From aedd0fb7b942e70df1029301d9955e91f76ecc00 Mon Sep 17 00:00:00 2001
From: Michael Neumann <mneumann@ntecs.de>
Date: Mon, 13 Jul 2009 00:08:56 +0200
Subject: [PATCH] priv: Define and use PRIV_VARSYM_SYS

---
 sys/kern/kern_jail.c   | 2 ++
 sys/kern/kern_varsym.c | 2 +-
 sys/sys/priv.h         | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index d2369ff921..5a0852d0d8 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -698,6 +698,8 @@ prison_priv_check(struct ucred *cred, int priv)
 
 	case PRIV_SYSCTL_WRITEJAIL:
 
+	case PRIV_VARSYM_SYS:
+
 		return (0);
 
 	case PRIV_UFS_QUOTAON:
diff --git a/sys/kern/kern_varsym.c b/sys/kern/kern_varsym.c
index 56ff817310..516b669a58 100644
--- a/sys/kern/kern_varsym.c
+++ b/sys/kern/kern_varsym.c
@@ -153,7 +153,7 @@ sys_varsym_set(struct varsym_set_args *uap)
 	    uap->level = VARSYM_PRISON;
     case VARSYM_PRISON:
 	if (p != NULL &&
-	    (error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT)) != 0)
+	    (error = priv_check_cred(p->p_ucred, PRIV_VARSYM_SYS, 0)) != 0)
 	    break;
 	/* fall through */
     case VARSYM_USER:
diff --git a/sys/sys/priv.h b/sys/sys/priv.h
index 3e4e7cb5b5..65624edd26 100644
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@@ -85,6 +85,7 @@
 #define	PRIV_SETTIMEOFDAY	18	/* Can call settimeofday. */
 #define	PRIV_SETHOSTID		19	/* Can call sethostid. */
 #define	PRIV_SETDOMAINNAME	20	/* Can call setdomainname. */
+#define	PRIV_VARSYM_SYS		21	/* Can varsym_set(VARSYM_SYS, ...) */
 
 /*
  * Audit subsystem privileges.
-- 
2.11.4.GIT