From 91a193f5108c5a29e7ffd016e033a0e8781ed355 Mon Sep 17 00:00:00 2001
From: Michael Neumann <mneumann@ntecs.de>
Date: Sun, 12 Jul 2009 23:48:14 +0200
Subject: [PATCH] priv: Define and use PRIV_HAMMER_IOCTL

---
 sys/kern/kern_jail.c          | 3 +++
 sys/sys/priv.h                | 7 ++++++-
 sys/vfs/hammer/hammer_ioctl.c | 2 +-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 26960945b8..d2369ff921 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -728,6 +728,9 @@ prison_priv_check(struct ucred *cred, int priv)
 		else
 			return (EPERM);
 
+	case PRIV_HAMMER_IOCTL:
+		return (0);
+
 	default:
 
 		return (EPERM);
diff --git a/sys/sys/priv.h b/sys/sys/priv.h
index 382c730dc0..3e4e7cb5b5 100644
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@@ -469,9 +469,14 @@
 #define PRIV_CPUCTL_UPDATE	641	/* Update cpu microcode. */
 
 /*
+ * Hammer privileges.
+ */
+#define PRIV_HAMMER_IOCTL	650	/* can hammer_ioctl(). */
+
+/*
  * Track end of privilege list.
  */
-#define	_PRIV_HIGHEST		642
+#define	_PRIV_HIGHEST		651
 
 /*
  * Validate that a named privilege is known by the privilege system.  Invalid
diff --git a/sys/vfs/hammer/hammer_ioctl.c b/sys/vfs/hammer/hammer_ioctl.c
index 9e12382f62..91ef54701f 100644
--- a/sys/vfs/hammer/hammer_ioctl.c
+++ b/sys/vfs/hammer/hammer_ioctl.c
@@ -58,7 +58,7 @@ hammer_ioctl(hammer_inode_t ip, u_long com, caddr_t data, int fflag,
 	struct hammer_transaction trans;
 	int error;
 
-	error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
+	error = priv_check_cred(cred, PRIV_HAMMER_IOCTL, 0);
 
 	hammer_start_transaction(&trans, ip->hmp);
 
-- 
2.11.4.GIT