diff options
| author | Chunwei Chen <[email protected]> | 2016-06-17 17:36:01 -0700 |
|---|---|---|
| committer | Brian Behlendorf <[email protected]> | 2016-06-21 09:58:37 -0700 |
| commit | 100a91aa3e9773f2a2a373c5cb066b52c780716c (patch) | |
| tree | ff7039d9e5fc5eda2f481f4bd60fcd0ad6cc2d39 /module/zfs/policy.c | |
| parent | ab9f4b0b824ab4cc64a4fa382c037f4154de12d6 (diff) | |
Fix NFS credential
The commit f74b821 caused a regression where creating file through NFS will
always create a file owned by root. This is because the patch enables the KSID
code in zfs_acl_ids_create, which it would use euid and egid of the current
process. However, on Linux, we should use fsuid and fsgid for file operations,
which is the original behaviour. So we revert this part of code.
The patch also enables secpolicy_vnode_*, since they are also used in file
operations, we change them to use fsuid and fsgid.
Signed-off-by: Chunwei Chen <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #4772
Closes #4758
Diffstat (limited to 'module/zfs/policy.c')
| -rw-r--r-- | module/zfs/policy.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/module/zfs/policy.c b/module/zfs/policy.c index 81629e0dc..fda13a9b5 100644 --- a/module/zfs/policy.c +++ b/module/zfs/policy.c @@ -96,7 +96,7 @@ secpolicy_vnode_access2(const cred_t *cr, struct inode *ip, uid_t owner, int secpolicy_vnode_any_access(const cred_t *cr, struct inode *ip, uid_t owner) { - if (crgetuid(cr) == owner) + if (crgetfsuid(cr) == owner) return (0); if (zpl_inode_owner_or_capable(ip)) @@ -117,7 +117,7 @@ secpolicy_vnode_any_access(const cred_t *cr, struct inode *ip, uid_t owner) int secpolicy_vnode_chown(const cred_t *cr, uid_t owner) { - if (crgetuid(cr) == owner) + if (crgetfsuid(cr) == owner) return (0); return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM)); @@ -149,7 +149,7 @@ secpolicy_vnode_remove(const cred_t *cr) int secpolicy_vnode_setdac(const cred_t *cr, uid_t owner) { - if (crgetuid(cr) == owner) + if (crgetfsuid(cr) == owner) return (0); return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM)); @@ -175,7 +175,7 @@ secpolicy_vnode_setid_retain(const cred_t *cr, boolean_t issuidroot) int secpolicy_vnode_setids_setgids(const cred_t *cr, gid_t gid) { - if (!groupmember(gid, cr)) + if (crgetfsgid(cr) != gid && !groupmember(gid, cr)) return (priv_policy(cr, CAP_FSETID, B_FALSE, EPERM)); return (0); @@ -219,7 +219,7 @@ secpolicy_setid_clear(vattr_t *vap, cred_t *cr) static int secpolicy_vnode_setid_modify(const cred_t *cr, uid_t owner) { - if (crgetuid(cr) == owner) + if (crgetfsuid(cr) == owner) return (0); return (priv_policy(cr, CAP_FSETID, B_FALSE, EPERM)); |