diff options
| author | Paul B. Henson <[email protected]> | 2019-12-05 00:45:14 +0000 |
|---|---|---|
| committer | Brian Behlendorf <[email protected]> | 2020-04-30 11:23:59 -0700 |
| commit | 7bf3e1fa0f2f49f0e55bbe4eb5334addd5395570 (patch) | |
| tree | e92a0797d760bb20efeefa0fc06b7bfdbce2ee29 | |
| parent | a1af567bb6961d3ad5dcd18747979be71d9991fe (diff) | |
OpenZFS 3254 - add support in zfs for aclmode=restricted
Authored-by: Paul B. Henson <[email protected]>
Reviewed by: Albert Lee <[email protected]>
Reviewed by: Gordon Ross <[email protected]>
Reviewed by: Brian Behlendorf <[email protected]>
Approved by: Richard Lowe <[email protected]>
Ported-by: Paul B. Henson <[email protected]>
OpenZFS-issue: https://www.illumos.org/issues/3254
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/71dbfc287c
Closes #10266
| -rw-r--r-- | man/man8/zfsprops.8 | 2 | ||||
| -rw-r--r-- | module/os/linux/zfs/zfs_vnops.c | 6 | ||||
| -rw-r--r-- | module/zcommon/zfs_prop.c | 9 |
3 files changed, 9 insertions, 8 deletions
diff --git a/man/man8/zfsprops.8 b/man/man8/zfsprops.8 index 269e9e7d9..139198db0 100644 --- a/man/man8/zfsprops.8 +++ b/man/man8/zfsprops.8 @@ -601,7 +601,7 @@ The property does not apply to POSIX ACLs. .It Xo .Sy aclmode Ns = Ns Sy discard Ns | Ns Sy groupmask Ns | Ns -.Sy passthrough Ns +.Sy passthrough Ns | Ns Sy restricted Ns .Xc Controls how an ACL is modified during chmod(2) and how inherited ACEs are modified by the file creation mode. diff --git a/module/os/linux/zfs/zfs_vnops.c b/module/os/linux/zfs/zfs_vnops.c index aba125f3b..cf5d406a2 100644 --- a/module/os/linux/zfs/zfs_vnops.c +++ b/module/os/linux/zfs/zfs_vnops.c @@ -3077,6 +3077,12 @@ top: uint64_t acl_obj; new_mode = (pmode & S_IFMT) | (vap->va_mode & ~S_IFMT); + if (ZTOZSB(zp)->z_acl_mode == ZFS_ACL_RESTRICTED && + !(zp->z_pflags & ZFS_ACL_TRIVIAL)) { + err = EPERM; + goto out; + } + if ((err = zfs_acl_chmod_setattr(zp, &aclp, new_mode))) goto out; diff --git a/module/zcommon/zfs_prop.c b/module/zcommon/zfs_prop.c index 0d0b2fc72..d62eec3f0 100644 --- a/module/zcommon/zfs_prop.c +++ b/module/zcommon/zfs_prop.c @@ -176,13 +176,6 @@ zfs_prop_init(void) { NULL } }; - static zprop_index_t acl_mode_table[] = { - { "discard", ZFS_ACL_DISCARD }, - { "groupmask", ZFS_ACL_GROUPMASK }, - { "passthrough", ZFS_ACL_PASSTHROUGH }, - { NULL } - }; - static zprop_index_t acl_inherit_table[] = { { "discard", ZFS_ACL_DISCARD }, { "noallow", ZFS_ACL_NOALLOW }, @@ -349,9 +342,11 @@ zfs_prop_init(void) PROP_INHERIT, ZFS_TYPE_FILESYSTEM, "discard | groupmask | passthrough | restricted", "ACLMODE", acl_mode_table); +#ifndef __FreeBSD__ zprop_register_index(ZFS_PROP_ACLTYPE, "acltype", ZFS_ACLTYPE_OFF, PROP_INHERIT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT, "noacl | posixacl", "ACLTYPE", acltype_table); +#endif zprop_register_index(ZFS_PROP_ACLINHERIT, "aclinherit", ZFS_ACL_RESTRICTED, PROP_INHERIT, ZFS_TYPE_FILESYSTEM, "discard | noallow | restricted | passthrough | passthrough-x", |