get/setpriority: Add capability mode checks

mirror of https://git.FreeBSD.org/src.git synced 2026-06-02 11:24:32 +00:00

Reviewed by: oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57345

This commit is contained in:

Ed Maste

2026-05-29 16:48:34 -04:00

parent 79d0dbc9c6

commit 72e34b3e39

1 changed files with 16 additions and 0 deletions

									
										sys/kern/kern_resource.c
									
		+16
		
												View File
												
				@@ -37,6 +37,7 @@

				#include <sys/param.h>

				#include <sys/systm.h>

				#include <sys/sysproto.h>

				#include <sys/capsicum.h>

				#include <sys/file.h>

				#include <sys/filedesc.h>

				#include <sys/kernel.h>

				@@ -99,6 +100,13 @@ kern_getpriority(struct thread *td, int which, int who)

					struct pgrp *pg;

					int error, low;

					if (IN_CAPABILITY_MODE(td)) {

						if (which != PRIO_PROCESS)

							return (ECAPMODE);

						if (who != 0 && who != td->td_proc->p_pid)

							return (ECAPMODE);

					}

					error = 0;

					low = PRIO_MAX + 1;

					switch (which) {

				@@ -189,6 +197,14 @@ kern_setpriority(struct thread *td, int which, int who, int prio)

					int found = 0, error = 0;

					curp = td->td_proc;

					if (IN_CAPABILITY_MODE(td)) {

						if (which != PRIO_PROCESS)

							return (ECAPMODE);

						if (who != 0 && who != curp->p_pid)

							return (ECAPMODE);

					}

					switch (which) {

					case PRIO_PROCESS:

						if (who == 0) {