Fix periodic scripts when an NFS mount covers a local mount

100.chksetuid and 110.neggrpperm try to search through all UFS and ZFS
filesystems. But their logic contains an error. They also search through
remote filesystems that are mounted on top of the root of a local
filesystem. For example, if a user installs a FreeBSD system with the
default ZFS layout, he'll get a zroot/usr/home filesystem. If he then mounts
/usr/home over NFS, these scripts would search through /usr/home.

MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D7482

2 files changed, 2 insertions, 2 deletions

diff --git a/etc/periodic/security/100.chksetuid b/etc/periodic/security/100.chksetuid
index 95920a6faf90..da8d29d985ea 100755
--- a/etc/periodic/security/100.chksetuid
+++ b/etc/periodic/security/100.chksetuid
@@ -46,7 +46,7 @@ then
 	echo ""
 	echo 'Checking setuid files and devices:'
 	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
-	find -sx $MP /dev/null -type f \
+	find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
 	    \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
 	    \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ |
 	check_diff setuid - "${host} setuid diffs:"
diff --git a/etc/periodic/security/110.neggrpperm b/etc/periodic/security/110.neggrpperm
index 1d545ac5f7b6..bd94015951bd 100755
--- a/etc/periodic/security/110.neggrpperm
+++ b/etc/periodic/security/110.neggrpperm
@@ -44,7 +44,7 @@ then
 	echo ""
 	echo 'Checking negative group permissions:'
 	MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
-	n=$(find -sx $MP /dev/null -type f \
+	n=$(find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
 	    \( \( ! -perm +010 -and -perm +001 \) -or \
 	    \( ! -perm +020 -and -perm +002 \) -or \
 	    \( ! -perm +040 -and -perm +004 \) \) \