Add PRIV_VFS_STAT privilege, which will allow overriding policy limits on

the right to stat() a file, such as in mac_bsdextended. Obtained from: TrustedBSD Project MFC after: 3 months
2026-05-28 04:12:45 -04:00 · 2007-10-21 22:50:11 +00:00 · 2007-10-21 22:50:11 +00:00 · e41966dc35
commit e41966dc35
parent a1fedf914f
2 changed files with 2 additions and 0 deletions
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@ -684,6 +684,7 @@ prison_priv_check(struct ucred *cred, int priv)
 	case PRIV_VFS_FCHROOT:
 	case PRIV_VFS_LINK:
 	case PRIV_VFS_SETGID:
+	case PRIV_VFS_STAT:
 	case PRIV_VFS_STICKYFILE:
 		return (0);

--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@ -277,6 +277,7 @@
 #define	PRIV_VFS_STICKYFILE	341	/* Can set sticky bit on file. */
 #define	PRIV_VFS_SYSFLAGS	342	/* Can modify system flags. */
 #define	PRIV_VFS_UNMOUNT	343	/* Can unmount(). */
+#define	PRIV_VFS_STAT		344	/* Override vnode MAC stat perm. */

 /*
 * Virtual memory privileges.