io-lx-public-vs-joyent Sdiff usr/src/uts/common/os/policy.c

Print this page

2078 
2079 int
2080 secpolicy_chroot(const cred_t *cr)
2081 {
2082         return (PRIV_POLICY(cr, PRIV_PROC_CHROOT, B_FALSE, EPERM, NULL));
2083 }
2084 
2085 int
2086 secpolicy_tasksys(const cred_t *cr)
2087 {
2088         return (PRIV_POLICY(cr, PRIV_PROC_TASKID, B_FALSE, EPERM, NULL));
2089 }
2090 
2091 int
2092 secpolicy_meminfo(const cred_t *cr)
2093 {
2094         return (PRIV_POLICY(cr, PRIV_PROC_MEMINFO, B_FALSE, EPERM, NULL));
2095 }
2096 
2097 int
2098 secpolicy_fs_import(const cred_t *cr)
2099 {
2100         return (PRIV_POLICY(cr, PRIV_SYS_FS_IMPORT, B_FALSE, EPERM, NULL));
2101 }
2102 
2103 
2104 int
2105 secpolicy_pfexec_register(const cred_t *cr)
2106 {
2107         return (PRIV_POLICY(cr, PRIV_SYS_ADMIN, B_TRUE, EPERM, NULL));
2108 }
2109 
2110 /*
2111  * Basic privilege checks.
2112  */
2113 int
2114 secpolicy_basic_exec(const cred_t *cr, vnode_t *vp)
2115 {
2116         FAST_BASIC_CHECK(cr, PRIV_PROC_EXEC);
2117 
2118         return (priv_policy_va(cr, PRIV_PROC_EXEC, B_FALSE, EPERM, NULL,
2119             KLPDARG_VNODE, vp, (char *)NULL, KLPDARG_NOMORE));
2120 }
2121 
2122 int
2123 secpolicy_basic_fork(const cred_t *cr)
2124 {

2587 int
2588 secpolicy_xvm_control(const cred_t *cr)
2589 {
2590         if (PRIV_POLICY(cr, PRIV_XVM_CONTROL, B_FALSE, EPERM, NULL))
2591                 return (EPERM);
2592         return (0);
2593 }
2594 
2595 /*
2596  * secpolicy_ppp_config
2597  *
2598  * Determine if the subject has sufficient privileges to configure PPP and
2599  * PPP-related devices.
2600  */
2601 int
2602 secpolicy_ppp_config(const cred_t *cr)
2603 {
2604         if (PRIV_POLICY_ONLY(cr, PRIV_SYS_NET_CONFIG, B_FALSE))
2605                 return (secpolicy_net_config(cr, B_FALSE));
2606         return (PRIV_POLICY(cr, PRIV_SYS_PPP_CONFIG, B_FALSE, EPERM, NULL));
2607 }
2608 
2609 int
2610 secpolicy_hyprlofs_control(const cred_t *cr)
2611 {
2612         if (PRIV_POLICY(cr, PRIV_HYPRLOFS_CONTROL, B_FALSE, EPERM, NULL))
2613                 return (EPERM);
2614         return (0);
2615 }

2078 
2079 int
2080 secpolicy_chroot(const cred_t *cr)
2081 {
2082         return (PRIV_POLICY(cr, PRIV_PROC_CHROOT, B_FALSE, EPERM, NULL));
2083 }
2084 
2085 int
2086 secpolicy_tasksys(const cred_t *cr)
2087 {
2088         return (PRIV_POLICY(cr, PRIV_PROC_TASKID, B_FALSE, EPERM, NULL));
2089 }
2090 
2091 int
2092 secpolicy_meminfo(const cred_t *cr)
2093 {
2094         return (PRIV_POLICY(cr, PRIV_PROC_MEMINFO, B_FALSE, EPERM, NULL));
2095 }
2096 
2097 int







2098 secpolicy_pfexec_register(const cred_t *cr)
2099 {
2100         return (PRIV_POLICY(cr, PRIV_SYS_ADMIN, B_TRUE, EPERM, NULL));
2101 }
2102 
2103 /*
2104  * Basic privilege checks.
2105  */
2106 int
2107 secpolicy_basic_exec(const cred_t *cr, vnode_t *vp)
2108 {
2109         FAST_BASIC_CHECK(cr, PRIV_PROC_EXEC);
2110 
2111         return (priv_policy_va(cr, PRIV_PROC_EXEC, B_FALSE, EPERM, NULL,
2112             KLPDARG_VNODE, vp, (char *)NULL, KLPDARG_NOMORE));
2113 }
2114 
2115 int
2116 secpolicy_basic_fork(const cred_t *cr)
2117 {

2580 int
2581 secpolicy_xvm_control(const cred_t *cr)
2582 {
2583         if (PRIV_POLICY(cr, PRIV_XVM_CONTROL, B_FALSE, EPERM, NULL))
2584                 return (EPERM);
2585         return (0);
2586 }
2587 
2588 /*
2589  * secpolicy_ppp_config
2590  *
2591  * Determine if the subject has sufficient privileges to configure PPP and
2592  * PPP-related devices.
2593  */
2594 int
2595 secpolicy_ppp_config(const cred_t *cr)
2596 {
2597         if (PRIV_POLICY_ONLY(cr, PRIV_SYS_NET_CONFIG, B_FALSE))
2598                 return (secpolicy_net_config(cr, B_FALSE));
2599         return (PRIV_POLICY(cr, PRIV_SYS_PPP_CONFIG, B_FALSE, EPERM, NULL));








2600 }