aboutsummaryrefslogtreecommitdiff
path: root/sys/kern/kern_sysctl.c
diff options
context:
space:
mode:
authorBjoern A. Zeeb <bz@FreeBSD.org>2009-08-13 10:26:34 +0000
committerBjoern A. Zeeb <bz@FreeBSD.org>2009-08-13 10:26:34 +0000
commiteb79e1c76e18c7b72e7f16668319010d7e03ddae (patch)
treeda85107d22a96dc6fa0f87abc22d5684fb84f53c /sys/kern/kern_sysctl.c
parent20b0cdb749a0a8e31a98f6624168d88de77b638f (diff)
downloadsrc-eb79e1c76e18c7b72e7f16668319010d7e03ddae.tar.gz
src-eb79e1c76e18c7b72e7f16668319010d7e03ddae.zip
Make it possible to change the vnet sysctl variables on jails
with their own virtual network stack. Jails only inheriting a network stack cannot change anything that cannot be changed from within a prison. Reviewed by: rwatson, zec Approved by: re (kib)
Notes
Notes: svn path=/head/; revision=196176
Diffstat (limited to 'sys/kern/kern_sysctl.c')
-rw-r--r--sys/kern/kern_sysctl.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index bb5b6a0f3ad6..b83502c2f419 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1381,10 +1381,18 @@ sysctl_root(SYSCTL_HANDLER_ARGS)
/* Is this sysctl writable by only privileged users? */
if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
+ int priv;
+
if (oid->oid_kind & CTLFLAG_PRISON)
- error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL);
+ priv = PRIV_SYSCTL_WRITEJAIL;
+#ifdef VIMAGE
+ else if ((oid->oid_kind & CTLFLAG_VNET) &&
+ prison_owns_vnet(req->td->td_ucred))
+ priv = PRIV_SYSCTL_WRITEJAIL;
+#endif
else
- error = priv_check(req->td, PRIV_SYSCTL_WRITE);
+ priv = PRIV_SYSCTL_WRITE;
+ error = priv_check(req->td, priv);
if (error)
return (error);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 22:37:53 +0000