From e41966dc35be70e81265bc7f4cacafc6842fda14 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Sun, 21 Oct 2007 22:50:11 +0000 Subject: [PATCH] Add PRIV_VFS_STAT privilege, which will allow overriding policy limits on the right to stat() a file, such as in mac_bsdextended. Obtained from: TrustedBSD Project MFC after: 3 months --- sys/kern/kern_jail.c | 1 + sys/sys/priv.h | 1 + 2 files changed, 2 insertions(+) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index f61b30191215..49bc080677fc 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -684,6 +684,7 @@ prison_priv_check(struct ucred *cred, int priv) case PRIV_VFS_FCHROOT: case PRIV_VFS_LINK: case PRIV_VFS_SETGID: + case PRIV_VFS_STAT: case PRIV_VFS_STICKYFILE: return (0); diff --git a/sys/sys/priv.h b/sys/sys/priv.h index ec8be5a8162c..947019179452 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -277,6 +277,7 @@ #define PRIV_VFS_STICKYFILE 341 /* Can set sticky bit on file. */ #define PRIV_VFS_SYSFLAGS 342 /* Can modify system flags. */ #define PRIV_VFS_UNMOUNT 343 /* Can unmount(). */ +#define PRIV_VFS_STAT 344 /* Override vnode MAC stat perm. */ /* * Virtual memory privileges.