diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2007-02-19 13:26:39 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2007-02-19 13:26:39 +0000 |
commit | e82d0201bd4f03a90bd4f24ff22dca5a5118a5e1 (patch) | |
tree | a634e907bb5ce1f599aa62b8768068cf7639d1e9 /sys/kern/kern_jail.c | |
parent | 8bd5639f180e60b47e7840866180b84163737e3e (diff) | |
download | src-e82d0201bd4f03a90bd4f24ff22dca5a5118a5e1.tar.gz src-e82d0201bd4f03a90bd4f24ff22dca5a5118a5e1.zip |
Limit quota privileges in jail to PRIV_UFS_GETQUOTA and
PRIV_UFS_SETQUOTA.
Notes
Notes:
svn path=/head/; revision=166831
Diffstat (limited to 'sys/kern/kern_jail.c')
-rw-r--r-- | sys/kern/kern_jail.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index d6e65fa216af..8495fb95a763 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -618,14 +618,11 @@ prison_priv_check(struct ucred *cred, int priv) /* * Allow root in jail to manage a variety of quota - * properties. Some are a bit surprising and should be - * reconsidered. + * properties. These should likely be conditional on a + * configuration option. */ case PRIV_UFS_GETQUOTA: - case PRIV_UFS_QUOTAOFF: /* XXXRW: Slightly surprising. */ - case PRIV_UFS_QUOTAON: /* XXXRW: Slightly surprising. */ case PRIV_UFS_SETQUOTA: - case PRIV_UFS_SETUSE: /* XXXRW: Slightly surprising. */ /* * Since Jail relies on chroot() to implement file system |