From f93d2c191d5ef071436181338612f79b8daa751c Mon Sep 17 00:00:00 2001
From: Alexander Eremin <a.eremin@nexenta.com>
Date: Mon, 5 May 2014 14:50:51 +0400
Subject: 1784 zone configuration passes zonecfg but not zoneadm for limitpriv
 property Reviewed by: Andrew Stormont <AStormont@racktopsystems.com> Reviewed
 by: Dan McDonald <danmcd@omniti.com> Reviewed by: Jerry Jelinek
 <jerry.jelinek@joyent.com> Approved by: Gordon Ross <gwr@nexenta.com>

---
 usr/src/cmd/zonecfg/zonecfg.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'usr/src/cmd')

diff --git a/usr/src/cmd/zonecfg/zonecfg.c b/usr/src/cmd/zonecfg/zonecfg.c
index 7a6e3cdcef..5e14093358 100644
--- a/usr/src/cmd/zonecfg/zonecfg.c
+++ b/usr/src/cmd/zonecfg/zonecfg.c
@@ -21,6 +21,7 @@
 
 /*
  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
  */
 
 /*
@@ -5729,6 +5730,8 @@ verify_func(cmd_t *cmd)
 	char brand[MAXNAMELEN];
 	char hostidp[HW_HOSTID_LEN];
 	char fsallowedp[ZONE_FS_ALLOWED_MAX];
+	priv_set_t *privs;
+	char *privname = NULL;
 	int err, ret_val = Z_OK, arg;
 	int pset_res;
 	boolean_t save = B_FALSE;
@@ -5796,6 +5799,18 @@ verify_func(cmd_t *cmd)
 		saw_error = B_TRUE;
 	}
 
+	if ((privs = priv_allocset()) == NULL) {
+		zerr(gettext("%s: priv_allocset failed"), zone);
+		return;
+	}
+	if (zonecfg_get_privset(handle, privs, &privname) != Z_OK) {
+		zerr(gettext("%s: invalid privilege: %s"), zone, privname);
+		priv_freeset(privs);
+		free(privname);
+		return;
+	}
+	priv_freeset(privs);
+
 	if (zonecfg_get_hostid(handle, hostidp,
 	    sizeof (hostidp)) == Z_INVALID_PROPERTY) {
 		zerr(gettext("%s: invalid hostid: %s"),
-- 
cgit v1.2.3