[illumos-gate merge]

commit f93d2c191d5ef071436181338612f79b8daa751c
    1784 zone configuration passes zonecfg but not zoneadm for limitpriv property
commit 14b7b4606a1faf7fc4c0bbcc2946782d6538850e
    4838 Fix for 4596 has some inverted booleans
commit d05b42383f649c1384ae2af878515cc2c6674ec6
    4821 remove filebench

Conflicts:
	usr/src/cmd/zonecfg/zonecfg.c

1 files changed, 15 insertions, 0 deletions

diff --git a/usr/src/cmd/zonecfg/zonecfg.c b/usr/src/cmd/zonecfg/zonecfg.c
index dcd1d42a42..384121a589 100644
--- a/usr/src/cmd/zonecfg/zonecfg.c
+++ b/usr/src/cmd/zonecfg/zonecfg.c
@@ -21,6 +21,7 @@
 
 /*
  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
  * Copyright 2013, Joyent Inc. All rights reserved.
  */
 
@@ -6212,6 +6213,8 @@ verify_func(cmd_t *cmd)
 	char brand[MAXNAMELEN];
 	char hostidp[HW_HOSTID_LEN];
 	char fsallowedp[ZONE_FS_ALLOWED_MAX];
+	priv_set_t *privs;
+	char *privname = NULL;
 	int err, ret_val = Z_OK, arg;
 	int pset_res;
 	boolean_t save = B_FALSE;
@@ -6279,6 +6282,18 @@ verify_func(cmd_t *cmd)
 		saw_error = B_TRUE;
 	}
 
+	if ((privs = priv_allocset()) == NULL) {
+		zerr(gettext("%s: priv_allocset failed"), zone);
+		return;
+	}
+	if (zonecfg_get_privset(handle, privs, &privname) != Z_OK) {
+		zerr(gettext("%s: invalid privilege: %s"), zone, privname);
+		priv_freeset(privs);
+		free(privname);
+		return;
+	}
+	priv_freeset(privs);
+
 	if (zonecfg_get_hostid(handle, hostidp,
 	    sizeof (hostidp)) == Z_INVALID_PROPERTY) {
 		zerr(gettext("%s: invalid hostid: %s"),