diff options
author | Brian Behlendorf <[email protected]> | 2020-07-19 09:56:21 -0700 |
---|---|---|
committer | GitHub <[email protected]> | 2020-07-19 09:56:21 -0700 |
commit | e862b7ecfc6049df19cf0d439510f385a7707b8b (patch) | |
tree | 0522c698a48c711d37e3a1c0e7bbbb222f9e7c53 /module/os | |
parent | 8fbf432ae274fc227c38012230c3bf23bda64d64 (diff) |
Linux 4.10 compat: has_capability()
Stock kernels older than 4.10 do not export the has_capability()
function which is required by commit e59a377. To avoid breaking
the build on older kernels revert to the safe legacy behavior and
return EACCES when privileges cannot be checked.
Reviewed-by: Ryan Moeller <[email protected]>
Reviewed-by: Matt Ahrens <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #10565
Closes #10573
Diffstat (limited to 'module/os')
-rw-r--r-- | module/os/linux/zfs/policy.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/module/os/linux/zfs/policy.c b/module/os/linux/zfs/policy.c index eaa5372f2..5267d67ee 100644 --- a/module/os/linux/zfs/policy.c +++ b/module/os/linux/zfs/policy.c @@ -249,13 +249,22 @@ secpolicy_zfs(const cred_t *cr) * Equivalent to secpolicy_zfs(), but works even if the cred_t is not that of * the current process. Takes both cred_t and proc_t so that this can work * easily on all platforms. + * + * The has_capability() function was first exported in the 4.10 Linux kernel + * then backported to some LTS kernels. Prior to this change there was no + * mechanism to perform this check therefore EACCES is returned when the + * functionality is not present in the kernel. */ int secpolicy_zfs_proc(const cred_t *cr, proc_t *proc) { +#if defined(HAVE_HAS_CAPABILITY) if (!has_capability(proc, CAP_SYS_ADMIN)) return (EACCES); return (0); +#else + return (EACCES); +#endif } void |