aboutsummaryrefslogtreecommitdiff
path: root/sys/kern/kern_jail.c
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2007-02-19 13:26:39 +0000
committerRobert Watson <rwatson@FreeBSD.org>2007-02-19 13:26:39 +0000
commite82d0201bd4f03a90bd4f24ff22dca5a5118a5e1 (patch)
treea634e907bb5ce1f599aa62b8768068cf7639d1e9 /sys/kern/kern_jail.c
parent8bd5639f180e60b47e7840866180b84163737e3e (diff)
downloadsrc-e82d0201bd4f03a90bd4f24ff22dca5a5118a5e1.tar.gz
src-e82d0201bd4f03a90bd4f24ff22dca5a5118a5e1.zip
Limit quota privileges in jail to PRIV_UFS_GETQUOTA and
PRIV_UFS_SETQUOTA.
Notes
Notes: svn path=/head/; revision=166831
Diffstat (limited to 'sys/kern/kern_jail.c')
-rw-r--r--sys/kern/kern_jail.c7
1 files changed, 2 insertions, 5 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index d6e65fa216af..8495fb95a763 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -618,14 +618,11 @@ prison_priv_check(struct ucred *cred, int priv)
/*
* Allow root in jail to manage a variety of quota
- * properties. Some are a bit surprising and should be
- * reconsidered.
+ * properties. These should likely be conditional on a
+ * configuration option.
*/
case PRIV_UFS_GETQUOTA:
- case PRIV_UFS_QUOTAOFF: /* XXXRW: Slightly surprising. */
- case PRIV_UFS_QUOTAON: /* XXXRW: Slightly surprising. */
case PRIV_UFS_SETQUOTA:
- case PRIV_UFS_SETUSE: /* XXXRW: Slightly surprising. */
/*
* Since Jail relies on chroot() to implement file system
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-13 10:29:41 +0000