+ /*
+ * Take a copy of the process's credentials. This isn't
+ * quite right since the euid will always be zero and we
+ * want to get the "real" users credentials. So fix up
+ * the uid field after taking the copy.
+ */
+ cred = crdup(p->p_ucred);
+ cred->cr_uid = p->p_cred->p_ruid;
+
+ /*
+ * Ensure the *real* user has write permission on the
+ * mounted-on directory. This allows the mount_union
+ * command to be made setuid root so allowing anyone
+ * to do union mounts onto any directory on which they
+ * have write permission.
+ */
+ error = VOP_ACCESS(mp->mnt_vnodecovered, VWRITE, cred, p);
+ if (error)
+ goto bad;
+