Index: mac_portacl.c
===================================================================
RCS file: /usr/repo/src/sys/security/mac_portacl/mac_portacl.c,v
retrieving revision 1.7
diff -u -p -r1.7 mac_portacl.c
--- mac_portacl.c	8 Dec 2004 11:46:44 -0000	1.7
+++ mac_portacl.c	24 May 2005 00:46:11 -0000
@@ -67,6 +67,7 @@
 #include <sys/mount.h>
 #include <sys/mutex.h>
 #include <sys/proc.h>
+#include <sys/jail.h>
 #include <sys/protosw.h>
 #include <sys/queue.h>
 #include <sys/systm.h>
@@ -119,6 +120,7 @@ MALLOC_DEFINE(M_PORTACL, "portacl rule",
 
 #define	RULE_GID	1
 #define	RULE_UID	2
+#define	RULE_JID	3
 #define	RULE_PROTO_TCP	1
 #define	RULE_PROTO_UDP	2
 struct rule {
@@ -131,6 +133,7 @@ struct rule {
 };
 
 #define	GID_STRING	"gid"
+#define	JID_STRING	"jid"
 #define	TCP_STRING	"tcp"
 #define	UID_STRING	"uid"
 #define	UDP_STRING	"udp"
@@ -209,6 +212,8 @@ parse_rule_element(char *element, struct
 		new->r_idtype = RULE_UID;
 	else if (strcmp(idtype, GID_STRING) == 0)
 		new->r_idtype = RULE_GID;
+	else if (strcmp(idtype, JID_STRING) == 0)
+		new->r_idtype = RULE_JID;
 	else {
 		error = EINVAL;
 		goto out;
@@ -287,6 +292,9 @@ rule_printf(struct sbuf *sb, struct rule
 	case RULE_UID:
 		idtype = UID_STRING;
 		break;
+	case RULE_JID:
+		idtype = JID_STRING;
+		break;
 	default:
 		panic("rule_printf: unknown idtype (%d)\n", rule->r_idtype);
 	}
@@ -420,6 +428,14 @@ rules_check(struct ucred *cred, int fami
 				error = 0;
 				break;
 			}
+		} else if (rule->r_idtype == RULE_JID) {
+			if (!jailed(cred)) {
+				error = 0;
+				break;
+			} else if (cred->cr_prison->pr_id == rule->r_id) {
+				error = 0;
+				break;
+			}
 		} else
 			panic("rules_check: unknown rule type %d",
 			    rule->r_idtype);