29c29
< * $FreeBSD: head/sys/kern/kern_priv.c 170587 2007-06-12 00:12:01Z rwatson $
---
> * $FreeBSD: head/sys/kern/kern_priv.c 170850 2007-06-16 23:41:43Z rwatson $
70a71,74
> /*
> * We first evaluate policies that may deny the granting of
> * privilege unilaterally.
> */
87,89c91,93
< * now determine if privilege is granted. For now, we allow
< * short-circuit boolean evaluation, so may not call all policies.
< * Perhaps we should.
---
> * now determine if privilege is granted. At this point, any policy
> * may grant privilege. For now, we allow short-circuit boolean
> * evaluation, so may not call all policies. Perhaps we should.
92,93c96,98
< * certain edge cases, real) uid being 0. We allow the policy to be
< * globally disabled, although this is currently of limited utility.
---
> * the case of specific privileges, real) uid being 0. We allow the
> * superuser policy to be globally disabled, although this is
> * currenty of limited utility.
96c101,104
< if (flags & SUSER_RUID) {
---
> switch (priv) {
> case PRIV_MAXFILES:
> case PRIV_MAXPROC:
> case PRIV_PROC_LIMIT:
99c107,109
< } else {
---
> break;
>
> default:
101a112
> break;
< * $FreeBSD: head/sys/kern/kern_priv.c 170587 2007-06-12 00:12:01Z rwatson $
---
> * $FreeBSD: head/sys/kern/kern_priv.c 170850 2007-06-16 23:41:43Z rwatson $
70a71,74
> /*
> * We first evaluate policies that may deny the granting of
> * privilege unilaterally.
> */
87,89c91,93
< * now determine if privilege is granted. For now, we allow
< * short-circuit boolean evaluation, so may not call all policies.
< * Perhaps we should.
---
> * now determine if privilege is granted. At this point, any policy
> * may grant privilege. For now, we allow short-circuit boolean
> * evaluation, so may not call all policies. Perhaps we should.
92,93c96,98
< * certain edge cases, real) uid being 0. We allow the policy to be
< * globally disabled, although this is currently of limited utility.
---
> * the case of specific privileges, real) uid being 0. We allow the
> * superuser policy to be globally disabled, although this is
> * currenty of limited utility.
96c101,104
< if (flags & SUSER_RUID) {
---
> switch (priv) {
> case PRIV_MAXFILES:
> case PRIV_MAXPROC:
> case PRIV_PROC_LIMIT:
99c107,109
< } else {
---
> break;
>
> default:
101a112
> break;