summaryrefslogtreecommitdiffstats
path: root/module/zfs
diff options
context:
space:
mode:
authorTomohiro Kusumi <[email protected]>2019-07-27 05:52:30 +0900
committerBrian Behlendorf <[email protected]>2019-07-26 13:52:30 -0700
commit9fb6abe5addfa2f2d9f382422d50b37764c3569c (patch)
tree1391b830b22d20ae339d3653f4ce2708236b2495 /module/zfs
parent4b5c9d9f976375ca4f075a533d2b6f0c9a14cf4a (diff)
Implement secpolicy_vnode_setid_retain()
Don't unconditionally return 0 (i.e. retain SUID/SGID). Test CAP_FSETID capability. https://github.com/pjd/pjdfstest/blob/master/tests/chmod/12.t which expects SUID/SGID to be dropped on write(2) by non-owner fails without this. Most filesystems make this decision within VFS by using a generic file write for fops. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Tomohiro Kusumi <[email protected]> Closes #9035 Closes #9043
Diffstat (limited to 'module/zfs')
-rw-r--r--module/zfs/policy.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/module/zfs/policy.c b/module/zfs/policy.c
index 55c932747..a723235d3 100644
--- a/module/zfs/policy.c
+++ b/module/zfs/policy.c
@@ -209,7 +209,7 @@ secpolicy_vnode_setdac(const cred_t *cr, uid_t owner)
int
secpolicy_vnode_setid_retain(const cred_t *cr, boolean_t issuidroot)
{
- return (0);
+ return (priv_policy_user(cr, CAP_FSETID, B_FALSE, EPERM));
}
/*