From 87fce2bb963f92a6bcea1846cd3d5f0a07cde904 Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Wed, 26 Sep 2001 20:41:48 +0000
Subject: [PATCH] o When performing a securelevel check as part of
 securelevel_ge() or   securelevel_gt(), determine first if a local
 securelevel exists --   if so, perform the check based on imax(local,
 global).  Otherwise,   simply use the global value. o Note: even though local
 securelevels might lag below the global one,   if the global value is updated
 to higher than local values, maximum   will still be used, making the global
 dominant even if there is local   lag.

Obtained from:	TrustedBSD Project
---
 sys/kern/kern_prot.c | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 1f52132bb9b..69b086b6371 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1301,18 +1301,14 @@ suser_xxx(cred, proc, flag)
 
 
 /*
- * Test securelevel values against passed required securelevel.
- * _gt implements (level > securelevel), and _ge implements
+ * Test (local, globale) securelevel values against passed required
+ * securelevel.  _gt implements (level > securelevel), and _ge implements
  * (level >= securelevel).  Returns 0 oer EPERM.
  *
  * cr is permitted to be NULL for the time being, as there were some
  * existing securelevel checks that occurred without a process/credential
  * context.  In the future this will be disallowed, so a kernel
  * message is displayed.
- *
- * XXX: The redundant construction below is to facilitate the merging
- * of support for per-jail securelevels, which maintain a local
- * jail securelevel in the process credential.
  */
 int
 securelevel_gt(struct ucred *cr, int level)
@@ -1324,12 +1320,18 @@ securelevel_gt(struct ucred *cr, int level)
 			return (0);
 		else
 			return (EPERM);
-	} else {
+	} else if (cr->cr_prison == NULL) {
 		if (level > securelevel)
 			return (0);
 		else
 			return (EPERM);
+	} else {
+		if (level > imax(cr->cr_prison->pr_securelevel, securelevel))
+			return (0);
+		else
+			return (EPERM);
 	}
+
 }
 
 int
@@ -1342,11 +1344,16 @@ securelevel_ge(struct ucred *cr, int level)
 			return (0);
 		else
 			return (EPERM);
-	} else {
+	} if (cr->cr_prison == NULL) {
 		if (level >= securelevel)
 			return (0);
 		else
 			return (EPERM);
+	} else {
+		if (level >= imax(cr->cr_prison->pr_securelevel, securelevel))
+			return (0);
+		else
+			return (EPERM);
 	}
 }