Print this page
uts: add a concept of a 'default' set of privileges, separate from 'basic'

@@ -589,18 +589,20 @@
                 def = priv_allocset();
                 if (def == NULL) {
                         ret = PAM_SYSTEM_ERR;
                         goto out;
                 }
-                priv_basicset(def);
+                priv_defaultset(def);
                 errno = 0;
                 if ((pathconf("/", _PC_CHOWN_RESTRICTED) == -1) && (errno == 0))
                         (void) priv_addset(def, PRIV_FILE_CHOWN_SELF);
         }
         /*
          * Silently limit the privileges to those actually available
          * in the current zone.
+         *
+         * XXX: i think this applies to non-zone cases too, fix the comment.
          */
         tset = priv_allocset();
         if (tset == NULL) {
                 ret = PAM_SYSTEM_ERR;
                 goto out;