aboutsummaryrefslogtreecommitdiffstats
path: root/module/os
diff options
context:
space:
mode:
authorBrian Behlendorf <[email protected]>2020-07-19 09:56:21 -0700
committerGitHub <[email protected]>2020-07-19 09:56:21 -0700
commite862b7ecfc6049df19cf0d439510f385a7707b8b (patch)
tree0522c698a48c711d37e3a1c0e7bbbb222f9e7c53 /module/os
parent8fbf432ae274fc227c38012230c3bf23bda64d64 (diff)
Linux 4.10 compat: has_capability()
Stock kernels older than 4.10 do not export the has_capability() function which is required by commit e59a377. To avoid breaking the build on older kernels revert to the safe legacy behavior and return EACCES when privileges cannot be checked. Reviewed-by: Ryan Moeller <[email protected]> Reviewed-by: Matt Ahrens <[email protected]> Signed-off-by: Brian Behlendorf <[email protected]> Closes #10565 Closes #10573
Diffstat (limited to 'module/os')
-rw-r--r--module/os/linux/zfs/policy.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/module/os/linux/zfs/policy.c b/module/os/linux/zfs/policy.c
index eaa5372f2..5267d67ee 100644
--- a/module/os/linux/zfs/policy.c
+++ b/module/os/linux/zfs/policy.c
@@ -249,13 +249,22 @@ secpolicy_zfs(const cred_t *cr)
* Equivalent to secpolicy_zfs(), but works even if the cred_t is not that of
* the current process. Takes both cred_t and proc_t so that this can work
* easily on all platforms.
+ *
+ * The has_capability() function was first exported in the 4.10 Linux kernel
+ * then backported to some LTS kernels. Prior to this change there was no
+ * mechanism to perform this check therefore EACCES is returned when the
+ * functionality is not present in the kernel.
*/
int
secpolicy_zfs_proc(const cred_t *cr, proc_t *proc)
{
+#if defined(HAVE_HAS_CAPABILITY)
if (!has_capability(proc, CAP_SYS_ADMIN))
return (EACCES);
return (0);
+#else
+ return (EACCES);
+#endif
}
void