From 1242711481597ea7c0cf2397c320243fbb8e535d Mon Sep 17 00:00:00 2001
From: Michael Neumann <mneumann@ntecs.de>
Date: Sun, 12 Jul 2009 18:33:52 +0200
Subject: [PATCH] priv: Use PRIV_NETINET_RESERVEDPORT

---
 sys/kern/kern_jail.c | 7 +++++++
 sys/netinet/in_pcb.c | 4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 4fd7e31f5a..203a430e59 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -699,6 +699,13 @@ prison_priv_check(struct ucred *cred, int priv)
 		return (0);
 
 		/*
+		 * Allow jailed root to bind reserved ports.
+		 */
+	case PRIV_NETINET_RESERVEDPORT:
+		return (0);
+
+
+		/*
 		 * Conditionally allow creating raw sockets in jail.
 		 */
 	case PRIV_NETINET_RAW:
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index d937d798f0..46da87e5de 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -291,7 +291,7 @@ in_pcbbind(struct inpcb *inp, struct sockaddr *nam, struct thread *td)
 
 			/* GROSS */
 			if (ntohs(lport) < IPPORT_RESERVED &&
-			    cred && priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))
+			    cred && priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0))
 				return (EACCES);
 			if (so->so_cred->cr_uid != 0 &&
 			    !IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) {
@@ -349,7 +349,7 @@ in_pcbbind(struct inpcb *inp, struct sockaddr *nam, struct thread *td)
 			lastport = &pcbinfo->lasthi;
 		} else if (inp->inp_flags & INP_LOWPORT) {
 			if (cred &&
-			    (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
+			    (error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0))) {
 				inp->inp_laddr.s_addr = INADDR_ANY;
 				return (error);
 			}
-- 
2.11.4.GIT