-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow users access to unpriviledged zpool/zfs commands
The following zpool/zfs commands should be runable as a normal non-priviledged user. * zpool list|iostat|status|get * zfs list|get Adding this functionality primarily required implementing the secpolicy_* functions by mapping them to the equivilant Linux capabilities. Since the VFS already enforces several of these checks it was not nessisary to implement them all. While the mapping operation is straight forward the implementation was complicated by the fact that the kernel `capability()` function only allows you to check your current content. This poses an issue for the existing ZFS code which expects to be able to check a cred in any context. To resolve the issue `secpolicy_zfs()` checks are now made in the original cred context, if they pass a kcred is then provided for latter use by the sync task. In order to verify this functionality workss as designed the ZFS Test Suite cli_user/* tests have all been enabled. These tests are run as a normal user and are used to verify permissions are enforced. The `zpool_create_001_neg` and `zpool_add_001_neg` test cases were slightly modified for Linux. They now allow a normal user to run these commands in dry-run mode since no escalated priviledges are required. Two minor bug fixes were required for test-running.py. First, the Timer() object cannot be safely created in a `try:` block when there is an unconditional `finally` block which references it. Second, when running as a normal user also check for scripts using the both the .ksh and .sh suffixes. Signed-off-by: Brian Behlendorf <[email protected]> Issue #362
- Loading branch information
1 parent
63e0828
commit 5098aea
Showing
64 changed files
with
585 additions
and
178 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
/* | ||
* CDDL HEADER START | ||
* | ||
* The contents of this file are subject to the terms of the | ||
* Common Development and Distribution License (the "License"). | ||
* You may not use this file except in compliance with the License. | ||
* | ||
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | ||
* or http://www.opensolaris.org/os/licensing. | ||
* See the License for the specific language governing permissions | ||
* and limitations under the License. | ||
* | ||
* When distributing Covered Code, include this CDDL HEADER in each | ||
* file and include the License file at usr/src/OPENSOLARIS.LICENSE. | ||
* If applicable, add the following below this CDDL HEADER, with the | ||
* fields enclosed by brackets "[]" replaced with your own identifying | ||
* information: Portions Copyright [yyyy] [name of copyright owner] | ||
* | ||
* CDDL HEADER END | ||
*/ | ||
|
||
/* | ||
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. | ||
* Copyright 2015, Joyent, Inc. All rights reserved. | ||
* Copyright (c) 2016, Lawrence Livermore National Security, LLC. | ||
*/ | ||
|
||
#ifndef _SYS_POLICY_H | ||
#define _SYS_POLICY_H | ||
|
||
#ifdef _KERNEL | ||
|
||
#include <sys/cred.h> | ||
#include <sys/types.h> | ||
#include <sys/xvattr.h> | ||
#include <sys/zpl.h> | ||
|
||
int secpolicy_nfs(const cred_t *); | ||
int secpolicy_sys_config(const cred_t *, boolean_t); | ||
int secpolicy_vnode_access2(const cred_t *, struct inode *, | ||
uid_t, mode_t, mode_t); | ||
int secpolicy_vnode_any_access(const cred_t *, struct inode *, uid_t); | ||
int secpolicy_vnode_chown(const cred_t *, uid_t); | ||
int secpolicy_vnode_create_gid(const cred_t *); | ||
int secpolicy_vnode_remove(const cred_t *); | ||
int secpolicy_vnode_setdac(const cred_t *, uid_t); | ||
int secpolicy_vnode_setid_retain(const cred_t *, boolean_t); | ||
int secpolicy_vnode_setids_setgids(const cred_t *, gid_t); | ||
int secpolicy_zinject(const cred_t *); | ||
int secpolicy_zfs(const cred_t *); | ||
void secpolicy_setid_clear(vattr_t *, cred_t *); | ||
int secpolicy_setid_setsticky_clear(struct inode *, vattr_t *, | ||
const vattr_t *, cred_t *); | ||
int secpolicy_xvattr(xvattr_t *, uid_t, cred_t *, vtype_t); | ||
int secpolicy_vnode_setattr(cred_t *, struct inode *, struct vattr *, | ||
const struct vattr *, int, int (void *, int, cred_t *), void *); | ||
int secpolicy_basic_link(const cred_t *); | ||
|
||
#endif /* _KERNEL */ | ||
#endif /* _SYS_POLICY_H */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.