6_usrreq.c6
-rw-r--r--sys/netipsec/ipsec_osdep.h4
-rw-r--r--sys/security/mac_portacl/mac_portacl.c3
-rw-r--r--sys/security/mac_seeotheruids/mac_seeotheruids.c3
-rw-r--r--sys/sys/priv.h12
-rw-r--r--sys/sys/systm.h6
-rw-r--r--sys/ufs/ffs/ffs_alloc.c4
-rw-r--r--sys/ufs/ffs/ffs_vnops.c6
-rw-r--r--sys/ufs/ufs/ufs_quota.c18
-rw-r--r--sys/ufs/ufs/ufs_vnops.c20
44 files changed, 144 insertions, 258 deletions
diff --git a/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c b/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c
index c109a4cc4911..a09c9ec1130a 100644
--- a/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c
+++ b/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c
@@ -72,7 +72,7 @@ secpolicy_basic_link(struct ucred *cred)
if (!hardlink_check_uid)
return (0);
- return (priv_check_cred(cred, PRIV_VFS_LINK, SUSER_ALLOWJAIL));
+ return (priv_check_cred(cred, PRIV_VFS_LINK, 0));
}
int
@@ -86,7 +86,7 @@ int
secpolicy_vnode_remove(struct ucred *cred)
{
- return (priv_check_cred(cred, PRIV_VFS_ADMIN, SUSER_ALLOWJAIL));
+ return (priv_check_cred(cred, PRIV_VFS_ADMIN, 0));
}
int
@@ -94,23 +94,20 @@ secpolicy_vnode_access(struct ucred *cred, struct vnode *vp, uint64_t owner,
int mode)
{
- if ((mode & VREAD) &&
- priv_check_cred(cred, PRIV_VFS_READ, SUSER_ALLOWJAIL) != 0) {
+ if ((mode & VREAD) && priv_check_cred(cred, PRIV_VFS_READ, 0) != 0) {
return (EACCES);
}
if ((mode & VWRITE) &&
- priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL) != 0) {
+ priv_check_cred(cred, PRIV_VFS_WRITE, 0) != 0) {
return (EACCES);
}
if (mode & VEXEC) {
if (vp->v_type == VDIR) {
- if (priv_check_cred(cred, PRIV_VFS_LOOKUP,
- SUSER_ALLOWJAIL) != 0) {
+ if (priv_check_cred(cred, PRIV_VFS_LOOKUP, 0) != 0) {
return (EACCES);
}
} else {
- if (priv_check_cred(cred, PRIV_VFS_EXEC,
- SUSER_ALLOWJAIL) != 0) {
+ if (priv_check_cred(cred, PRIV_VFS_EXEC, 0) != 0) {
return (EACCES);
}
}
@@ -124,7 +121,7 @@ secpolicy_vnode_setdac(struct ucred *cred, uid_t owner)
if (owner == cred->cr_uid)
return (0);
- return (priv_check_cred(cred, PRIV_VFS_ADMIN, SUSER_ALLOWJAIL));
+ return (priv_check_cred(cred, PRIV_VFS_ADMIN, 0));
}
int
@@ -173,8 +170,7 @@ secpolicy_vnode_setattr(struct ucred *cred, struct vnode *vp, struct vattr *vap,
if (((mask & AT_UID) && vap->va_uid != ovap->va_uid) ||
((mask & AT_GID) && vap->va_gid != ovap->va_gid &&
!groupmember(vap->va_gid, cred))) {
- error = priv_check_cred(cred, PRIV_VFS_CHOWN,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
if (error)
return (error);
}
@@ -214,7 +210,7 @@ secpolicy_vnode_setids_setgids(struct ucred *cred, gid_t gid)
{
if (!groupmember(gid, cred))
- return (priv_check_cred(cred, PRIV_VFS_SETGID, SUSER_ALLOWJAIL));
+ return (priv_check_cred(cred, PRIV_VFS_SETGID, 0));
return (0);
}
@@ -222,7 +218,7 @@ int
secpolicy_vnode_setid_retain(struct ucred *cred, boolean_t issuidroot __unused)
{
- return (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, SUSER_ALLOWJAIL));
+ return (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0));
}
void
@@ -230,8 +226,7 @@ secpolicy_setid_clear(struct vattr *vap, struct ucred *cred)
{
if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0) {
- if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID,
- SUSER_ALLOWJAIL)) {
+ if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) {
vap->va_mask |= AT_MODE;
vap->va_mode &= ~(S_ISUID|S_ISGID);
}
@@ -250,7 +245,7 @@ secpolicy_setid_setsticky_clear(struct vnode *vp, struct vattr *vap,
* is not a member of. Both of these are allowed in jail(8).
*/
if (vp->v_type != VDIR && (vap->va_mode & S_ISTXT)) {
- if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, SUSER_ALLOWJAIL))
+ if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0))
return (EFTYPE);
}
/*
diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c
index 926efbc1f55c..9c066fcbfcc2 100644
--- a/sys/compat/linux/linux_misc.c
+++ b/sys/compat/linux/linux_misc.c
@@ -1079,8 +1079,7 @@ linux_setgroups(struct thread *td, struct linux_setgroups_args *args)
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
- SUSER_ALLOWJAIL)) != 0) {
+ if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
diff --git a/sys/compat/linux/linux_uid16.c b/sys/compat/linux/linux_uid16.c
index a8a1f5d36beb..c4743822dd8a 100644
--- a/sys/compat/linux/linux_uid16.c
+++ b/sys/compat/linux/linux_uid16.c
@@ -124,8 +124,7 @@ linux_setgroups16(struct thread *td, struct linux_setgroups16_args *args)
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
- SUSER_ALLOWJAIL)) != 0) {
+ if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
diff --git a/sys/compat/opensolaris/kern/opensolaris_policy.c b/sys/compat/opensolaris/kern/opensolaris_policy.c
index c109a4cc4911..a09c9ec1130a 100644
--- a/sys/compat/opensolaris/kern/opensolaris_policy.c
+++ b/sys/compat/opensolaris/kern/opensolaris_policy.c
@@ -72,7 +72,7 @@ secpolicy_basic_link(struct ucred *cred)
if (!hardlink_check_uid)
return (0);
- return (priv_check_cred(cred, PRIV_VFS_LINK, SUSER_ALLOWJAIL));
+ return (priv_check_cred(cred, PRIV_VFS_LINK, 0));
}
int
@@ -86,7 +86,7 @@ int
secpolicy_vnode_remove(struct ucred *cred)
{
- return (priv_check_cred(cred, PRIV_VFS_ADMIN, SUSER_ALLOWJAIL));
+ return (priv_check_cred(cred, PRIV_VFS_ADMIN, 0));
}
int
@@ -94,23 +94,20 @@ secpolicy_vnode_access(struct ucred *cred, struct vnode *vp, uint64_t owner,
int mode)
{
- if ((mode & VREAD) &&
- priv_check_cred(cred, PRIV_VFS_READ, SUSER_ALLOWJAIL) != 0) {
+ if ((mode & VREAD) && priv_check_cred(cred, PRIV_VFS_READ, 0) != 0) {
return (EACCES);
}
if ((mode & VWRITE) &&
- priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL) != 0) {
+ priv_check_cred(cred, PRIV_VFS_WRITE, 0) != 0) {
return (EACCES);
}
if (mode & VEXEC) {
if (vp->v_type == VDIR) {
- if (priv_check_cred(cred, PRIV_VFS_LOOKUP,
- SUSER_ALLOWJAIL) != 0) {
+ if (priv_check_cred(cred, PRIV_VFS_LOOKUP, 0) != 0) {
return (EACCES);
}
} else {
- if (priv_check_cred(cred, PRIV_VFS_EXEC,
- SUSER_ALLOWJAIL) != 0) {
+ if (priv_check_cred(cred, PRIV_VFS_EXEC, 0) != 0) {
return (EACCES);
}
}
@@ -124,7 +121,7 @@ secpolicy_vnode_setdac(struct ucred *cred, uid_t owner)
if (owner == cred->cr_uid)
return (0);
- return (priv_check_cred(cred, PRIV_VFS_ADMIN, SUSER_ALLOWJAIL));
+ return (priv_check_cred(cred, PRIV_VFS_ADMIN, 0));
}
int
@@ -173,8 +170,7 @@ secpolicy_vnode_setattr(struct ucred *cred, struct vnode *vp, struct vattr *vap,
if (((mask & AT_UID) && vap->va_uid != ovap->va_uid) ||
((mask & AT_GID) && vap->va_gid != ovap->va_gid &&
!groupmember(vap->va_gid, cred))) {
- error = priv_check_cred(cred, PRIV_VFS_CHOWN,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
if (error)
return (error);
}
@@ -214,7 +210,7 @@ secpolicy_vnode_setids_setgids(struct ucred *cred, gid_t gid)
{
if (!groupmember(gid, cred))
- return (priv_check_cred(cred, PRIV_VFS_SETGID, SUSER_ALLOWJAIL));
+ return (priv_check_cred(cred, PRIV_VFS_SETGID, 0));
return (0);
}
@@ -222,7 +218,7 @@ int
secpolicy_vnode_setid_retain(struct ucred *cred, boolean_t issuidroot __unused)
{
- return (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, SUSER_ALLOWJAIL));
+ return (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0));
}
void
@@ -230,8 +226,7 @@ secpolicy_setid_clear(struct vattr *vap, struct ucred *cred)
{
if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0) {
- if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID,
- SUSER_ALLOWJAIL)) {
+ if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) {
vap->va_mask |= AT_MODE;
vap->va_mode &= ~(S_ISUID|S_ISGID);
}
@@ -250,7 +245,7 @@ secpolicy_setid_setsticky_clear(struct vnode *vp, struct vattr *vap,
* is not a member of. Both of these are allowed in jail(8).
*/
if (vp->v_type != VDIR && (vap->va_mode & S_ISTXT)) {
- if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, SUSER_ALLOWJAIL))
+ if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0))
return (EFTYPE);
}
/*
diff --git a/sys/compat/svr4/svr4_fcntl.c b/sys/compat/svr4/svr4_fcntl.c
index 6073e0d5d5ae..8735abb6dd67 100644
--- a/sys/compat/svr4/svr4_fcntl.c
+++ b/sys/compat/svr4/svr4_fcntl.c
@@ -281,8 +281,7 @@ fd_revoke(td, fd)
goto out;
if (td->td_ucred->cr_uid != vattr.va_uid &&
- (error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check(td, PRIV_VFS_ADMIN)) != 0)
goto out;
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
diff --git a/sys/compat/svr4/svr4_misc.c b/sys/compat/svr4/svr4_misc.c
index a158fd7cf2cd..e4c48c0a6d88 100644
--- a/sys/compat/svr4/svr4_misc.c
+++ b/sys/compat/svr4/svr4_misc.c
@@ -612,8 +612,7 @@ svr4_sys_fchroot(td, uap)
struct file *fp;
int error, vfslocked;
- if ((error = priv_check_cred(td->td_ucred, PRIV_VFS_FCHROOT,
- SUSER_ALLOWJAIL)) != 0)
+ if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0)
return error;
if ((error = getvnode(fdp, uap->fd, &fp)) != 0)
return error;
diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c
index d6c3232f71c5..0acf99bfdcf6 100644
--- a/sys/fs/devfs/devfs_vnops.c
+++ b/sys/fs/devfs/devfs_vnops.c
@@ -1160,8 +1160,7 @@ devfs_setattr(struct vop_setattr_args *ap)
if (uid != de->de_uid || gid != de->de_gid) {
if ((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid ||
(gid != de->de_gid && !groupmember(gid, ap->a_cred))) {
- error = priv_check_cred(ap->a_td->td_ucred,
- PRIV_VFS_CHOWN, SUSER_ALLOWJAIL);
+ error = priv_check(ap->a_td, PRIV_VFS_CHOWN);
if (error)
return (error);
}
@@ -1172,8 +1171,7 @@ devfs_setattr(struct vop_setattr_args *ap)
if (vap->va_mode != (mode_t)VNOVAL) {
if (ap->a_cred->cr_uid != de->de_uid) {
- error = priv_check_cred(ap->a_td->td_ucred,
- PRIV_VFS_ADMIN, SUSER_ALLOWJAIL);
+ error = priv_check(ap->a_td, PRIV_VFS_ADMIN);
if (error)
return (error);
}
diff --git a/sys/fs/msdosfs/msdosfs_vnops.c b/sys/fs/msdosfs/msdosfs_vnops.c
index 33e52923a994..32312671e091 100644
--- a/sys/fs/msdosfs/msdosfs_vnops.c
+++ b/sys/fs/msdosfs/msdosfs_vnops.c
@@ -408,8 +408,7 @@ msdosfs_setattr(ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid) {
- error = priv_check_cred(cred, PRIV_VFS_ADMIN,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
if (error)
return (error);
}
@@ -426,8 +425,7 @@ msdosfs_setattr(ap)
* sensible filesystem attempts it a lot.
*/
if (vap->va_flags & SF_SETTABLE) {
- error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0);
if (error)
return (error);
}
@@ -454,8 +452,7 @@ msdosfs_setattr(ap)
gid = pmp->pm_gid;
if (cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
(gid != pmp->pm_gid && !groupmember(gid, cred))) {
- error = priv_check_cred(cred, PRIV_VFS_CHOWN,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
if (error)
return (error);
}
@@ -520,8 +517,7 @@ msdosfs_setattr(ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid) {
- error = priv_check_cred(cred, PRIV_VFS_ADMIN,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
if (error)
return (error);
}
diff --git a/sys/fs/procfs/procfs_ioctl.c b/sys/fs/procfs/procfs_ioctl.c
index bd003e05c743..ccff555280f6 100644
--- a/sys/fs/procfs/procfs_ioctl.c
+++ b/sys/fs/procfs/procfs_ioctl.c
@@ -114,8 +114,7 @@ procfs_ioctl(PFS_IOCTL_ARGS)
* p_candebug() should implement it, or other checks
* are missing.
*/
- error = priv_check_cred(td->td_ucred,
- PRIV_DEBUG_SUGID, SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_DEBUG_SUGID);
if (error)
break;
}
diff --git a/sys/gnu/fs/ext2fs/ext2_vnops.c b/sys/gnu/fs/ext2fs/ext2_vnops.c
index a1167e126962..04afdeb13da1 100644
--- a/sys/gnu/fs/ext2fs/ext2_vnops.c
+++ b/sys/gnu/fs/ext2fs/ext2_vnops.c
@@ -415,8 +415,7 @@ ext2_setattr(ap)
* Privileged non-jail processes may not modify system flags
* if securelevel > 0 and any existing system flags are set.
*/
- if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS,
- SUSER_ALLOWJAIL)) {
+ if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
if (ip->i_flags
& (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
error = securelevel_gt(cred, 0);
@@ -535,14 +534,12 @@ ext2_chmod(vp, mode, cred, td)
* process is not a member of.
*/
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
- error = priv_check_cred(cred, PRIV_VFS_STICKYFILE,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0);
if (error)
return (EFTYPE);
}
if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
- error = priv_check_cred(cred, PRIV_VFS_SETGID,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
if (error)
return (error);
}
@@ -586,8 +583,7 @@ ext2_chown(vp, uid, gid, cred, td)
*/
if (uid != ip->i_uid || (gid != ip->i_gid &&
!groupmember(gid, cred))) {
- error = priv_check_cred(cred, PRIV_VFS_CHOWN,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
if (error)
return (error);
}
@@ -597,8 +593,7 @@ ext2_chown(vp, uid, gid, cred, td)
ip->i_uid = uid;
ip->i_flag |= IN_CHANGE;
if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
- if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID,
- SUSER_ALLOWJAIL) != 0)
+ if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0) != 0)
ip->i_mode &= ~(ISUID | ISGID);
}
return (0);
@@ -1648,8 +1643,7 @@ ext2_makeinode(mode, dvp, vpp, cnp)
tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
ip->i_nlink = 1;
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) {
- if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID,
- SUSER_ALLOWJAIL))
+ if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID, 0))
ip->i_mode &= ~ISGID;
}
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 78534ad49e1a..0e1b696011ca 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -567,8 +567,7 @@ interpret:
#ifdef KTRACE
if (p->p_tracevp != NULL &&
- priv_check_cred(oldcred, PRIV_DEBUG_DIFFCRED,
- SUSER_ALLOWJAIL)) {
+ priv_check_cred(oldcred, PRIV_DEBUG_DIFFCRED, 0)) {
mtx_lock(&ktrace_mtx);
p->p_traceflag = 0;
tracevp = p->p_tracevp;
diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c
index ae69afe5e8f4..f20cefeedee4 100644
--- a/sys/kern/kern_fork.c
+++ b/sys/kern/kern_fork.c
@@ -306,8 +306,7 @@ fork1(td, flags, pages, procp)
*
* XXXRW: Can we avoid privilege here if it's not needed?
*/
- error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, SUSER_RUID |
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, SUSER_RUID);
if (error == 0)
ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0);
else {
diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index 5ff62fe7cac3..2b7ee33a9cd7 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -793,8 +793,7 @@ ktrops(td, p, ops, facs, vp)
p->p_tracecred = crhold(td->td_ucred);
}
p->p_traceflag |= facs;
- if (priv_check_cred(td->td_ucred, PRIV_KTRACE,
- SUSER_ALLOWJAIL) == 0)
+ if (priv_check(td, PRIV_KTRACE) == 0)
p->p_traceflag |= KTRFAC_ROOT;
} else {
/* KTROP_CLEAR */
@@ -1000,7 +999,7 @@ ktrcanset(td, targetp)
PROC_LOCK_ASSERT(targetp, MA_OWNED);
if (targetp->p_traceflag & KTRFAC_ROOT &&
- priv_check_cred(td->td_ucred, PRIV_KTRACE, SUSER_ALLOWJAIL))
+ priv_check(td, PRIV_KTRACE))
return (0);
if (p_candebug(td, targetp) != 0)
diff --git a/sys/kern/kern_priv.c b/sys/kern/kern_priv.c
index 6d2d692edcd5..ebf01ba17c88 100644
--- a/sys/kern/kern_priv.c
+++ b/sys/kern/kern_priv.c
@@ -77,18 +77,8 @@ priv_check_cred(struct ucred *cred, int priv, int flags)
/*
* Jail policy will restrict certain privileges that may otherwise be
* be granted.
- *
- * While debugging the transition from SUSER_ALLOWJAIL to Jail being
- * aware of specific privileges, perform run-time checking that the
- * two versions of the policy align. This assertion will go away
- * once the SUSER_ALLOWJAIL flag has gone away.
*/
error = prison_priv_check(cred, priv);
-#ifdef NOTYET
- KASSERT(!jailed(cred) || error == ((flags & SUSER_ALLOWJAIL) ? 0 :
- EPERM), ("priv_check_cred: prison_priv_check %d but flags %s",
- error, flags & SUSER_ALLOWJAIL ? "allowjail" : "!allowjail"));
-#endif
if (error)
return (error);
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 36a5dc4f9c93..18d3b2a0f0e1 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -511,8 +511,7 @@ setuid(struct thread *td, struct setuid_args *uap)
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
uid != oldcred->cr_uid && /* allow setuid(geteuid()) */
#endif
- (error = priv_check_cred(oldcred, PRIV_CRED_SETUID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETUID, 0)) != 0)
goto fail;
/*
@@ -529,7 +528,7 @@ setuid(struct thread *td, struct setuid_args *uap)
uid == oldcred->cr_uid ||
#endif
/* We are using privs. */
- priv_check_cred(oldcred, PRIV_CRED_SETUID, SUSER_ALLOWJAIL) == 0)
+ priv_check_cred(oldcred, PRIV_CRED_SETUID, 0) == 0)
#endif
{
/*
@@ -602,8 +601,7 @@ seteuid(struct thread *td, struct seteuid_args *uap)
if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */
euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */
- (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID, 0)) != 0)
goto fail;
/*
@@ -672,8 +670,7 @@ setgid(struct thread *td, struct setgid_args *uap)
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
#endif
- (error = priv_check_cred(oldcred, PRIV_CRED_SETGID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETGID, 0)) != 0)
goto fail;
crcopy(newcred, oldcred);
@@ -687,7 +684,7 @@ setgid(struct thread *td, struct setgid_args *uap)
gid == oldcred->cr_groups[0] ||
#endif
/* We are using privs. */
- priv_check_cred(oldcred, PRIV_CRED_SETGID, SUSER_ALLOWJAIL) == 0)
+ priv_check_cred(oldcred, PRIV_CRED_SETGID, 0) == 0)
#endif
{
/*
@@ -756,8 +753,7 @@ setegid(struct thread *td, struct setegid_args *uap)
if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */
egid != oldcred->cr_svgid && /* allow setegid(saved gid) */
- (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, 0)) != 0)
goto fail;
crcopy(newcred, oldcred);
@@ -817,8 +813,7 @@ kern_setgroups(struct thread *td, u_int ngrp, gid_t *groups)
goto fail;
#endif
- error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0);
if (error)
goto fail;
@@ -887,8 +882,7 @@ setreuid(register struct thread *td, struct setreuid_args *uap)
ruid != oldcred->cr_svuid) ||
(euid != (uid_t)-1 && euid != oldcred->cr_uid &&
euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) &&
- (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID, 0)) != 0)
goto fail;
crcopy(newcred, oldcred);
@@ -953,8 +947,7 @@ setregid(register struct thread *td, struct setregid_args *uap)
rgid != oldcred->cr_svgid) ||
(egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
- (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID, 0)) != 0)
goto fail;
crcopy(newcred, oldcred);
@@ -1030,8 +1023,7 @@ setresuid(register struct thread *td, struct setresuid_args *uap)
(suid != (uid_t)-1 && suid != oldcred->cr_ruid &&
suid != oldcred->cr_svuid &&
suid != oldcred->cr_uid)) &&
- (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID, 0)) != 0)
goto fail;
crcopy(newcred, oldcred);
@@ -1108,8 +1100,7 @@ setresgid(register struct thread *td, struct setresgid_args *uap)
(sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
sgid != oldcred->cr_svgid &&
sgid != oldcred->cr_groups[0])) &&
- (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID, 0)) != 0)
goto fail;
crcopy(newcred, oldcred);
@@ -1317,8 +1308,7 @@ cr_seeotheruids(struct ucred *u1, struct ucred *u2)
{
if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) {
- if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL)
- != 0)
+ if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, 0) != 0)
return (ESRCH);
}
return (0);
@@ -1357,8 +1347,7 @@ cr_seeothergids(struct ucred *u1, struct ucred *u2)
break;
}
if (!match) {
- if (priv_check_cred(u1, PRIV_SEEOTHERGIDS,
- SUSER_ALLOWJAIL) != 0)
+ if (priv_check_cred(u1, PRIV_SEEOTHERGIDS, 0) != 0)
return (ESRCH);
}
}
@@ -1475,8 +1464,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
break;
default:
/* Not permitted without privilege. */
- error = priv_check_cred(cred, PRIV_SIGNAL_SUGID,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_SIGNAL_SUGID, 0);
if (error)
return (error);
}
@@ -1490,9 +1478,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
cred->cr_ruid != proc->p_ucred->cr_svuid &&
cred->cr_uid != proc->p_ucred->cr_ruid &&
cred->cr_uid != proc->p_ucred->cr_svuid) {
- /* Not permitted without privilege. */
- error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED, 0);
if (error)
return (error);
}
@@ -1570,8 +1556,7 @@ p_cansched(struct thread *td, struct proc *p)
return (error);
if (td->td_ucred->cr_ruid != p->p_ucred->cr_ruid &&
td->td_ucred->cr_uid != p->p_ucred->cr_ruid) {
- error = priv_check_cred(td->td_ucred, PRIV_SCHED_DIFFCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_SCHED_DIFFCRED);
if (error)
return (error);
}
@@ -1610,8 +1595,7 @@ p_candebug(struct thread *td, struct proc *p)
KASSERT(td == curthread, ("%s: td not curthread", __func__));
PROC_LOCK_ASSERT(p, MA_OWNED);
if (!unprivileged_proc_debug) {
- error = priv_check_cred(td->td_ucred, PRIV_DEBUG_UNPRIV,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_DEBUG_UNPRIV);
if (error)
return (error);
}
@@ -1662,15 +1646,13 @@ p_candebug(struct thread *td, struct proc *p)
* for td to debug p.
*/
if (!grpsubset || !uidsubset) {
- error = priv_check_cred(td->td_ucred, PRIV_DEBUG_DIFFCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_DEBUG_DIFFCRED);
if (error)
return (error);
}
if (credentialchanged) {
- error = priv_check_cred(td->td_ucred, PRIV_DEBUG_SUGID,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_DEBUG_SUGID);
if (error)
return (error);
}
@@ -1940,8 +1922,7 @@ setlogin(struct thread *td, struct setlogin_args *uap)
int error;
char logintmp[MAXLOGNAME];
- error = priv_check_cred(td->td_ucred, PRIV_PROC_SETLOGIN,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_PROC_SETLOGIN);
if (error)
return (error);
error = copyinstr(uap->namebuf, logintmp, sizeof(logintmp), NULL);
diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c
index 9f47402807f0..847e9f4ddbb0 100644
--- a/sys/kern/kern_resource.c
+++ b/sys/kern/kern_resource.c
@@ -688,8 +688,7 @@ kern_setrlimit(td, which, limp)
alimp = &oldlim->pl_rlimit[which];
if (limp->rlim_cur > alimp->rlim_max ||
limp->rlim_max > alimp->rlim_max)
- if ((error = priv_check_cred(td->td_ucred,
- PRIV_PROC_SETRLIMIT, SUSER_ALLOWJAIL))) {
+ if ((error = priv_check(td, PRIV_PROC_SETRLIMIT))) {
PROC_UNLOCK(p);
lim_free(newlim);
return (error);
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index 6100f418cfec..893c54ffaf89 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1280,8 +1280,7 @@ sysctl_root(SYSCTL_HANDLER_ARGS)
/* Is this sysctl writable by only privileged users? */
if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
if (oid->oid_kind & CTLFLAG_PRISON)
- error = priv_check_cred(req->td->td_ucred,
- PRIV_SYSCTL_WRITEJAIL, SUSER_ALLOWJAIL);
+ error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL);
else
error = priv_check(req->td, PRIV_SYSCTL_WRITE);
if (error)
diff --git a/sys/kern/subr_acl_posix1e.c b/sys/kern/subr_acl_posix1e.c
index 94c612f2a0f7..d3f944d3afe1 100644
--- a/sys/kern/subr_acl_posix1e.c
+++ b/sys/kern/subr_acl_posix1e.c
@@ -82,24 +82,22 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
if (type == VDIR) {
if ((acc_mode & VEXEC) && !priv_check_cred(cred,
- PRIV_VFS_LOOKUP, SUSER_ALLOWJAIL))
+ PRIV_VFS_LOOKUP, 0))
priv_granted |= VEXEC;
} else {
if ((acc_mode & VEXEC) && !priv_check_cred(cred,
- PRIV_VFS_EXEC, SUSER_ALLOWJAIL))
+ PRIV_VFS_EXEC, 0))
priv_granted |= VEXEC;
}
- if ((acc_mode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ,
- SUSER_ALLOWJAIL))
+ if ((acc_mode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0))
priv_granted |= VREAD;
if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) &&
- !priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL))
+ !priv_check_cred(cred, PRIV_VFS_WRITE, 0))
priv_granted |= (VWRITE | VAPPEND);
- if ((acc_mode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN,
- SUSER_ALLOWJAIL))
+ if ((acc_mode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
priv_granted |= VADMIN;
/*
diff --git a/sys/kern/sysv_ipc.c b/sys/kern/sysv_ipc.c
index 7503760793d5..0cbb4bbe8c42 100644
--- a/sys/kern/sysv_ipc.c
+++ b/sys/kern/sysv_ipc.c
@@ -125,22 +125,19 @@ ipcperm(struct thread *td, struct ipc_perm *perm, int acc_mode)
*/
priv_granted = 0;
if ((acc_mode & IPC_M) && !(dac_granted & IPC_M)) {
- error = priv_check_cred(td->td_ucred, PRIV_IPC_ADMIN,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_IPC_ADMIN);
if (error == 0)
priv_granted |= IPC_M;
}
if ((acc_mode & IPC_R) && !(dac_granted & IPC_R)) {
- error = priv_check_cred(td->td_ucred, PRIV_IPC_READ,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_IPC_READ);
if (error == 0)
priv_granted |= IPC_R;
}
if ((acc_mode & IPC_W) && !(dac_granted & IPC_W)) {
- error = priv_check_cred(td->td_ucred, PRIV_IPC_WRITE,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_IPC_WRITE);
if (error == 0)
priv_granted |= IPC_W;
}
diff --git a/sys/kern/sysv_msg.c b/sys/kern/sysv_msg.c
index d9f320787d78..bd5ca9068606 100644
--- a/sys/kern/sysv_msg.c
+++ b/sys/kern/sysv_msg.c
@@ -502,8 +502,7 @@ kern_msgctl(td, msqid, cmd, msqbuf)
if ((error = ipcperm(td, &msqkptr->u.msg_perm, IPC_M)))
goto done2;
if (msqbuf->msg_qbytes > msqkptr->u.msg_qbytes) {
- error = priv_check_cred(td->td_ucred,
- PRIV_IPC_MSGSIZE, SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_IPC_MSGSIZE);
if (error)
goto done2;
}
diff --git a/sys/kern/uipc_mqueue.c b/sys/kern/uipc_mqueue.c
index 82cd070a3299..1c5cadbc3311 100644
--- a/sys/kern/uipc_mqueue.c
+++ b/sys/kern/uipc_mqueue.c
@@ -961,8 +961,7 @@ int do_unlink(struct mqfs_node *pn, struct ucred *ucred)
sx_assert(&pn->mn_info->mi_lock, SX_LOCKED);
if (ucred->cr_uid != pn->mn_uid &&
- (error = priv_check_cred(ucred, PRIV_MQ_ADMIN,
- SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check_cred(ucred, PRIV_MQ_ADMIN, 0)) != 0)
error = EACCES;
else if (!pn->mn_deleted) {
parent = pn->mn_parent;
@@ -1221,8 +1220,7 @@ mqfs_setattr(struct vop_setattr_args *ap)
*/
if (((ap->a_cred->cr_uid != pn->mn_uid) || uid != pn->mn_uid ||
(gid != pn->mn_gid && !groupmember(gid, ap->a_cred))) &&
- (error = priv_check_cred(ap->a_td->td_ucred,
- PRIV_MQ_ADMIN, SUSER_ALLOWJAIL)) != 0)
+ (error = priv_check(ap->a_td, PRIV_MQ_ADMIN)) != 0)
return (error);
pn->mn_uid = uid;
pn->mn_gid = gid;
@@ -1231,8 +1229,7 @@ mqfs_setattr(struct vop_setattr_args *ap)
if (vap->va_mode != (mode_t)VNOVAL) {
if ((ap->a_cred->cr_uid != pn->mn_uid) &&
- (error = priv_check_cred(ap->a_td->td_ucred,
- PRIV_MQ_ADMIN, SUSER_ALLOWJAIL)))
+ (error = priv_check(ap->a_td, PRIV_MQ_ADMIN)))
return (error);
pn->mn_mode = vap->va_mode;
c = 1;
diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c
index e545a2526d08..82bb76736810 100644
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@@ -918,7 +918,7 @@ vfs_domount(
}
if (va.va_uid != td->td_ucred->cr_uid) {
error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
- SUSER_ALLOWJAIL);
+ 0);
if (error) {
vput(vp);
return (error);
diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c
index 8e56b16aa237..a45a8b740fdc 100644
--- a/sys/kern/vfs_subr.c
+++ b/sys/kern/vfs_subr.c
@@ -3299,24 +3299,24 @@ privcheck:
* requests, instead of PRIV_VFS_EXEC.
*/
if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_LOOKUP, SUSER_ALLOWJAIL))
+ !priv_check_cred(cred, PRIV_VFS_LOOKUP, 0))
priv_granted |= VEXEC;
} else {
if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_EXEC, SUSER_ALLOWJAIL))
+ !priv_check_cred(cred, PRIV_VFS_EXEC, 0))
priv_granted |= VEXEC;
}
if ((acc_mode & VREAD) && ((dac_granted & VREAD) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_READ, SUSER_ALLOWJAIL))
+ !priv_check_cred(cred, PRIV_VFS_READ, 0))
priv_granted |= VREAD;
if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_WRITE, SUSER_ALLOWJAIL))
+ !priv_check_cred(cred, PRIV_VFS_WRITE, 0))
priv_granted |= (VWRITE | VAPPEND);
if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_ADMIN, SUSER_ALLOWJAIL))
+ !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
priv_granted |= VADMIN;
if ((acc_mode & (priv_granted | dac_granted)) == acc_mode) {
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index ab10bfa2e6dd..d73c4a2188a6 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -837,8 +837,7 @@ chroot(td, uap)
struct nameidata nd;
int vfslocked;
- error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_VFS_CHROOT);
if (error)
return (error);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
@@ -1367,15 +1366,13 @@ can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
return (error);
if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
- error = priv_check_cred(cred, PRIV_VFS_LINK,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
if (error)
return (error);
}
if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
- error = priv_check_cred(cred, PRIV_VFS_LINK,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
if (error)
return (error);
}
@@ -2337,8 +2334,7 @@ setfflags(td, vp, flags)
* chown can't fail when done as root.
*/
if (vp->v_type == VCHR || vp->v_type == VBLK) {
- error = priv_check_cred(td->td_ucred, PRIV_VFS_CHFLAGS_DEV,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_VFS_CHFLAGS_DEV);
if (error)
return (error);
}
@@ -3840,8 +3836,7 @@ revoke(td, uap)
if (error)
goto out;
if (td->td_ucred->cr_uid != vattr.va_uid) {
- error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_VFS_ADMIN);
if (error)
goto out;
}
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index d7d829052a36..61f2894706c4 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -340,13 +340,13 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp,
if (ntohs(lport) <= ipport_reservedhigh &&
ntohs(lport) >= ipport_reservedlow &&
priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL))
+ 0))
return (EACCES);
if (jailed(cred))
prison = 1;
if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) &&
priv_check_cred(so->so_cred,
- PRIV_NETINET_REUSEPORT, SUSER_ALLOWJAIL) != 0) {
+ PRIV_NETINET_REUSEPORT, 0) != 0) {
t = in_pcblookup_local(inp->inp_pcbinfo,
sin->sin_addr, lport,
prison ? 0 : INPLOOKUP_WILDCARD);
@@ -411,7 +411,7 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp,
lastport = &pcbinfo->ipi_lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
error = priv_check_cred(cred,
- PRIV_NETINET_RESERVEDPORT, SUSER_ALLOWJAIL);
+ PRIV_NETINET_RESERVEDPORT, 0);
if (error)
return error;
first = ipport_lowfirstauto; /* 1023 */
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 3eef187c4fbe..5329c6c2df6f 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -607,13 +607,8 @@ rip_attach(struct socket *so, int proto, struct thread *td)
inp = sotoinpcb(so);
KASSERT(inp == NULL, ("rip_attach: inp != NULL"));
- /*
- * XXXRW: Centralize privilege decision in kern_jail.c.
- */
- if (jailed(td->td_ucred) && !jail_allow_raw_sockets)
- return (EPERM);
- error = priv_check_cred(td->td_ucred, PRIV_NETINET_RAW,
- SUSER_ALLOWJAIL);
+
+ error = priv_check(td, PRIV_NETINET_RAW);
if (error)
return error;
if (proto >= IPPROTO_MAX || proto < 0)
diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c
index a803eca1c38b..5423208e046f 100644
--- a/sys/netinet/sctp_pcb.c
+++ b/sys/netinet/sctp_pcb.c
@@ -2155,10 +2155,7 @@ sctp_inpcb_bind(struct socket *so, struct sockaddr *addr, struct thread *p)
/* got to be root to get at low ports */
if (ntohs(lport) < IPPORT_RESERVED) {
if (p && (error =
- priv_check_cred(p->td_ucred,
- PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL
- )
+ priv_check(p, PRIV_NETINET_RESERVEDPORT)
)) {
SCTP_INP_DECR_REF(inp);
SCTP_INP_WUNLOCK(inp);
@@ -2228,10 +2225,7 @@ sctp_inpcb_bind(struct socket *so, struct sockaddr *addr, struct thread *p)
last = ipport_hilastauto;
} else if (ip_inp->inp_flags & INP_LOWPORT) {
if (p && (error =
- priv_check_cred(p->td_ucred,
- PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL
- )
+ priv_check(p, PRIV_NETINET_RESERVEDPORT)
)) {
SCTP_INP_DECR_REF(inp);
SCTP_INP_WUNLOCK(inp);
diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index cc69ba11f3a4..0bd92b31d88e 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -386,13 +386,8 @@ sctp_getcred(SYSCTL_HANDLER_ARGS)
/* FIX, for non-bsd is this right? */
vrf_id = SCTP_DEFAULT_VRFID;
- /*
- * XXXRW: Other instances of getcred use SUSER_ALLOWJAIL, as socket
- * visibility is scoped using cr_canseesocket(), which it is not
- * here.
- */
- error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(req->td, PRIV_NETINET_GETCRED);
+
if (error)
return (error);
@@ -3439,9 +3434,8 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize,
{
union sctp_sockstore *ss;
- error = priv_check_cred(curthread->td_ucred,
- PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL);
+ error = priv_check(curthread,
+ PRIV_NETINET_RESERVEDPORT);
if (error)
break;
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 2f300d5b4667..64c53641360b 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -1019,8 +1019,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS)
struct inpcb *inp;
int error;
- error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(req->td, PRIV_NETINET_GETCRED);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
@@ -1064,8 +1063,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS)
struct inpcb *inp;
int error, mapped = 0;
- error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(req->td, PRIV_NETINET_GETCRED);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 96dc044cd327..f6031d6d524d 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -696,8 +696,7 @@ udp_getcred(SYSCTL_HANDLER_ARGS)
struct inpcb *inp;
int error;
- error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(req->td, PRIV_NETINET_GETCRED);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index d44e3e4cea25..5ea647ecd5fd 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -192,11 +192,11 @@ in6_pcbbind(inp, nam, cred)
if (ntohs(lport) <= ipport_reservedhigh &&
ntohs(lport) >= ipport_reservedlow &&
priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL))
+ 0))
return (EACCES);
if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) &&
priv_check_cred(so->so_cred,
- PRIV_NETINET_REUSEPORT, SUSER_ALLOWJAIL) != 0) {
+ PRIV_NETINET_REUSEPORT, 0) != 0) {
t = in6_pcblookup_local(pcbinfo,
&sin6->sin6_addr, lport,
INPLOOKUP_WILDCARD);
diff --git a/sys/netinet6/in6_src.c b/sys/netinet6/in6_src.c
index bee583cec31e..91868e7893bb 100644
--- a/sys/netinet6/in6_src.c
+++ b/sys/netinet6/in6_src.c
@@ -775,8 +775,7 @@ in6_pcbsetport(laddr, inp, cred)
last = ipport_hilastauto;
lastport = &pcbinfo->ipi_lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
- error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0);
if (error)
return error;
first = ipport_lowfirstauto; /* 1023 */
diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c
index f06d1ebf3d65..3f93168c4c45 100644
--- a/sys/netinet6/raw_ip6.c
+++ b/sys/netinet6/raw_ip6.c
@@ -352,7 +352,7 @@ rip6_output(m, va_alist)
INP_LOCK(in6p);
priv = 0;
- if (suser_cred(so->so_cred, SUSER_ALLOWJAIL) == 0)
+ if (suser_cred(so->so_cred, 0) == 0)
priv = 1;
dst = &dstsock->sin6_addr;
if (control) {
diff --git a/sys/netinet6/sctp6_usrreq.c b/sys/netinet6/sctp6_usrreq.c
index f7ad98725acf..667184c0d4b7 100644
--- a/sys/netinet6/sctp6_usrreq.c
+++ b/sys/netinet6/sctp6_usrreq.c
@@ -439,13 +439,7 @@ sctp6_getcred(SYSCTL_HANDLER_ARGS)
vrf_id = SCTP_DEFAULT_VRFID;
- /*
- * XXXRW: Other instances of getcred use SUSER_ALLOWJAIL, as socket
- * visibility is scoped using cr_canseesocket(), which it is not
- * here.
- */
- error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_RESERVEDPORT,
- 0);
+ error = priv_check(req->td, PRIV_NETINET_GETCRED);
if (error)
return (error);
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
index 41be3caaf1d2..ba17f39a162a 100644
--- a/sys/netinet6/udp6_usrreq.c
+++ b/sys/netinet6/udp6_usrreq.c
@@ -437,8 +437,7 @@ udp6_getcred(SYSCTL_HANDLER_ARGS)
struct inpcb *inp;
int error;
- error = priv_check_cred(req->td->td_ucred, PRIV_NETINET_GETCRED,
- SUSER_ALLOWJAIL);
+ error = priv_check(req->td, PRIV_NETINET_GETCRED);
if (error)
return (error);
@@ -465,6 +464,9 @@ udp6_getcred(SYSCTL_HANDLER_ARGS)
INP_LOCK(inp);
KASSERT(inp->inp_socket != NULL,
("udp6_getcred: inp_socket == NULL"));
+ /*
+ * XXXRW: There should be a scoping access control check here.
+ */
cru2x(inp->inp_socket->so_cred, &xuc);
INP_UNLOCK(inp);
INP_INFO_RUNLOCK(&udbinfo);
diff --git a/sys/netipsec/ipsec_osdep.h b/sys/netipsec/ipsec_osdep.h
index c1e11b49ca13..992dd87fec23 100644
--- a/sys/netipsec/ipsec_osdep.h
+++ b/sys/netipsec/ipsec_osdep.h
@@ -212,11 +212,9 @@ if_handoff(struct ifqueue *ifq, struct mbuf *m, struct ifnet *ifp, int adjust)
/*
* 8. Test for "privileged" socket opened by superuser.
* FreeBSD tests ((so)->so_cred != NULL && priv_check_cred((so)->so_cred,
- * PRIV_NETINET_IPSEC, SUSER_ALLOWJAIL) == 0).
+ * PRIV_NETINET_IPSEC, 0) == 0).
* NetBSD (1.6N) tests (so)->so_uid == 0).
* This difference is wrapped inside the IPSEC_PRIVILEGED_SO() macro.
- *
- * XXXRW: Why was this suser_allowjail?
*/
#ifdef __FreeBSD__
#define IPSEC_IS_PRIVILEGED_SO(_so) \
diff --git a/sys/security/mac_portacl/mac_portacl.c b/sys/security/mac_portacl/mac_portacl.c
index 9adccbafc46c..633f606e1972 100644
--- a/sys/security/mac_portacl/mac_portacl.c
+++ b/sys/security/mac_portacl/mac_portacl.c
@@ -419,8 +419,7 @@ rules_check(struct ucred *cred, int family, int type, u_int16_t port)
mtx_unlock(&rule_mtx);
if (error != 0 && mac_portacl_suser_exempt != 0)
- error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0);
return (error);
}
diff --git a/sys/security/mac_seeotheruids/mac_seeotheruids.c b/sys/security/mac_seeotheruids/mac_seeotheruids.c
index c87c865b8c1a..1e5e4df3ef07 100644
--- a/sys/security/mac_seeotheruids/mac_seeotheruids.c
+++ b/sys/security/mac_seeotheruids/mac_seeotheruids.c
@@ -114,8 +114,7 @@ mac_seeotheruids_check(struct ucred *cr1, struct ucred *cr2)
return (0);
if (suser_privileged) {
- if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL)
- == 0)
+ if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, 0) == 0)
return (0);
}
diff --git a/sys/sys/priv.h b/sys/sys/priv.h
index 2b215c8f8913..e79cc4052502 100644
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@@ -466,6 +466,18 @@ struct thread;
struct ucred;
int priv_check(struct thread *td, int priv);
int priv_check_cred(struct ucred *cred, int priv, int flags);
+
+/*
+ * Continue to support external modules that rely on suser(9) -- for now.
+ */
+int suser(struct thread *td);
+int suser_cred(struct ucred *cred, int flags);
+
+/*
+ * For historical reasons, flags to priv_check_cred() retain the SUSER_
+ * prefix.
+ */
+#define SUSER_RUID 2
#endif
#endif /* !_SYS_PRIV_H_ */
diff --git a/sys/sys/systm.h b/sys/sys/systm.h
index 817982c90434..c5233783eca3 100644
--- a/sys/sys/systm.h
+++ b/sys/sys/systm.h
@@ -234,12 +234,6 @@ void stopprofclock(struct proc *);
void cpu_startprofclock(void);
void cpu_stopprofclock(void);
-/* flags for suser() and suser_cred() */
-#define SUSER_ALLOWJAIL 1
-#define SUSER_RUID 2
-
-int suser(struct thread *td);
-int suser_cred(struct ucred *cred, int flags);
int cr_cansee(struct ucred *u1, struct ucred *u2);
int cr_canseesocket(struct ucred *cred, struct socket *so);
diff --git a/sys/ufs/ffs/ffs_alloc.c b/sys/ufs/ffs/ffs_alloc.c
index 67c8fc3bdd03..00e0fbdf6201 100644
--- a/sys/ufs/ffs/ffs_alloc.c
+++ b/sys/ufs/ffs/ffs_alloc.c
@@ -173,7 +173,7 @@ retry:
#endif
if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0)
goto nospace;
- if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, SUSER_ALLOWJAIL) &&
+ if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) &&
freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0)
goto nospace;
if (bpref >= fs->fs_size)
@@ -268,7 +268,7 @@ ffs_realloccg(ip, lbprev, bprev, bpref, osize, nsize, cred, bpp)
#endif /* DIAGNOSTIC */
reclaimed = 0;
retry:
- if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, SUSER_ALLOWJAIL) &&
+ if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) &&
freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0) {
goto nospace;
}
diff --git a/sys/ufs/ffs/ffs_vnops.c b/sys/ufs/ffs/ffs_vnops.c
index 80892f39320a..b187ad70a1fa 100644
--- a/sys/ufs/ffs/ffs_vnops.c
+++ b/sys/ufs/ffs/ffs_vnops.c
@@ -790,8 +790,7 @@ ffs_write(ap)
*/
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid &&
ap->a_cred) {
- if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID,
- SUSER_ALLOWJAIL)) {
+ if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, 0)) {
ip->i_mode &= ~(ISUID | ISGID);
DIP_SET(ip, i_mode, ip->i_mode);
}
@@ -1121,8 +1120,7 @@ ffs_extwrite(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *ucred)
* tampering.
*/
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ucred) {
- if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID,
- SUSER_ALLOWJAIL)) {
+ if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID, 0)) {
ip->i_mode &= ~(ISUID | ISGID);
dp->di_mode = ip->i_mode;
}
diff --git a/sys/ufs/ufs/ufs_quota.c b/sys/ufs/ufs/ufs_quota.c
index c6d8795cc42b..49ee1c8f4e17 100644
--- a/sys/ufs/ufs/ufs_quota.c
+++ b/sys/ufs/ufs/ufs_quota.c
@@ -515,7 +515,7 @@ quotaon(td, mp, type, fname)
int error, flags, vfslocked;
struct nameidata nd;
- error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON, 0);
+ error = priv_check(td, PRIV_UFS_QUOTAON);
if (error)
return (error);
@@ -747,10 +747,7 @@ quotaoff(td, mp, type)
struct ufsmount *ump;
int error;
- /*
- * XXXRW: This also seems wrong to allow in a jail?
- */
- error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF, 0);
+ error = priv_check(td, PRIV_UFS_QUOTAOFF);
if (error)
return (error);
@@ -783,8 +780,7 @@ getquota(td, mp, id, type, addr)
switch (type) {
case USRQUOTA:
if ((td->td_ucred->cr_uid != id) && !unprivileged_get_quota) {
- error = priv_check_cred(td->td_ucred,
- PRIV_VFS_GETQUOTA, SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_VFS_GETQUOTA);
if (error)
return (error);
}
@@ -793,8 +789,7 @@ getquota(td, mp, id, type, addr)
case GRPQUOTA:
if (!groupmember(id, td->td_ucred) &&
!unprivileged_get_quota) {
- error = priv_check_cred(td->td_ucred,
- PRIV_VFS_GETQUOTA, SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_VFS_GETQUOTA);
if (error)
return (error);
}
@@ -830,8 +825,7 @@ setquota(td, mp, id, type, addr)
struct dqblk newlim;
int error;
- error = priv_check_cred(td->td_ucred, PRIV_VFS_SETQUOTA,
- SUSER_ALLOWJAIL);
+ error = priv_check(td, PRIV_VFS_SETQUOTA);
if (error)
return (error);
@@ -901,7 +895,7 @@ setuse(td, mp, id, type, addr)
struct dqblk usage;
int error;
- error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE, 0);
+ error = priv_check(td, PRIV_UFS_SETUSE);
if (error)
return (error);
diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c
index 45d2d04a0c74..ec28c2d0505d 100644
--- a/sys/ufs/ufs/ufs_vnops.c
+++ b/sys/ufs/ufs/ufs_vnops.c
@@ -490,12 +490,8 @@ ufs_setattr(ap)
* processes if the security.jail.chflags_allowed sysctl is
* is non-zero; otherwise, they behave like unprivileged
* processes.
- *
- * XXXRW: Move implementation of jail_chflags_allowed to
- * kern_jail.c.
*/
- if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS,
- jail_chflags_allowed ? SUSER_ALLOWJAIL : 0)) {
+ if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
if (ip->i_flags
& (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
error = securelevel_gt(cred, 0);
@@ -663,13 +659,11 @@ ufs_chmod(vp, mode, cred, td)
* jail(8).
*/
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
- if (priv_check_cred(cred, PRIV_VFS_STICKYFILE,
- SUSER_ALLOWJAIL))
+ if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0))
return (EFTYPE);
}
if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
- error = priv_check_cred(cred, PRIV_VFS_SETGID,
- SUSER_ALLOWJAIL);
+ error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
if (error)
return (error);
}
@@ -718,7 +712,7 @@ ufs_chown(vp, uid, gid, cred, td)
*/
if ((uid != ip->i_uid ||
(gid != ip->i_gid && !groupmember(gid, cred))) &&
- (error = priv_check_cred(cred, PRIV_VFS_CHOWN, SUSER_ALLOWJAIL)))
+ (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0)))
return (error);
ogid = ip->i_gid;
ouid = ip->i_uid;
@@ -790,8 +784,7 @@ good:
#endif /* QUOTA */
ip->i_flag |= IN_CHANGE;
if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
- if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID,
- SUSER_ALLOWJAIL)) {
+ if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) {
ip->i_mode &= ~(ISUID | ISGID);
DIP_SET(ip, i_mode, ip->i_mode);
}
@@ -2371,8 +2364,7 @@ ufs_makeinode(mode, dvp, vpp, cnp)
if (DOINGSOFTDEP(tvp))
softdep_change_linkcnt(ip);
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
- priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID,
- SUSER_ALLOWJAIL)) {
+ priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID, 0)) {
ip->i_mode &= ~ISGID;
DIP_SET(ip, i_mode, ip->i_mode);
}