17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5f48205beScasper * Common Development and Distribution License (the "License"). 6f48205beScasper * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*bda89588Sjp151216 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate /* 277c478bd9Sstevel@tonic-gate * Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T 287c478bd9Sstevel@tonic-gate */ 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 317c478bd9Sstevel@tonic-gate 327c478bd9Sstevel@tonic-gate #include <sys/param.h> 337c478bd9Sstevel@tonic-gate #include <sys/types.h> 347c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h> 357c478bd9Sstevel@tonic-gate #include <sys/systm.h> 367c478bd9Sstevel@tonic-gate #include <sys/tuneable.h> 377c478bd9Sstevel@tonic-gate #include <sys/cred_impl.h> 387c478bd9Sstevel@tonic-gate #include <sys/errno.h> 397c478bd9Sstevel@tonic-gate #include <sys/proc.h> 407c478bd9Sstevel@tonic-gate #include <sys/signal.h> 417c478bd9Sstevel@tonic-gate #include <sys/debug.h> 427c478bd9Sstevel@tonic-gate #include <sys/policy.h> 437c478bd9Sstevel@tonic-gate #include <sys/zone.h> 44f48205beScasper #include <sys/sid.h> 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate int 477c478bd9Sstevel@tonic-gate setuid(uid_t uid) 487c478bd9Sstevel@tonic-gate { 49f48205beScasper proc_t *p; 507c478bd9Sstevel@tonic-gate int error; 517c478bd9Sstevel@tonic-gate int do_nocd = 0; 527c478bd9Sstevel@tonic-gate int uidchge = 0; 537c478bd9Sstevel@tonic-gate cred_t *cr, *newcr; 547c478bd9Sstevel@tonic-gate uid_t oldruid = uid; 557c478bd9Sstevel@tonic-gate zoneid_t zoneid = getzoneid(); 56f48205beScasper ksid_t ksid, *ksp; 57*bda89588Sjp151216 zone_t *zone = crgetzone(CRED()); 587c478bd9Sstevel@tonic-gate 59*bda89588Sjp151216 if (!VALID_UID(uid, zone)) 607c478bd9Sstevel@tonic-gate return (set_errno(EINVAL)); 617c478bd9Sstevel@tonic-gate 62f48205beScasper if (uid > MAXUID) { 63*bda89588Sjp151216 if (ksid_lookupbyuid(zone, uid, &ksid) != 0) 64f48205beScasper return (set_errno(EINVAL)); 65f48205beScasper ksp = &ksid; 66f48205beScasper } else { 67f48205beScasper ksp = NULL; 68f48205beScasper } 697c478bd9Sstevel@tonic-gate /* 707c478bd9Sstevel@tonic-gate * Need to pre-allocate the new cred structure before grabbing 717c478bd9Sstevel@tonic-gate * the p_crlock mutex. 727c478bd9Sstevel@tonic-gate */ 73f48205beScasper newcr = cralloc_ksid(); 747c478bd9Sstevel@tonic-gate 757c478bd9Sstevel@tonic-gate p = ttoproc(curthread); 767c478bd9Sstevel@tonic-gate 777c478bd9Sstevel@tonic-gate retry: 787c478bd9Sstevel@tonic-gate mutex_enter(&p->p_crlock); 797c478bd9Sstevel@tonic-gate cr = p->p_cred; 807c478bd9Sstevel@tonic-gate 817c478bd9Sstevel@tonic-gate if ((uid == cr->cr_ruid || uid == cr->cr_suid) && 827c478bd9Sstevel@tonic-gate secpolicy_allow_setid(cr, uid, B_TRUE) != 0) { 837c478bd9Sstevel@tonic-gate error = 0; 847c478bd9Sstevel@tonic-gate crcopy_to(cr, newcr); 857c478bd9Sstevel@tonic-gate p->p_cred = newcr; 867c478bd9Sstevel@tonic-gate newcr->cr_uid = uid; 87f48205beScasper crsetsid(newcr, ksp, KSID_USER); 887c478bd9Sstevel@tonic-gate } else if ((error = secpolicy_allow_setid(cr, uid, B_FALSE)) == 0) { 897c478bd9Sstevel@tonic-gate if (!uidchge && uid != cr->cr_ruid) { 907c478bd9Sstevel@tonic-gate /* 917c478bd9Sstevel@tonic-gate * The ruid of the process is going to change. In order 927c478bd9Sstevel@tonic-gate * to avoid a race condition involving the 937c478bd9Sstevel@tonic-gate * process-count associated with the newly given ruid, 947c478bd9Sstevel@tonic-gate * we increment the count before assigning the 957c478bd9Sstevel@tonic-gate * credential to the process. 967c478bd9Sstevel@tonic-gate * To do that, we'll have to take pidlock, so we first 977c478bd9Sstevel@tonic-gate * release p_crlock. 987c478bd9Sstevel@tonic-gate */ 997c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock); 1007c478bd9Sstevel@tonic-gate uidchge = 1; 1017c478bd9Sstevel@tonic-gate mutex_enter(&pidlock); 1027c478bd9Sstevel@tonic-gate upcount_inc(uid, zoneid); 1037c478bd9Sstevel@tonic-gate mutex_exit(&pidlock); 1047c478bd9Sstevel@tonic-gate /* 1057c478bd9Sstevel@tonic-gate * As we released p_crlock we can't rely on the cr 1067c478bd9Sstevel@tonic-gate * we read. So retry the whole thing. 1077c478bd9Sstevel@tonic-gate */ 1087c478bd9Sstevel@tonic-gate goto retry; 1097c478bd9Sstevel@tonic-gate } 1107c478bd9Sstevel@tonic-gate /* 1117c478bd9Sstevel@tonic-gate * A privileged process that gives up its privilege 1127c478bd9Sstevel@tonic-gate * must be marked to produce no core dump. 1137c478bd9Sstevel@tonic-gate */ 1147c478bd9Sstevel@tonic-gate if (cr->cr_uid != uid || 1157c478bd9Sstevel@tonic-gate cr->cr_ruid != uid || 1167c478bd9Sstevel@tonic-gate cr->cr_suid != uid) 1177c478bd9Sstevel@tonic-gate do_nocd = 1; 1187c478bd9Sstevel@tonic-gate oldruid = cr->cr_ruid; 1197c478bd9Sstevel@tonic-gate crcopy_to(cr, newcr); 1207c478bd9Sstevel@tonic-gate p->p_cred = newcr; 1217c478bd9Sstevel@tonic-gate newcr->cr_ruid = uid; 1227c478bd9Sstevel@tonic-gate newcr->cr_suid = uid; 1237c478bd9Sstevel@tonic-gate newcr->cr_uid = uid; 124f48205beScasper crsetsid(newcr, ksp, KSID_USER); 1257c478bd9Sstevel@tonic-gate ASSERT(uid != oldruid ? uidchge : 1); 126f48205beScasper } else { 1277c478bd9Sstevel@tonic-gate crfree(newcr); 128f48205beScasper if (ksp != NULL) 129f48205beScasper ksid_rele(ksp); 130f48205beScasper } 1317c478bd9Sstevel@tonic-gate 1327c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock); 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate /* 1357c478bd9Sstevel@tonic-gate * We decrement the number of processes associated with the oldruid 1367c478bd9Sstevel@tonic-gate * to match the increment above, even if the ruid of the process 1377c478bd9Sstevel@tonic-gate * did not change or an error occurred (oldruid == uid). 1387c478bd9Sstevel@tonic-gate */ 1397c478bd9Sstevel@tonic-gate if (uidchge) { 1407c478bd9Sstevel@tonic-gate mutex_enter(&pidlock); 1417c478bd9Sstevel@tonic-gate upcount_dec(oldruid, zoneid); 1427c478bd9Sstevel@tonic-gate mutex_exit(&pidlock); 1437c478bd9Sstevel@tonic-gate } 1447c478bd9Sstevel@tonic-gate 1457c478bd9Sstevel@tonic-gate if (error == 0) { 1467c478bd9Sstevel@tonic-gate if (do_nocd) { 1477c478bd9Sstevel@tonic-gate mutex_enter(&p->p_lock); 1487c478bd9Sstevel@tonic-gate p->p_flag |= SNOCD; 1497c478bd9Sstevel@tonic-gate mutex_exit(&p->p_lock); 1507c478bd9Sstevel@tonic-gate } 1517c478bd9Sstevel@tonic-gate crset(p, newcr); /* broadcast to process threads */ 1527c478bd9Sstevel@tonic-gate return (0); 1537c478bd9Sstevel@tonic-gate } 1547c478bd9Sstevel@tonic-gate return (set_errno(error)); 1557c478bd9Sstevel@tonic-gate } 1567c478bd9Sstevel@tonic-gate 1577c478bd9Sstevel@tonic-gate int64_t 1587c478bd9Sstevel@tonic-gate getuid(void) 1597c478bd9Sstevel@tonic-gate { 1607c478bd9Sstevel@tonic-gate rval_t r; 1617c478bd9Sstevel@tonic-gate cred_t *cr; 1627c478bd9Sstevel@tonic-gate 1637c478bd9Sstevel@tonic-gate cr = curthread->t_cred; 1647c478bd9Sstevel@tonic-gate r.r_val1 = cr->cr_ruid; 1657c478bd9Sstevel@tonic-gate r.r_val2 = cr->cr_uid; 1667c478bd9Sstevel@tonic-gate return (r.r_vals); 1677c478bd9Sstevel@tonic-gate } 1687c478bd9Sstevel@tonic-gate 1697c478bd9Sstevel@tonic-gate int 1707c478bd9Sstevel@tonic-gate seteuid(uid_t uid) 1717c478bd9Sstevel@tonic-gate { 172f48205beScasper proc_t *p; 1737c478bd9Sstevel@tonic-gate int error = EPERM; 1747c478bd9Sstevel@tonic-gate int do_nocd = 0; 1757c478bd9Sstevel@tonic-gate cred_t *cr, *newcr; 176f48205beScasper ksid_t ksid, *ksp; 177*bda89588Sjp151216 zone_t *zone = crgetzone(CRED()); 1787c478bd9Sstevel@tonic-gate 179*bda89588Sjp151216 if (!VALID_UID(uid, zone)) 1807c478bd9Sstevel@tonic-gate return (set_errno(EINVAL)); 1817c478bd9Sstevel@tonic-gate 182f48205beScasper if (uid > MAXUID) { 183*bda89588Sjp151216 if (ksid_lookupbyuid(zone, uid, &ksid) != 0) 184f48205beScasper return (set_errno(EINVAL)); 185f48205beScasper ksp = &ksid; 186f48205beScasper } else { 187f48205beScasper ksp = NULL; 188f48205beScasper } 189f48205beScasper 1907c478bd9Sstevel@tonic-gate /* 1917c478bd9Sstevel@tonic-gate * Need to pre-allocate the new cred structure before grabbing 1927c478bd9Sstevel@tonic-gate * the p_crlock mutex. 1937c478bd9Sstevel@tonic-gate */ 194f48205beScasper newcr = cralloc_ksid(); 1957c478bd9Sstevel@tonic-gate p = ttoproc(curthread); 1967c478bd9Sstevel@tonic-gate mutex_enter(&p->p_crlock); 1977c478bd9Sstevel@tonic-gate cr = p->p_cred; 1987c478bd9Sstevel@tonic-gate 1997c478bd9Sstevel@tonic-gate if (uid == cr->cr_ruid || uid == cr->cr_uid || uid == cr->cr_suid || 2007c478bd9Sstevel@tonic-gate (error = secpolicy_allow_setid(cr, uid, B_FALSE)) == 0) { 2017c478bd9Sstevel@tonic-gate /* 2027c478bd9Sstevel@tonic-gate * A privileged process that makes itself look like a 2037c478bd9Sstevel@tonic-gate * set-uid process must be marked to produce no core dump, 2047c478bd9Sstevel@tonic-gate * if the effective uid did changed. 2057c478bd9Sstevel@tonic-gate */ 2067c478bd9Sstevel@tonic-gate if (cr->cr_uid != uid && error == 0) 2077c478bd9Sstevel@tonic-gate do_nocd = 1; 2087c478bd9Sstevel@tonic-gate error = 0; 2097c478bd9Sstevel@tonic-gate crcopy_to(cr, newcr); 2107c478bd9Sstevel@tonic-gate p->p_cred = newcr; 2117c478bd9Sstevel@tonic-gate newcr->cr_uid = uid; 212f48205beScasper crsetsid(newcr, ksp, KSID_USER); 213f48205beScasper } else { 2147c478bd9Sstevel@tonic-gate crfree(newcr); 215f48205beScasper if (ksp != NULL) 216f48205beScasper ksid_rele(ksp); 217f48205beScasper } 2187c478bd9Sstevel@tonic-gate 2197c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock); 2207c478bd9Sstevel@tonic-gate 2217c478bd9Sstevel@tonic-gate if (error == 0) { 2227c478bd9Sstevel@tonic-gate if (do_nocd) { 2237c478bd9Sstevel@tonic-gate mutex_enter(&p->p_lock); 2247c478bd9Sstevel@tonic-gate p->p_flag |= SNOCD; 2257c478bd9Sstevel@tonic-gate mutex_exit(&p->p_lock); 2267c478bd9Sstevel@tonic-gate } 2277c478bd9Sstevel@tonic-gate crset(p, newcr); /* broadcast to process threads */ 2287c478bd9Sstevel@tonic-gate return (0); 2297c478bd9Sstevel@tonic-gate } 2307c478bd9Sstevel@tonic-gate return (set_errno(error)); 2317c478bd9Sstevel@tonic-gate } 2327c478bd9Sstevel@tonic-gate 2337c478bd9Sstevel@tonic-gate /* 2347c478bd9Sstevel@tonic-gate * Buy-back from SunOS 4.x 2357c478bd9Sstevel@tonic-gate * 2367c478bd9Sstevel@tonic-gate * Like setuid() and seteuid() combined -except- that non-root users 2377c478bd9Sstevel@tonic-gate * can change cr_ruid to cr_uid, and the semantics of cr_suid are 2387c478bd9Sstevel@tonic-gate * subtly different. 2397c478bd9Sstevel@tonic-gate */ 2407c478bd9Sstevel@tonic-gate int 2417c478bd9Sstevel@tonic-gate setreuid(uid_t ruid, uid_t euid) 2427c478bd9Sstevel@tonic-gate { 2437c478bd9Sstevel@tonic-gate proc_t *p; 2447c478bd9Sstevel@tonic-gate int error = 0; 2457c478bd9Sstevel@tonic-gate int do_nocd = 0; 2467c478bd9Sstevel@tonic-gate int uidchge = 0; 2477c478bd9Sstevel@tonic-gate uid_t oldruid = ruid; 2487c478bd9Sstevel@tonic-gate cred_t *cr, *newcr; 2497c478bd9Sstevel@tonic-gate zoneid_t zoneid = getzoneid(); 250f48205beScasper ksid_t ksid, *ksp; 251*bda89588Sjp151216 zone_t *zone = crgetzone(CRED()); 2527c478bd9Sstevel@tonic-gate 253*bda89588Sjp151216 if ((ruid != -1 && !VALID_UID(ruid, zone)) || 254*bda89588Sjp151216 (euid != -1 && !VALID_UID(euid, zone))) 2557c478bd9Sstevel@tonic-gate return (set_errno(EINVAL)); 2567c478bd9Sstevel@tonic-gate 257f48205beScasper if (euid != -1 && euid > MAXUID) { 258*bda89588Sjp151216 if (ksid_lookupbyuid(zone, euid, &ksid) != 0) 259f48205beScasper return (set_errno(EINVAL)); 260f48205beScasper ksp = &ksid; 261f48205beScasper } else { 262f48205beScasper ksp = NULL; 263f48205beScasper } 264f48205beScasper 2657c478bd9Sstevel@tonic-gate /* 2667c478bd9Sstevel@tonic-gate * Need to pre-allocate the new cred structure before grabbing 2677c478bd9Sstevel@tonic-gate * the p_crlock mutex. 2687c478bd9Sstevel@tonic-gate */ 269f48205beScasper newcr = cralloc_ksid(); 2707c478bd9Sstevel@tonic-gate 2717c478bd9Sstevel@tonic-gate p = ttoproc(curthread); 2727c478bd9Sstevel@tonic-gate 2737c478bd9Sstevel@tonic-gate retry: 2747c478bd9Sstevel@tonic-gate mutex_enter(&p->p_crlock); 2757c478bd9Sstevel@tonic-gate cr = p->p_cred; 2767c478bd9Sstevel@tonic-gate 2777c478bd9Sstevel@tonic-gate if (ruid != -1 && ruid != cr->cr_ruid && ruid != cr->cr_uid && 2787c478bd9Sstevel@tonic-gate secpolicy_allow_setid(cr, ruid, B_FALSE) != 0) { 2797c478bd9Sstevel@tonic-gate error = EPERM; 2807c478bd9Sstevel@tonic-gate } else if (euid != -1 && 2817c478bd9Sstevel@tonic-gate euid != cr->cr_ruid && euid != cr->cr_uid && 2827c478bd9Sstevel@tonic-gate euid != cr->cr_suid && secpolicy_allow_setid(cr, euid, B_FALSE)) { 2837c478bd9Sstevel@tonic-gate error = EPERM; 2847c478bd9Sstevel@tonic-gate } else { 2857c478bd9Sstevel@tonic-gate if (!uidchge && ruid != -1 && cr->cr_ruid != ruid) { 2867c478bd9Sstevel@tonic-gate /* 2877c478bd9Sstevel@tonic-gate * The ruid of the process is going to change. In order 2887c478bd9Sstevel@tonic-gate * to avoid a race condition involving the 2897c478bd9Sstevel@tonic-gate * process-count associated with the newly given ruid, 2907c478bd9Sstevel@tonic-gate * we increment the count before assigning the 2917c478bd9Sstevel@tonic-gate * credential to the process. 2927c478bd9Sstevel@tonic-gate * To do that, we'll have to take pidlock, so we first 2937c478bd9Sstevel@tonic-gate * release p_crlock. 2947c478bd9Sstevel@tonic-gate */ 2957c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock); 2967c478bd9Sstevel@tonic-gate uidchge = 1; 2977c478bd9Sstevel@tonic-gate mutex_enter(&pidlock); 2987c478bd9Sstevel@tonic-gate upcount_inc(ruid, zoneid); 2997c478bd9Sstevel@tonic-gate mutex_exit(&pidlock); 3007c478bd9Sstevel@tonic-gate /* 3017c478bd9Sstevel@tonic-gate * As we released p_crlock we can't rely on the cr 3027c478bd9Sstevel@tonic-gate * we read. So retry the whole thing. 3037c478bd9Sstevel@tonic-gate */ 3047c478bd9Sstevel@tonic-gate goto retry; 3057c478bd9Sstevel@tonic-gate } 3067c478bd9Sstevel@tonic-gate crhold(cr); 3077c478bd9Sstevel@tonic-gate crcopy_to(cr, newcr); 3087c478bd9Sstevel@tonic-gate p->p_cred = newcr; 3097c478bd9Sstevel@tonic-gate 310f48205beScasper if (euid != -1) { 3117c478bd9Sstevel@tonic-gate newcr->cr_uid = euid; 312f48205beScasper crsetsid(newcr, ksp, KSID_USER); 313f48205beScasper } 3147c478bd9Sstevel@tonic-gate if (ruid != -1) { 3157c478bd9Sstevel@tonic-gate oldruid = newcr->cr_ruid; 3167c478bd9Sstevel@tonic-gate newcr->cr_ruid = ruid; 3177c478bd9Sstevel@tonic-gate ASSERT(ruid != oldruid ? uidchge : 1); 3187c478bd9Sstevel@tonic-gate } 3197c478bd9Sstevel@tonic-gate /* 3207c478bd9Sstevel@tonic-gate * "If the real uid is being changed, or the effective uid is 3217c478bd9Sstevel@tonic-gate * being changed to a value not equal to the real uid, the 3227c478bd9Sstevel@tonic-gate * saved uid is set to the new effective uid." 3237c478bd9Sstevel@tonic-gate */ 3247c478bd9Sstevel@tonic-gate if (ruid != -1 || 3257c478bd9Sstevel@tonic-gate (euid != -1 && newcr->cr_uid != newcr->cr_ruid)) 3267c478bd9Sstevel@tonic-gate newcr->cr_suid = newcr->cr_uid; 3277c478bd9Sstevel@tonic-gate /* 3287c478bd9Sstevel@tonic-gate * A process that gives up its privilege 3297c478bd9Sstevel@tonic-gate * must be marked to produce no core dump. 3307c478bd9Sstevel@tonic-gate */ 3317c478bd9Sstevel@tonic-gate if ((cr->cr_uid != newcr->cr_uid || 3327c478bd9Sstevel@tonic-gate cr->cr_ruid != newcr->cr_ruid || 3337c478bd9Sstevel@tonic-gate cr->cr_suid != newcr->cr_suid)) 3347c478bd9Sstevel@tonic-gate do_nocd = 1; 3357c478bd9Sstevel@tonic-gate 3367c478bd9Sstevel@tonic-gate crfree(cr); 3377c478bd9Sstevel@tonic-gate } 3387c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock); 3397c478bd9Sstevel@tonic-gate 3407c478bd9Sstevel@tonic-gate /* 3417c478bd9Sstevel@tonic-gate * We decrement the number of processes associated with the oldruid 3427c478bd9Sstevel@tonic-gate * to match the increment above, even if the ruid of the process 3437c478bd9Sstevel@tonic-gate * did not change or an error occurred (oldruid == uid). 3447c478bd9Sstevel@tonic-gate */ 3457c478bd9Sstevel@tonic-gate if (uidchge) { 3467c478bd9Sstevel@tonic-gate ASSERT(oldruid != -1 && ruid != -1); 3477c478bd9Sstevel@tonic-gate mutex_enter(&pidlock); 3487c478bd9Sstevel@tonic-gate upcount_dec(oldruid, zoneid); 3497c478bd9Sstevel@tonic-gate mutex_exit(&pidlock); 3507c478bd9Sstevel@tonic-gate } 3517c478bd9Sstevel@tonic-gate 3527c478bd9Sstevel@tonic-gate if (error == 0) { 3537c478bd9Sstevel@tonic-gate if (do_nocd) { 3547c478bd9Sstevel@tonic-gate mutex_enter(&p->p_lock); 3557c478bd9Sstevel@tonic-gate p->p_flag |= SNOCD; 3567c478bd9Sstevel@tonic-gate mutex_exit(&p->p_lock); 3577c478bd9Sstevel@tonic-gate } 3587c478bd9Sstevel@tonic-gate crset(p, newcr); /* broadcast to process threads */ 3597c478bd9Sstevel@tonic-gate return (0); 3607c478bd9Sstevel@tonic-gate } 3617c478bd9Sstevel@tonic-gate crfree(newcr); 362f48205beScasper if (ksp != NULL) 363f48205beScasper ksid_rele(ksp); 3647c478bd9Sstevel@tonic-gate return (set_errno(error)); 3657c478bd9Sstevel@tonic-gate } 366