Index: alpha/alpha/mem.c =================================================================== RCS file: /home/ncvs/src/sys/alpha/alpha/mem.c,v retrieving revision 1.19.2.3 diff -u -r1.19.2.3 mem.c --- alpha/alpha/mem.c 2000/05/14 00:29:44 1.19.2.3 +++ alpha/alpha/mem.c 2001/08/09 03:36:45 @@ -134,12 +134,13 @@ int fmt; struct proc *p; { + int error; switch (minor(dev)) { case 0: case 1: - if (securelevel >= 1) - return (EPERM); + if ((error = securelevel_ge(p, 1))) + return (error); break; case 32: #ifdef PERFMON Index: alpha/alpha/sys_machdep.c =================================================================== RCS file: /home/ncvs/src/sys/alpha/alpha/sys_machdep.c,v retrieving revision 1.7 diff -u -r1.7 sys_machdep.c --- alpha/alpha/sys_machdep.c 2000/01/16 07:07:28 1.7 +++ alpha/alpha/sys_machdep.c 2001/08/09 03:36:45 @@ -114,8 +114,8 @@ if (error) return (error); - if (securelevel > 0) - return (EPERM); + if ((error = securelevel_gt(p, 0))) + return (error); error = suser(p); if (error) Index: cam/scsi/scsi_pass.c =================================================================== RCS file: /home/ncvs/src/sys/cam/scsi/scsi_pass.c,v retrieving revision 1.19 diff -u -r1.19 scsi_pass.c --- cam/scsi/scsi_pass.c 2000/01/17 06:27:37 1.19 +++ cam/scsi/scsi_pass.c 2001/08/09 03:36:45 @@ -382,11 +382,11 @@ } /* - * Don't allow access when we're running at a high securelvel. + * Don't allow access when we're running at a high securelevel. */ - if (securelevel > 1) { + if ((error = securelevel_gt(p, 1))) { splx(s); - return(EPERM); + return(error); } /* Index: contrib/ipfilter/netinet/fil.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/fil.c,v retrieving revision 1.23.2.2 diff -u -r1.23.2.2 fil.c --- contrib/ipfilter/netinet/fil.c 2001/07/28 13:05:47 1.23.2.2 +++ contrib/ipfilter/netinet/fil.c 2001/08/09 03:36:45 @@ -709,7 +709,7 @@ */ passt = fr->fr_flags; #if (BSD >= 199306) && (defined(_KERNEL) || defined(KERNEL)) - if (securelevel <= 0) + if (securelevel_gt(NULL, 0) == 0) /* XXX p == NULL */ #endif if ((passt & FR_CALLNOW) && fr->fr_func) passt = (*fr->fr_func)(passt, ip, fin); @@ -1073,7 +1073,7 @@ } #if (BSD >= 199306) && (defined(_KERNEL) || defined(KERNEL)) - if (securelevel <= 0) + if (securelevel_gt(NULL, 0) == 0) /* XXX p == NULL */ #endif if (fr && fr->fr_func && !(pass & FR_CALLNOW)) pass = (*fr->fr_func)(pass, ip, fin); Index: contrib/ipfilter/netinet/ip_fil.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/ip_fil.c,v retrieving revision 1.25.2.2 diff -u -r1.25.2.2 ip_fil.c --- contrib/ipfilter/netinet/ip_fil.c 2001/07/28 13:05:48 1.25.2.2 +++ contrib/ipfilter/netinet/ip_fil.c 2001/08/09 03:36:45 @@ -487,8 +487,11 @@ int error = 0, unit = 0, tmp; #if (BSD >= 199306) && defined(_KERNEL) - if ((securelevel >= 2) && (mode & FWRITE)) - return EPERM; + if (mode & FWRITE) { + error = securelevel_ge(p, 2); + if (error) + return (error); + } #endif #ifdef _KERNEL unit = GET_MINOR(dev); @@ -726,7 +729,8 @@ return EFAULT; fp->fr_ref = 0; #if (BSD >= 199306) && defined(_KERNEL) - if ((securelevel > 0) && (fp->fr_func != NULL)) + /* XXX p == NULL */ + if ((securelevel_gt(p, 0) != 0) && (fp->fr_func != NULL)) return EPERM; #endif Index: contrib/ipfilter/netinet/ip_nat.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/ip_nat.c,v retrieving revision 1.22.2.2 diff -u -r1.22.2.2 ip_nat.c --- contrib/ipfilter/netinet/ip_nat.c 2001/07/28 13:05:48 1.22.2.2 +++ contrib/ipfilter/netinet/ip_nat.c 2001/08/09 03:36:45 @@ -430,7 +430,8 @@ u_32_t i, j; #if (BSD >= 199306) && defined(_KERNEL) - if ((securelevel >= 2) && (mode & FWRITE)) + /* XXX p == NULL */ + if (securelevel_ge(NULL, 2) && (mode & FWRITE)) return EPERM; #endif Index: dev/syscons/syscons.c =================================================================== RCS file: /home/ncvs/src/sys/dev/syscons/syscons.c,v retrieving revision 1.336.2.10 diff -u -r1.336.2.10 syscons.c --- dev/syscons/syscons.c 2001/08/01 10:42:31 1.336.2.10 +++ dev/syscons/syscons.c 2001/08/09 03:36:45 @@ -967,8 +967,9 @@ error = suser(p); if (error != 0) return error; - if (securelevel > 0) - return EPERM; + error = securelevel_gt(p, 0); + if (error != 0) + return error; #ifdef __i386__ p->p_md.md_regs->tf_eflags |= PSL_IOPL; #endif Index: i386/i386/mem.c =================================================================== RCS file: /home/ncvs/src/sys/i386/i386/mem.c,v retrieving revision 1.79.2.8 diff -u -r1.79.2.8 mem.c --- i386/i386/mem.c 2001/06/12 13:13:31 1.79.2.8 +++ i386/i386/mem.c 2001/08/09 03:36:45 @@ -135,15 +135,15 @@ switch (minor(dev)) { case 0: case 1: - if ((flags & FWRITE) && securelevel > 0) - return (EPERM); + if ((flags & FWRITE) && (error = securelevel_gt(p, 0))) + return (error); break; case 14: error = suser(p); if (error != 0) + return (error); + if ((error = securelevel_gt(p, 0))) return (error); - if (securelevel > 0) - return (EPERM); p->p_md.md_regs->tf_eflags |= PSL_IOPL; break; default: Index: i386/i386/sys_machdep.c =================================================================== RCS file: /home/ncvs/src/sys/i386/i386/sys_machdep.c,v retrieving revision 1.47.2.2 diff -u -r1.47.2.2 sys_machdep.c --- i386/i386/sys_machdep.c 2000/09/30 02:49:33 1.47.2.2 +++ i386/i386/sys_machdep.c 2001/08/09 03:36:45 @@ -179,8 +179,8 @@ if ((error = suser(p)) != 0) return (error); - if (securelevel > 0) - return (EPERM); + if ((error = securelevel_gt(p, 0))) + return (error); /* * XXX * While this is restricted to root, we should probably figure out Index: i386/isa/spigot.c =================================================================== RCS file: /home/ncvs/src/sys/i386/isa/spigot.c,v retrieving revision 1.44 diff -u -r1.44 spigot.c --- i386/isa/spigot.c 2000/01/29 16:17:36 1.44 +++ i386/isa/spigot.c 2001/08/09 03:36:45 @@ -173,8 +173,9 @@ error = suser(p); if (error != 0) return error; - if (securelevel > 0) - return EPERM; + error = securelevel_gt(p, 0); + if (error != 0) + return error; #endif ss->flags |= OPEN; @@ -229,8 +230,9 @@ error = suser(p); if (error != 0) return error; - if (securelevel > 0) - return EPERM; + error = securelevel_gt(p, 0); + if (error != 0) + return error; #endif p->p_md.md_regs->tf_eflags |= PSL_IOPL; break; Index: i386/isa/pcvt/pcvt_drv.c =================================================================== RCS file: /home/ncvs/src/sys/i386/isa/pcvt/pcvt_drv.c,v retrieving revision 1.63.2.1 diff -u -r1.63.2.1 pcvt_drv.c --- i386/isa/pcvt/pcvt_drv.c 2001/02/26 04:23:13 1.63.2.1 +++ i386/isa/pcvt/pcvt_drv.c 2001/08/09 03:36:45 @@ -1427,8 +1427,9 @@ error = suser(p); if (error != 0) return (error); - if (securelevel > 0) - return (EPERM); + error = securelevel_gt(p, 0); + if (error != 0) + return (error); if(pcvt_xmode) return 0; Index: i386/isa/pcvt/pcvt_ext.c =================================================================== RCS file: /home/ncvs/src/sys/i386/isa/pcvt/pcvt_ext.c,v retrieving revision 1.17 diff -u -r1.17 pcvt_ext.c --- i386/isa/pcvt/pcvt_ext.c 1999/12/30 16:17:09 1.17 +++ i386/isa/pcvt/pcvt_ext.c 2001/08/09 03:36:45 @@ -2669,8 +2669,9 @@ error = suser(p); if (error != 0) return (error); - if (securelevel > 0) - return (EPERM); + error = securelevel_gt(p, 0); + if (error != 0) + return (error); #if PCVT_NETBSD || (PCVT_FREEBSD && PCVT_FREEBSD > 102) fp->tf_eflags |= PSL_IOPL; Index: i386/linux/linux_machdep.c =================================================================== RCS file: /home/ncvs/src/sys/i386/linux/linux_machdep.c,v retrieving revision 1.6.2.3 diff -u -r1.6.2.3 linux_machdep.c --- i386/linux/linux_machdep.c 2001/03/02 16:40:27 1.6.2.3 +++ i386/linux/linux_machdep.c 2001/08/09 03:36:45 @@ -457,8 +457,8 @@ return (EINVAL); if ((error = suser(p)) != 0) return (error); - if (securelevel > 0) - return (EPERM); + if ((error = securelevel_gt(p, 0)) != 0) + return (error); p->p_md.md_regs->tf_eflags = (p->p_md.md_regs->tf_eflags & ~PSL_IOPL) | (args->level * (PSL_IOPL / 3)); return (0); Index: i386/linux/linprocfs/linprocfs_subr.c =================================================================== RCS file: /home/ncvs/src/sys/i386/linux/linprocfs/Attic/linprocfs_subr.c,v retrieving revision 1.3.2.4 diff -u -r1.3.2.4 linprocfs_subr.c --- i386/linux/linprocfs/linprocfs_subr.c 2001/06/25 19:46:47 1.3.2.4 +++ i386/linux/linprocfs/linprocfs_subr.c 2001/08/09 03:36:45 @@ -244,7 +244,8 @@ p = PFIND(pfs->pfs_pid); if (p == 0) return (EINVAL); - if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE) + if (p->p_pid == 1 && securelevel_gt(ap->a_uio->uio_procp, 0) && + uio->uio_rw == UIO_WRITE) return (EACCES); while (pfs->pfs_lockowner) { Index: kern/kern_jail.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_jail.c,v retrieving revision 1.6.2.2 diff -u -r1.6.2.2 kern_jail.c --- kern/kern_jail.c 2000/11/01 17:58:06 1.6.2.2 +++ kern/kern_jail.c 2001/08/09 03:36:45 @@ -66,6 +66,7 @@ return (EINVAL); MALLOC(pr, struct prison *, sizeof *pr , M_PRISON, M_WAITOK); bzero((caddr_t)pr, sizeof *pr); + pr->pr_securelevel = securelevel; error = copyinstr(j.hostname, &pr->pr_host, sizeof pr->pr_host, 0); if (error) goto bail; Index: kern/kern_linker.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_linker.c,v retrieving revision 1.41.2.2 diff -u -r1.41.2.2 kern_linker.c --- kern/kern_linker.c 2000/07/16 13:13:32 1.41.2.2 +++ kern/kern_linker.c 2001/08/09 03:36:45 @@ -248,8 +248,8 @@ char *koname = NULL; /* Refuse to load modules if securelevel raised */ - if (securelevel > 0) - return EPERM; + if ((error = securelevel_gt(NULL, 0))) /* XXX p==NULL */ + return (error); lf = linker_find_file_by_name(filename); if (lf) { @@ -394,8 +394,8 @@ int i; /* Refuse to unload modules if securelevel raised */ - if (securelevel > 0) - return EPERM; + if ((error = securelevel_gt(NULL, 0))) /* XXX p==NULL */ + return (error); KLD_DPF(FILE, ("linker_file_unload: lf->refs=%d\n", file->refs)); lockmgr(&lock, LK_EXCLUSIVE, 0, curproc); @@ -654,8 +654,8 @@ p->p_retval[0] = -1; - if (securelevel > 0) /* redundant, but that's OK */ - return EPERM; + if ((error = securelevel_gt(p, 0))) /* redundant, but that's OK */ + return (error); if ((error = suser(p)) != 0) return error; @@ -693,8 +693,8 @@ linker_file_t lf; int error = 0; - if (securelevel > 0) /* redundant, but that's OK */ - return EPERM; + if ((error = securelevel_gt(p, 0))) /* redundant, but that's OK */ + return (error); if ((error = suser(p)) != 0) return error; Index: kern/kern_mib.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_mib.c,v retrieving revision 1.29.2.4 diff -u -r1.29.2.4 kern_mib.c --- kern/kern_mib.c 2001/07/30 23:28:00 1.29.2.4 +++ kern/kern_mib.c 2001/08/11 15:01:10 @@ -172,18 +172,39 @@ { int error, level; - level = securelevel; + /* + * If the process is in jail, return the maximum of the + * global and local levels; otherwise, return the global + * level. + */ + if (req->p->p_prison) + level = imax(securelevel, + req->p->p_prison->pr_securelevel); + else + level = securelevel; error = sysctl_handle_int(oidp, &level, 0, req); if (error || !req->newptr) return (error); - if (level < securelevel) - return (EPERM); - securelevel = level; + /* + * Permit update only if the new securelevel exceeds the + * global level, and local level if any. + */ + if (req->p->p_prison) { + if (level < imax(securelevel, + req->p->p_prison->pr_securelevel)) + return (EPERM); + req->p->p_prison->pr_securelevel = level; + } else { + if (level < securelevel) + return (EPERM); + securelevel = level; + } return (error); } -SYSCTL_PROC(_kern, KERN_SECURELVL, securelevel, CTLTYPE_INT|CTLFLAG_RW, - 0, 0, sysctl_kern_securelvl, "I", "Current secure level"); +SYSCTL_PROC(_kern, KERN_SECURELVL, securelevel, + CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_PRISON, 0, 0, sysctl_kern_securelvl, + "I", "Current secure level"); char domainname[MAXHOSTNAMELEN]; SYSCTL_STRING(_kern, KERN_NISDOMAINNAME, domainname, CTLFLAG_RW, Index: kern/kern_prot.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_prot.c,v retrieving revision 1.53.2.7 diff -u -r1.53.2.7 kern_prot.c --- kern/kern_prot.c 2001/05/17 03:51:28 1.53.2.7 +++ kern/kern_prot.c 2001/08/11 15:01:38 @@ -47,6 +47,8 @@ #include #include +#include +#include #include #include #include @@ -949,6 +951,63 @@ if (proc) proc->p_acflag |= ASU; return (0); +} + +/* + * Test securelevel values (local, global) against passed required + * securelevel. _gt implements (level > securelevel), _ge implements + * (level <= securelevel). Returns 0 or EPERM. + * + * p is permitted to be NULL for the time being, as there were some + * existing securelevel checks that occurred without a process + * context. In the future this may be disallowed, so a kernel + * message is displayed. + */ +int +securelevel_gt(struct proc *p, int level) +{ + + if (p == NULL) { + printf("securelevel_gt: p is NULL\n"); + if (securelevel > level) + return (EPERM); + else + return (0); + } else if (p->p_prison == NULL) { + if (securelevel > level) + return (EPERM); + else + return (0); + } else { + if (max(p->p_prison->pr_securelevel, securelevel) > level) + return (EPERM); + else + return (0); + } + +} + +int +securelevel_ge(struct proc *p, int level) +{ + + if (p == NULL) { + printf("securelevel_ge: p is NULL\n"); + if (securelevel >= level) + return (EPERM); + else + return (0); + } if (p->p_prison == NULL) { + if (securelevel >= level) + return (EPERM); + else + return (0); + } else { + if (max(p->p_prison->pr_securelevel, securelevel) >= level) + return (EPERM); + else + return (0); + } } /* Index: kern/kern_sysctl.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_sysctl.c,v retrieving revision 1.92.2.5 diff -u -r1.92.2.5 kern_sysctl.c --- kern/kern_sysctl.c 2001/06/18 23:48:13 1.92.2.5 +++ kern/kern_sysctl.c 2001/08/09 03:36:45 @@ -1011,17 +1011,31 @@ return (EISDIR); } - /* If writing isn't allowed */ - if (req->newptr && (!(oid->oid_kind & CTLFLAG_WR) || - ((oid->oid_kind & CTLFLAG_SECURE) && securelevel > 0))) + /* Is this sysctl writable? */ + if (req->newptr && !(oid->oid_kind & CTLFLAG_WR)) return (EPERM); - /* Most likely only root can write */ - if (!(oid->oid_kind & CTLFLAG_ANYBODY) && - req->newptr && req->p && - (error = suser_xxx(0, req->p, - (oid->oid_kind & CTLFLAG_PRISON) ? PRISON_ROOT : 0))) - return (error); + /* Is this sysctl sensitive to securelevels? */ + if (req->newptr && (oid->oid_kind & CTLFLAG_SECURE)) { + error = securelevel_gt(req->p, 0); /* XXX req->p ?= NULL */ + if (error) + return (error); + } + + /* Is this sysctl writable by only privileged users? */ + if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) { + if (req->p != NULL) { + int flags; + + if (oid->oid_kind & CTLFLAG_PRISON) + flags = PRISON_ROOT; + else + flags = 0; + error = suser_xxx(NULL, req->p, flags); + if (error) + return (error); + } + } if (!oid->oid_handler) return EINVAL; Index: kern/kern_time.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_time.c,v retrieving revision 1.68 diff -u -r1.68 kern_time.c --- kern/kern_time.c 1999/10/30 06:31:51 1.68 +++ kern/kern_time.c 2001/08/09 03:36:45 @@ -63,7 +63,7 @@ static int nanosleep1 __P((struct proc *p, struct timespec *rqt, struct timespec *rmt)); -static int settime __P((struct timeval *)); +static int settime __P((struct proc *, struct timeval *)); static void timevalfix __P((struct timeval *)); static void no_lease_updatetime __P((int)); @@ -76,7 +76,8 @@ void (*lease_updatetime) __P((int)) = no_lease_updatetime; static int -settime(tv) +settime(p, tv) + struct proc *p; struct timeval *tv; { struct timeval delta, tv1, tv2; @@ -100,7 +101,7 @@ * than one second, nor more than once per second. This allows * a miscreant to make the clock march double-time, but no worse. */ - if (securelevel > 1) { + if (securelevel_gt(p, 1) != 0) { if (delta.tv_sec < 0 || delta.tv_usec < 0) { /* * Update maxtime to latest time we've seen. @@ -184,7 +185,7 @@ return (EINVAL); /* XXX Don't convert nsec->usec and back */ TIMESPEC_TO_TIMEVAL(&atv, &ats); - if ((error = settime(&atv))) + if ((error = settime(p, &atv))) return (error); return (0); } @@ -344,7 +345,7 @@ if (uap->tzp && (error = copyin((caddr_t)uap->tzp, (caddr_t)&atz, sizeof(atz)))) return (error); - if (uap->tv && (error = settime(&atv))) + if (uap->tv && (error = settime(p, &atv))) return (error); if (uap->tzp) tz = atz; Index: kern/sys_process.c =================================================================== RCS file: /home/ncvs/src/sys/kern/sys_process.c,v retrieving revision 1.51.2.1 diff -u -r1.51.2.1 sys_process.c --- kern/sys_process.c 2000/10/26 04:34:41 1.51.2.1 +++ kern/sys_process.c 2001/08/09 03:36:45 @@ -245,7 +245,7 @@ } /* can't trace init when securelevel > 0 */ - if (securelevel > 0 && p->p_pid == 1) + if (securelevel_gt(curp, 0) != 0 && p->p_pid == 1) return EPERM; /* OK */ Index: miscfs/procfs/procfs_ctl.c =================================================================== RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_ctl.c,v retrieving revision 1.20.2.1 diff -u -r1.20.2.1 procfs_ctl.c --- miscfs/procfs/procfs_ctl.c 2000/12/17 03:13:05 1.20.2.1 +++ miscfs/procfs/procfs_ctl.c 2001/08/09 03:36:45 @@ -117,8 +117,8 @@ * debug. */ if (op != PROCFS_CTL_DETACH) { - if (securelevel > 0 && p->p_pid == 1) - return (EPERM); + if ((error = securelevel_gt(curp, 0)) && p->p_pid == 1) + return (error); if (!CHECKIO(curp, p) || p_trespass(curp, p)) return (EPERM); Index: miscfs/procfs/procfs_subr.c =================================================================== RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_subr.c,v retrieving revision 1.26.2.2 diff -u -r1.26.2.2 procfs_subr.c --- miscfs/procfs/procfs_subr.c 2001/08/04 13:12:24 1.26.2.2 +++ miscfs/procfs/procfs_subr.c 2001/08/09 03:36:46 @@ -252,7 +252,8 @@ p = PFIND(pfs->pfs_pid); if (p == NULL) return (EINVAL); - if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE) + if (p->p_pid == 1 && securelevel_gt(ap->a_uio->uio_procp, 0) && + uio->uio_rw == UIO_WRITE) return (EACCES); while (pfs->pfs_lockowner) { Index: miscfs/specfs/spec_vnops.c =================================================================== RCS file: /home/ncvs/src/sys/miscfs/specfs/Attic/spec_vnops.c,v retrieving revision 1.131.2.4 diff -u -r1.131.2.4 spec_vnops.c --- miscfs/specfs/spec_vnops.c 2001/02/26 04:23:20 1.131.2.4 +++ miscfs/specfs/spec_vnops.c 2001/08/09 03:36:46 @@ -174,14 +174,15 @@ * When running in secure mode, do not allow opens * for writing if the device is mounted */ - if (securelevel >= 1 && vp->v_specmountpoint != NULL) - return (EPERM); + if ((error = securelevel_ge(p, 1)) && + vp->v_specmountpoint != NULL) + return (error); /* * When running in very secure mode, do not allow * opens for writing of any devices. */ - if (securelevel >= 2) + if ((error = securelevel_ge(p, 2))) return (EPERM); } Index: netinet/ip_dummynet.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_dummynet.c,v retrieving revision 1.24.2.11 diff -u -r1.24.2.11 ip_dummynet.c --- netinet/ip_dummynet.c 2001/02/09 23:18:08 1.24.2.11 +++ netinet/ip_dummynet.c 2001/08/09 03:36:46 @@ -1820,8 +1820,9 @@ struct dn_pipe *p, tmp_pipe; /* Disallow sets in really-really secure mode. */ - if (sopt->sopt_dir == SOPT_SET && securelevel >= 3) - return (EPERM); + if (sopt->sopt_dir == SOPT_SET && + (error = securelevel_ge(sopt->sopt_p, 3))) + return (error); switch (sopt->sopt_name) { default : Index: netinet/ip_fw.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v retrieving revision 1.131.2.24 diff -u -r1.131.2.24 ip_fw.c --- netinet/ip_fw.c 2001/07/24 07:07:11 1.131.2.24 +++ netinet/ip_fw.c 2001/08/09 03:36:46 @@ -1792,9 +1792,10 @@ * Disallow modifications in really-really secure mode, but still allow * the logging counters to be reset. */ - if (securelevel >= 3 && (sopt->sopt_name == IP_FW_ADD || - (sopt->sopt_dir == SOPT_SET && sopt->sopt_name != IP_FW_RESETLOG))) - return (EPERM); + if ((error = securelevel_ge(sopt->sopt_p, 3)) && + (sopt->sopt_name == IP_FW_ADD || (sopt->sopt_dir == SOPT_SET && + sopt->sopt_name != IP_FW_RESETLOG))) + return (error); error = 0; switch (sopt->sopt_name) { Index: netinet6/ip6_fw.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ip6_fw.c,v retrieving revision 1.2.2.6 diff -u -r1.2.2.6 ip6_fw.c --- netinet6/ip6_fw.c 2001/07/03 11:01:53 1.2.2.6 +++ netinet6/ip6_fw.c 2001/08/09 03:36:46 @@ -1086,12 +1086,12 @@ } m = *mm; /* only allow get calls if secure mode > 2 */ - if (securelevel > 2) { + if ((error = securelevel_gt(NULL, 2))) { if (m) { (void)m_freem(m); *mm = 0; } - return(EPERM); + return(error); } if (stage == IPV6_FW_FLUSH) { while (ip6_fw_chain.lh_first != NULL && Index: pc98/pc98/syscons.c =================================================================== RCS file: /home/ncvs/src/sys/pc98/pc98/syscons.c,v retrieving revision 1.143.2.11 diff -u -r1.143.2.11 syscons.c --- pc98/pc98/syscons.c 2001/08/07 09:41:04 1.143.2.11 +++ pc98/pc98/syscons.c 2001/08/12 19:48:25 @@ -964,8 +964,9 @@ error = suser(p); if (error != 0) return error; - if (securelevel > 0) - return EPERM; + error = securelevel_gt(p, 0); + if (error != 0) + return error; #ifdef __i386__ p->p_md.md_regs->tf_eflags |= PSL_IOPL; #endif Index: pci/pci.c =================================================================== RCS file: /home/ncvs/src/sys/pci/Attic/pci.c,v retrieving revision 1.141.2.7 diff -u -r1.141.2.7 pci.c --- pci/pci.c 2001/07/21 22:40:25 1.141.2.7 +++ pci/pci.c 2001/08/09 03:36:46 @@ -620,8 +620,10 @@ static int pci_open(dev_t dev, int oflags, int devtype, struct proc *p) { - if ((oflags & FWRITE) && securelevel > 0) { - return EPERM; + int error; + + if ((oflags & FWRITE) && (error = securelevel_gt(p, 0))) { + return error; } return 0; } Index: sys/jail.h =================================================================== RCS file: /home/ncvs/src/sys/sys/jail.h,v retrieving revision 1.8.2.2 diff -u -r1.8.2.2 jail.h --- sys/jail.h 2000/11/01 17:58:06 1.8.2.2 +++ sys/jail.h 2001/08/09 03:36:46 @@ -41,6 +41,7 @@ char pr_host[MAXHOSTNAMELEN]; u_int32_t pr_ip; void *pr_linux; + int pr_securelevel; }; /* Index: sys/proc.h =================================================================== RCS file: /home/ncvs/src/sys/sys/proc.h,v retrieving revision 1.99.2.5 diff -u -r1.99.2.5 proc.h --- sys/proc.h 2000/09/07 19:13:54 1.99.2.5 +++ sys/proc.h 2001/08/09 03:36:46 @@ -431,6 +431,8 @@ void resetpriority __P((struct proc *)); int roundrobin_interval __P((void)); void schedclock __P((struct proc *)); +int securelevel_ge __P((struct proc *p, int level)); +int securelevel_gt __P((struct proc *p, int level)); void setrunnable __P((struct proc *)); void setrunqueue __P((struct proc *)); void sleepinit __P((void)); Index: ufs/ufs/ufs_vnops.c =================================================================== RCS file: /home/ncvs/src/sys/ufs/ufs/ufs_vnops.c,v retrieving revision 1.131.2.3 diff -u -r1.131.2.3 ufs_vnops.c --- ufs/ufs/ufs_vnops.c 2001/02/26 04:23:21 1.131.2.3 +++ ufs/ufs/ufs_vnops.c 2001/08/09 03:36:46 @@ -456,10 +456,12 @@ (error = suser_xxx(cred, p, PRISON_ROOT))) return (error); if ((cred->cr_uid == 0) && (p->p_prison == NULL)) { - if ((ip->i_flags - & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) && - securelevel > 0) - return (EPERM); + if (ip->i_flags + & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { + error = securelevel_gt(p, 0); + if (error) + return (error); + } ip->i_flags = vap->va_flags; } else { if (ip->i_flags Index: vm/vm_mmap.c =================================================================== RCS file: /home/ncvs/src/sys/vm/vm_mmap.c,v retrieving revision 1.108.2.4 diff -u -r1.108.2.4 vm_mmap.c --- vm/vm_mmap.c 2001/05/18 09:58:52 1.108.2.4 +++ vm/vm_mmap.c 2001/08/09 03:36:46 @@ -332,7 +332,7 @@ * other securelevel. * XXX this will have to go */ - if (securelevel >= 1) + if (securelevel_ge(p, 1)) disablexworkaround = 1; else disablexworkaround = suser(p); Index: vm/vm_swap.c =================================================================== RCS file: /home/ncvs/src/sys/vm/vm_swap.c,v retrieving revision 1.96.2.1 diff -u -r1.96.2.1 vm_swap.c --- vm/vm_swap.c 2000/10/13 07:13:23 1.96.2.1 +++ vm/vm_swap.c 2001/08/10 01:53:42 @@ -260,8 +260,10 @@ (void) vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p); error = VOP_OPEN(vp, FREAD | FWRITE, p->p_ucred, p); (void) VOP_UNLOCK(vp, 0, p); - if (error) + if (error) { + printf("swaponvp: VOP_OPEN returned %d\n", error); return (error); + } if (nblks == 0 && dev != NODEV && (devsw(dev)->d_psize == 0 || (nblks = (*devsw(dev)->d_psize) (dev)) == -1)) {