196 dummycr->cr_ruid = (uid_t)-1;
197 dummycr->cr_rgid = (gid_t)-1;
198 dummycr->cr_suid = (uid_t)-1;
199 dummycr->cr_sgid = (gid_t)-1;
200
201
202 /*
203 * kcred is used by anything that needs all privileges; it's
204 * also the template used for crget as it has all the compatible
205 * sets filled in.
206 */
207 kcred = cralloc();
208
209 bzero(kcred, crsize);
210 kcred->cr_ref = 1;
211
212 /* kcred is never freed, so we don't need zone_cred_hold here */
213 kcred->cr_zone = &zone0;
214
215 priv_fillset(&CR_LPRIV(kcred));
216 CR_IPRIV(kcred) = *priv_basic;
217
218 /* Not a basic privilege, if chown is not restricted add it to I0 */
219 if (!rstchown)
220 priv_addset(&CR_IPRIV(kcred), PRIV_FILE_CHOWN_SELF);
221
222 /* Basic privilege, if link is restricted remove it from I0 */
223 if (rstlink)
224 priv_delset(&CR_IPRIV(kcred), PRIV_FILE_LINK_ANY);
225
226 CR_EPRIV(kcred) = CR_PPRIV(kcred) = CR_IPRIV(kcred);
227
228 CR_FLAGS(kcred) = NET_MAC_AWARE;
229
230 /*
231 * Set up credentials of p0.
232 */
233 ttoproc(curthread)->p_cred = kcred;
234 curthread->t_cred = kcred;
235
236 ucredsize = UCRED_SIZE;
|
196 dummycr->cr_ruid = (uid_t)-1;
197 dummycr->cr_rgid = (gid_t)-1;
198 dummycr->cr_suid = (uid_t)-1;
199 dummycr->cr_sgid = (gid_t)-1;
200
201
202 /*
203 * kcred is used by anything that needs all privileges; it's
204 * also the template used for crget as it has all the compatible
205 * sets filled in.
206 */
207 kcred = cralloc();
208
209 bzero(kcred, crsize);
210 kcred->cr_ref = 1;
211
212 /* kcred is never freed, so we don't need zone_cred_hold here */
213 kcred->cr_zone = &zone0;
214
215 priv_fillset(&CR_LPRIV(kcred));
216 CR_IPRIV(kcred) = *priv_default; /* XXX: Really needed here? */
217
218 /* Not a basic privilege, if chown is not restricted add it to I0 */
219 if (!rstchown)
220 priv_addset(&CR_IPRIV(kcred), PRIV_FILE_CHOWN_SELF);
221
222 /* Basic privilege, if link is restricted remove it from I0 */
223 if (rstlink)
224 priv_delset(&CR_IPRIV(kcred), PRIV_FILE_LINK_ANY);
225
226 CR_EPRIV(kcred) = CR_PPRIV(kcred) = CR_IPRIV(kcred);
227
228 CR_FLAGS(kcred) = NET_MAC_AWARE;
229
230 /*
231 * Set up credentials of p0.
232 */
233 ttoproc(curthread)->p_cred = kcred;
234 curthread->t_cred = kcred;
235
236 ucredsize = UCRED_SIZE;
|