diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
commit | 32f9753cfbfe844fa6c02c88c7ca96617e903d8e (patch) | |
tree | c439df85bebf079d07319c231d64ac481577b036 /sys/netinet/raw_ip.c | |
parent | efe641b939baf83c13aa60cadaa44ad5a501e824 (diff) | |
download | src-32f9753cfbfe844fa6c02c88c7ca96617e903d8e.tar.gz src-32f9753cfbfe844fa6c02c88c7ca96617e903d8e.zip |
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in
some cases, move to priv_check() if it was an operation on a thread and
no other flags were present.
Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.
We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths. Do, however, move those prototypes to priv.h.
Reviewed by: csjp
Obtained from: TrustedBSD Project
Notes
Notes:
svn path=/head/; revision=170587
Diffstat (limited to 'sys/netinet/raw_ip.c')
-rw-r--r-- | sys/netinet/raw_ip.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 3eef187c4fbe..5329c6c2df6f 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -607,13 +607,8 @@ rip_attach(struct socket *so, int proto, struct thread *td) inp = sotoinpcb(so); KASSERT(inp == NULL, ("rip_attach: inp != NULL")); - /* - * XXXRW: Centralize privilege decision in kern_jail.c. - */ - if (jailed(td->td_ucred) && !jail_allow_raw_sockets) - return (EPERM); - error = priv_check_cred(td->td_ucred, PRIV_NETINET_RAW, - SUSER_ALLOWJAIL); + + error = priv_check(td, PRIV_NETINET_RAW); if (error) return error; if (proto >= IPPROTO_MAX || proto < 0) |