Skip to content

Commit

Permalink
OpenZFS 3254 - add support in zfs for aclmode=restricted
Browse files Browse the repository at this point in the history
Authored-by: Paul B. Henson <[email protected]>
Reviewed by: Albert Lee <[email protected]>
Reviewed by: Gordon Ross <[email protected]>
Reviewed by: Brian Behlendorf <[email protected]>
Approved by: Richard Lowe <[email protected]>
Ported-by: Paul B. Henson <[email protected]>

OpenZFS-issue: https://www.illumos.org/issues/3254
OpenZFS-commit: openzfs/openzfs@71dbfc287c
Closes openzfs#10266
  • Loading branch information
pbhenson authored and behlendorf committed Apr 30, 2020
1 parent a1af567 commit 7bf3e1f
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 8 deletions.
2 changes: 1 addition & 1 deletion man/man8/zfsprops.8
Original file line number Diff line number Diff line change
Expand Up @@ -601,7 +601,7 @@ The
property does not apply to POSIX ACLs.
.It Xo
.Sy aclmode Ns = Ns Sy discard Ns | Ns Sy groupmask Ns | Ns
.Sy passthrough Ns
.Sy passthrough Ns | Ns Sy restricted Ns
.Xc
Controls how an ACL is modified during chmod(2) and how inherited ACEs
are modified by the file creation mode.
Expand Down
6 changes: 6 additions & 0 deletions module/os/linux/zfs/zfs_vnops.c
Original file line number Diff line number Diff line change
Expand Up @@ -3077,6 +3077,12 @@ zfs_setattr(znode_t *zp, vattr_t *vap, int flags, cred_t *cr)
uint64_t acl_obj;
new_mode = (pmode & S_IFMT) | (vap->va_mode & ~S_IFMT);

if (ZTOZSB(zp)->z_acl_mode == ZFS_ACL_RESTRICTED &&
!(zp->z_pflags & ZFS_ACL_TRIVIAL)) {
err = EPERM;
goto out;
}

if ((err = zfs_acl_chmod_setattr(zp, &aclp, new_mode)))
goto out;

Expand Down
9 changes: 2 additions & 7 deletions module/zcommon/zfs_prop.c
Original file line number Diff line number Diff line change
Expand Up @@ -176,13 +176,6 @@ zfs_prop_init(void)
{ NULL }
};

static zprop_index_t acl_mode_table[] = {
{ "discard", ZFS_ACL_DISCARD },
{ "groupmask", ZFS_ACL_GROUPMASK },
{ "passthrough", ZFS_ACL_PASSTHROUGH },
{ NULL }
};

static zprop_index_t acl_inherit_table[] = {
{ "discard", ZFS_ACL_DISCARD },
{ "noallow", ZFS_ACL_NOALLOW },
Expand Down Expand Up @@ -349,9 +342,11 @@ zfs_prop_init(void)
PROP_INHERIT, ZFS_TYPE_FILESYSTEM,
"discard | groupmask | passthrough | restricted", "ACLMODE",
acl_mode_table);
#ifndef __FreeBSD__
zprop_register_index(ZFS_PROP_ACLTYPE, "acltype", ZFS_ACLTYPE_OFF,
PROP_INHERIT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT,
"noacl | posixacl", "ACLTYPE", acltype_table);
#endif
zprop_register_index(ZFS_PROP_ACLINHERIT, "aclinherit",
ZFS_ACL_RESTRICTED, PROP_INHERIT, ZFS_TYPE_FILESYSTEM,
"discard | noallow | restricted | passthrough | passthrough-x",
Expand Down

0 comments on commit 7bf3e1f

Please sign in to comment.