Page MenuHomeFreeBSD
Differential D14681 Diff 42156 head/sys/kern/vfs_subr.c

Changeset View

Standalone View

View Options

head/sys/kern/vfs_subr.c

Show First 20 LinesShow All 677 Lines▼ Show 20 Lines
/* /*
* Check if a user can access privileged mount options. * Check if a user can access privileged mount options.
*/ */
int int
vfs_suser(struct mount *mp, struct thread *td) vfs_suser(struct mount *mp, struct thread *td)
{ {
int error; int error;
if (jailed(td->td_ucred)) {
/* /*
* If the thread is jailed, but this is not a jail-friendly file * If the jail of the calling thread lacks permission for
* system, deny immediately. * this type of file system, deny immediately.
*/ */
if (!(mp->mnt_vfc->vfc_flags & VFCF_JAIL) && jailed(td->td_ucred)) if (!prison_allow(td->td_ucred, mp->mnt_vfc->vfc_prison_flag))
return (EPERM); return (EPERM);
/* /*
* If the file system was mounted outside the jail of the calling * If the file system was mounted outside the jail of the
* thread, deny immediately. * calling thread, deny immediately.
*/ */
if (prison_check(td->td_ucred, mp->mnt_cred) != 0) if (prison_check(td->td_ucred, mp->mnt_cred) != 0)
return (EPERM); return (EPERM);
}
/* /*
* If file system supports delegated administration, we don't check * If file system supports delegated administration, we don't check
* for the PRIV_VFS_MOUNT_OWNER privilege - it will be better verified * for the PRIV_VFS_MOUNT_OWNER privilege - it will be better verified
* by the file system itself. * by the file system itself.
* If this is not the user that did original mount, we check for * If this is not the user that did original mount, we check for
* the PRIV_VFS_MOUNT_OWNER privilege. * the PRIV_VFS_MOUNT_OWNER privilege.
*/ */
▲ Show 20 LinesShow All 4,836 LinesShow Last 20 Lines