summaryrefslogtreecommitdiff
path: root/sys/kern/vfs_subr.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/kern/vfs_subr.c')
-rw-r--r--sys/kern/vfs_subr.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c
index eb5f5cf39b83..27dcfd3f5728 100644
--- a/sys/kern/vfs_subr.c
+++ b/sys/kern/vfs_subr.c
@@ -3050,6 +3050,7 @@ vaccess(type, file_mode, file_uid, file_gid, acc_mode, cred, privused)
/* Check the owner. */
if (cred->cr_uid == file_uid) {
+ dac_granted |= VADMIN;
if (file_mode & S_IXUSR)
dac_granted |= VEXEC;
if (file_mode & S_IRUSR)
@@ -3117,6 +3118,10 @@ privcheck:
!cap_check_xxx(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT))
cap_granted |= VWRITE;
+ if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
+ !cap_check_xxx(cred, NULL, CAP_FOWNER, PRISON_ROOT))
+ cap_granted |= VADMIN;
+
if ((acc_mode & (cap_granted | dac_granted)) == acc_mode) {
/* XXX audit: privilege used */
if (privused != NULL)
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-03 08:16:57 +0000