Print this page
uts: add a concept of a 'default' set of privileges, separate from 'basic'


 196         dummycr->cr_ruid = (uid_t)-1;
 197         dummycr->cr_rgid = (gid_t)-1;
 198         dummycr->cr_suid = (uid_t)-1;
 199         dummycr->cr_sgid = (gid_t)-1;
 200 
 201 
 202         /*
 203          * kcred is used by anything that needs all privileges; it's
 204          * also the template used for crget as it has all the compatible
 205          * sets filled in.
 206          */
 207         kcred = cralloc();
 208 
 209         bzero(kcred, crsize);
 210         kcred->cr_ref = 1;
 211 
 212         /* kcred is never freed, so we don't need zone_cred_hold here */
 213         kcred->cr_zone = &zone0;
 214 
 215         priv_fillset(&CR_LPRIV(kcred));
 216         CR_IPRIV(kcred) = *priv_basic;
 217 
 218         /* Not a basic privilege, if chown is not restricted add it to I0 */
 219         if (!rstchown)
 220                 priv_addset(&CR_IPRIV(kcred), PRIV_FILE_CHOWN_SELF);
 221 
 222         /* Basic privilege, if link is restricted remove it from I0 */
 223         if (rstlink)
 224                 priv_delset(&CR_IPRIV(kcred), PRIV_FILE_LINK_ANY);
 225 
 226         CR_EPRIV(kcred) = CR_PPRIV(kcred) = CR_IPRIV(kcred);
 227 
 228         CR_FLAGS(kcred) = NET_MAC_AWARE;
 229 
 230         /*
 231          * Set up credentials of p0.
 232          */
 233         ttoproc(curthread)->p_cred = kcred;
 234         curthread->t_cred = kcred;
 235 
 236         ucredsize = UCRED_SIZE;




 196         dummycr->cr_ruid = (uid_t)-1;
 197         dummycr->cr_rgid = (gid_t)-1;
 198         dummycr->cr_suid = (uid_t)-1;
 199         dummycr->cr_sgid = (gid_t)-1;
 200 
 201 
 202         /*
 203          * kcred is used by anything that needs all privileges; it's
 204          * also the template used for crget as it has all the compatible
 205          * sets filled in.
 206          */
 207         kcred = cralloc();
 208 
 209         bzero(kcred, crsize);
 210         kcred->cr_ref = 1;
 211 
 212         /* kcred is never freed, so we don't need zone_cred_hold here */
 213         kcred->cr_zone = &zone0;
 214 
 215         priv_fillset(&CR_LPRIV(kcred));
 216         CR_IPRIV(kcred) = *priv_default; /* XXX: Really needed here? */
 217 
 218         /* Not a basic privilege, if chown is not restricted add it to I0 */
 219         if (!rstchown)
 220                 priv_addset(&CR_IPRIV(kcred), PRIV_FILE_CHOWN_SELF);
 221 
 222         /* Basic privilege, if link is restricted remove it from I0 */
 223         if (rstlink)
 224                 priv_delset(&CR_IPRIV(kcred), PRIV_FILE_LINK_ANY);
 225 
 226         CR_EPRIV(kcred) = CR_PPRIV(kcred) = CR_IPRIV(kcred);
 227 
 228         CR_FLAGS(kcred) = NET_MAC_AWARE;
 229 
 230         /*
 231          * Set up credentials of p0.
 232          */
 233         ttoproc(curthread)->p_cred = kcred;
 234         curthread->t_cred = kcred;
 235 
 236         ucredsize = UCRED_SIZE;