Changeset View
Changeset View
Standalone View
Standalone View
sys/kern/kern_prot.c
Show First 20 Lines • Show All 1,311 Lines • ▼ Show 20 Lines | groupmember(gid_t gid, struct ucred *cred) | ||||
if (cred->cr_groups[0] == gid) | if (cred->cr_groups[0] == gid) | ||||
return (1); | return (1); | ||||
return (supplementary_group_member(gid, cred)); | return (supplementary_group_member(gid, cred)); | ||||
} | } | ||||
/* | /* | ||||
* Check if gid is a member of the real group set (i.e., real and supplementary | |||||
* groups). | |||||
*/ | |||||
int | |||||
realgroupmember(gid_t gid, struct ucred *cred) | |||||
{ | |||||
if (gid == cred->cr_rgid) | |||||
return (1); | |||||
return (supplementary_group_member(gid, cred)); | |||||
} | |||||
/* | |||||
* Test the active securelevel against a given level. securelevel_gt() | * Test the active securelevel against a given level. securelevel_gt() | ||||
* implements (securelevel > level). securelevel_ge() implements | * implements (securelevel > level). securelevel_ge() implements | ||||
* (securelevel >= level). Note that the logic is inverted -- these | * (securelevel >= level). Note that the logic is inverted -- these | ||||
* functions return EPERM on "success" and 0 on "failure". | * functions return EPERM on "success" and 0 on "failure". | ||||
* | * | ||||
* Due to care taken when setting the securelevel, we know that no jail will | * Due to care taken when setting the securelevel, we know that no jail will | ||||
* be less secure that its parent (or the physical system), so it is sufficient | * be less secure that its parent (or the physical system), so it is sufficient | ||||
* to test the current jail only. | * to test the current jail only. | ||||
▲ Show 20 Lines • Show All 1,194 Lines • Show Last 20 Lines |