From 47fac363b66e176d4547c9b433af030f7a461a2f Mon Sep 17 00:00:00 2001
From: Michael Neumann <mneumann@ntecs.de>
Date: Sun, 12 Jul 2009 17:44:23 +0200
Subject: [PATCH] priv: Introduce and use PRIV_VFS_CHMOD

---
 sys/kern/kern_jail.c  | 1 +
 sys/kern/vfs_helper.c | 2 +-
 sys/sys/priv.h        | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index a89fb9cf06..03d0115db8 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -682,6 +682,7 @@ prison_priv_check(struct ucred *cred, int priv)
 
 	case PRIV_VFS_SYSFLAGS:
 	case PRIV_VFS_CHOWN:
+	case PRIV_VFS_CHMOD:
 	case PRIV_VFS_CHROOT:
 	case PRIV_VFS_MKNOD_BAD:
 	case PRIV_VFS_MKNOD_WHT:
diff --git a/sys/kern/vfs_helper.c b/sys/kern/vfs_helper.c
index 74e86057b1..9a1808d8aa 100644
--- a/sys/kern/vfs_helper.c
+++ b/sys/kern/vfs_helper.c
@@ -221,7 +221,7 @@ vop_helper_chmod(struct vnode *vp, mode_t new_mode, struct ucred *cred,
 	}
 
 	if (cred->cr_uid != cur_uid) {
-		error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
+		error = priv_check_cred(cred, PRIV_VFS_CHMOD, 0);
 		if (error)
 			return (error);
 	}
diff --git a/sys/sys/priv.h b/sys/sys/priv.h
index b2ca0b1c12..56fdd4c95a 100644
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@@ -283,6 +283,7 @@
 
 #define	PRIV_VFS_MKNOD_DIR	345	/* Can mknod() to create special */
 					/* directories for HAMMER. */
+#define	PRIV_VFS_CHMOD		346	/* Can chmod() if not owner */
 
 /*
  * Virtual memory privileges.
-- 
2.11.4.GIT