Changeset View
Changeset View
Standalone View
Standalone View
sys/kern/kern_priv.c
Show First 20 Lines • Show All 160 Lines • ▼ Show 20 Lines | #endif | ||||
* have permission to access /dev/[k]mem). | * have permission to access /dev/[k]mem). | ||||
*/ | */ | ||||
if (priv == PRIV_KMEM_READ) { | if (priv == PRIV_KMEM_READ) { | ||||
error = 0; | error = 0; | ||||
goto out; | goto out; | ||||
} | } | ||||
/* | /* | ||||
* Allow unprivileged process debugging on a per-jail basis. | |||||
*/ | |||||
if (priv == PRIV_DEBUG_UNPRIV) { | |||||
if (prison_allow(cred, PR_ALLOW_UNPRIV_DEBUG)) { | |||||
error = 0; | |||||
goto out; | |||||
} | |||||
} | |||||
/* | |||||
* Now check with MAC, if enabled, to see if a policy module grants | * Now check with MAC, if enabled, to see if a policy module grants | ||||
* privilege. | * privilege. | ||||
*/ | */ | ||||
#ifdef MAC | #ifdef MAC | ||||
if (mac_priv_grant(cred, priv) == 0) { | if (mac_priv_grant(cred, priv) == 0) { | ||||
error = 0; | error = 0; | ||||
goto out; | goto out; | ||||
} | } | ||||
Show All 23 Lines |