diff options
| author | Matthew Ahrens <[email protected]> | 2020-07-11 17:18:02 -0700 |
|---|---|---|
| committer | GitHub <[email protected]> | 2020-07-11 17:18:02 -0700 |
| commit | e59a377a8fdbf4e66864d1654c0055fdff5f12f4 (patch) | |
| tree | 609771a9e795d30ef8b6d5c451a3863af304224a /lib | |
| parent | 217f48373f9878a3cd714b8007444f46101aad9e (diff) | |
filesystem_limit/snapshot_limit is incorrectly enforced against root
The filesystem_limit and snapshot_limit properties limit the number of
filesystems or snapshots that can be created below this dataset.
According to the manpage, "The limit is not enforced if the user is
allowed to change the limit." Two types of users are allowed to change
the limit:
1. Those that have been delegated the `filesystem_limit` or
`snapshot_limit` permission, e.g. with
`zfs allow USER filesystem_limit DATASET`. This works properly.
2. A user with elevated system privileges (e.g. root). This does not
work - the root user will incorrectly get an error when trying to create
a snapshot/filesystem, if it exceeds the `_limit` property.
The problem is that `priv_policy_ns()` does not work if the `cred_t` is
not that of the current process. This happens when
`dsl_enforce_ds_ss_limits()` is called in syncing context (as part of a
sync task's check func) to determine the permissions of the
corresponding user process.
This commit fixes the issue by passing the `task_struct` (typedef'ed as
a `proc_t`) to syncing context, and then using `has_capability()` to
determine if that process is privileged. Note that we still need to
pass the `cred_t` to syncing context so that we can check if the user
was delegated this permission with `zfs allow`.
This problem only impacts Linux. Wrappers are added to FreeBSD but it
continues to use `priv_check_cred()`, which works on arbitrary `cred_t`.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Ryan Moeller <[email protected]>
Signed-off-by: Matthew Ahrens <[email protected]>
Closes #8226
Closes #10545
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libzpool/kernel.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/libzpool/kernel.c b/lib/libzpool/kernel.c index 59c5818de..aedcbfa66 100644 --- a/lib/libzpool/kernel.c +++ b/lib/libzpool/kernel.c @@ -909,6 +909,12 @@ secpolicy_zfs(const cred_t *cr) return (0); } +int +secpolicy_zfs_proc(const cred_t *cr, proc_t *proc) +{ + return (0); +} + ksiddomain_t * ksid_lookupdomain(const char *dom) { |