From 88f206534ce0878ee86a5200486157335ed90b4f Mon Sep 17 00:00:00 2001 From: Ryan Moeller Date: Tue, 16 Jun 2020 16:00:46 -0400 Subject: [PATCH] Cross-platform acltype The acltype property is currently hidden on FreeBSD and does not reflect the NFSv4 style ZFS ACLs used on the platform. This makes it difficult to observe that a pool imported from FreeBSD on Linux has a different type of ACL that is being ignored, and vice versa. Add an nfsv4 acltype and expose the property on FreeBSD. Setting acltype to an unhandled style is treated the same as setting it to off. The ACLs will not be removed, but they will be ignored. Rename posixacl to posix and prefer off to noacl throughout. The Linux mount options remain named posixacl and noacl to avoid ambiguity and breaking existing configurations. To the latter end, also retain posixacl and noacl values for acltype as aliases. Signed-off-by: Ryan Moeller --- include/os/freebsd/zfs/sys/zfs_vfsops.h | 1 + include/sys/zfs_ioctl.h | 3 +- lib/libspl/include/sys/acl.h | 96 +++++++++++++------ man/man8/zfsprops.8 | 26 +++-- module/os/freebsd/zfs/zfs_acl.c | 2 +- module/os/freebsd/zfs/zfs_vfsops.c | 22 +++++ module/os/linux/zfs/zfs_acl.c | 4 +- module/os/linux/zfs/zfs_vfsops.c | 5 +- module/os/linux/zfs/zpl_super.c | 2 +- module/os/linux/zfs/zpl_xattr.c | 16 ++-- module/zcommon/zfs_prop.c | 12 +-- .../functional/acl/posix/posix_001_pos.ksh | 4 +- .../functional/acl/posix/posix_002_pos.ksh | 4 +- .../tests/functional/acl/posix/setup.ksh | 2 +- .../zpool_create/zpool_create_021_pos.ksh | 2 +- .../zpool_create/zpool_create_022_pos.ksh | 2 +- .../tests/functional/cli_user/misc/misc.cfg | 8 +- .../functional/history/history_002_pos.ksh | 11 ++- .../tests/functional/rsend/rsend_012_pos.ksh | 2 +- 19 files changed, 149 insertions(+), 75 deletions(-) diff --git a/include/os/freebsd/zfs/sys/zfs_vfsops.h b/include/os/freebsd/zfs/sys/zfs_vfsops.h index 70ada204a292..0f2be9430acc 100644 --- a/include/os/freebsd/zfs/sys/zfs_vfsops.h +++ b/include/os/freebsd/zfs/sys/zfs_vfsops.h @@ -59,6 +59,7 @@ struct zfsvfs { boolean_t z_fuid_dirty; /* need to sync fuid table ? */ struct zfs_fuid_info *z_fuid_replay; /* fuid info for replay */ zilog_t *z_log; /* intent log pointer */ + uint_t z_acl_type; /* type of acl usable on this fs */ uint_t z_acl_mode; /* acl chmod/mode behavior */ uint_t z_acl_inherit; /* acl inheritance behavior */ zfs_case_t z_case; /* case-sense */ diff --git a/include/sys/zfs_ioctl.h b/include/sys/zfs_ioctl.h index bfaf81038a8e..3258d9ecf2fd 100644 --- a/include/sys/zfs_ioctl.h +++ b/include/sys/zfs_ioctl.h @@ -67,7 +67,8 @@ extern "C" { * Property values for acltype */ #define ZFS_ACLTYPE_OFF 0 -#define ZFS_ACLTYPE_POSIXACL 1 +#define ZFS_ACLTYPE_POSIX 1 +#define ZFS_ACLTYPE_NFSV4 2 /* * Field manipulation macros for the drr_versioninfo field of the diff --git a/lib/libspl/include/sys/acl.h b/lib/libspl/include/sys/acl.h index e6df864f850f..bace54ccbdf8 100644 --- a/lib/libspl/include/sys/acl.h +++ b/lib/libspl/include/sys/acl.h @@ -19,8 +19,12 @@ * CDDL HEADER END */ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * + * Copyright 2014 Garrett D'Amore + * Copyright 2014 Nexenta Systems, Inc. All rights reserved. + * Copyright 2017 RackTop Systems. */ #ifndef _SYS_ACL_H @@ -74,37 +78,55 @@ typedef struct acl_info acl_t; /* * The following are defined for ace_t. + * + * Note, these are intentionally the same as the Windows + * "File Access Rights Constants" you can find on MSDN. + * (See also: "Standard Access Rights" on MSDN). + * + * The equivalent Windows names for these are just like + * those show below, with FILE_ in place of ACE_, except + * as noted below. Also note that Windows uses a special + * privilege: BYPASS_TRAVERSE_CHECKING, normally granted + * to everyone, that causes the absence of ACE_TRAVERSE + * to be ignored. */ -#define ACE_READ_DATA 0x00000001 -#define ACE_LIST_DIRECTORY 0x00000001 -#define ACE_WRITE_DATA 0x00000002 -#define ACE_ADD_FILE 0x00000002 -#define ACE_APPEND_DATA 0x00000004 -#define ACE_ADD_SUBDIRECTORY 0x00000004 -#define ACE_READ_NAMED_ATTRS 0x00000008 -#define ACE_WRITE_NAMED_ATTRS 0x00000010 -#define ACE_EXECUTE 0x00000020 -#define ACE_DELETE_CHILD 0x00000040 -#define ACE_READ_ATTRIBUTES 0x00000080 -#define ACE_WRITE_ATTRIBUTES 0x00000100 -#define ACE_DELETE 0x00010000 -#define ACE_READ_ACL 0x00020000 -#define ACE_WRITE_ACL 0x00040000 -#define ACE_WRITE_OWNER 0x00080000 -#define ACE_SYNCHRONIZE 0x00100000 - -#define ACE_FILE_INHERIT_ACE 0x0001 -#define ACE_DIRECTORY_INHERIT_ACE 0x0002 -#define ACE_NO_PROPAGATE_INHERIT_ACE 0x0004 -#define ACE_INHERIT_ONLY_ACE 0x0008 +#define ACE_READ_DATA 0x00000001 /* file: read data */ +#define ACE_LIST_DIRECTORY 0x00000001 /* dir: list files */ +#define ACE_WRITE_DATA 0x00000002 /* file: write data */ +#define ACE_ADD_FILE 0x00000002 /* dir: create file */ +#define ACE_APPEND_DATA 0x00000004 /* file: append data */ +#define ACE_ADD_SUBDIRECTORY 0x00000004 /* dir: create subdir */ +#define ACE_READ_NAMED_ATTRS 0x00000008 /* FILE_READ_EA */ +#define ACE_WRITE_NAMED_ATTRS 0x00000010 /* FILE_WRITE_EA */ +#define ACE_EXECUTE 0x00000020 /* file: execute */ +#define ACE_TRAVERSE 0x00000020 /* dir: lookup name */ +#define ACE_DELETE_CHILD 0x00000040 /* dir: unlink child */ +#define ACE_READ_ATTRIBUTES 0x00000080 /* (all) stat, etc. */ +#define ACE_WRITE_ATTRIBUTES 0x00000100 /* (all) utimes, etc. */ +#define ACE_DELETE 0x00010000 /* (all) unlink self */ +#define ACE_READ_ACL 0x00020000 /* (all) getsecattr */ +#define ACE_WRITE_ACL 0x00040000 /* (all) setsecattr */ +#define ACE_WRITE_OWNER 0x00080000 /* (all) chown */ +#define ACE_SYNCHRONIZE 0x00100000 /* (all) see MSDN */ + +/* + * Some of the following are the same as Windows uses. (but NOT ALL!) + * See the "ACE_HEADER" structure description on MSDN for details. + * Comments show relations to the MSDN names. + */ +#define ACE_FILE_INHERIT_ACE 0x0001 /* = OBJECT_INHERIT_ACE */ +#define ACE_DIRECTORY_INHERIT_ACE 0x0002 /* = CONTAINER_INHERIT_ACE */ +#define ACE_NO_PROPAGATE_INHERIT_ACE 0x0004 /* = NO_PROPAGATE_INHERIT_ACE */ +#define ACE_INHERIT_ONLY_ACE 0x0008 /* = INHERIT_ONLY_ACE */ #define ACE_SUCCESSFUL_ACCESS_ACE_FLAG 0x0010 #define ACE_FAILED_ACCESS_ACE_FLAG 0x0020 #define ACE_IDENTIFIER_GROUP 0x0040 -#define ACE_INHERITED_ACE 0x0080 +#define ACE_INHERITED_ACE 0x0080 /* INHERITED_ACE, 0x10 on NT */ #define ACE_OWNER 0x1000 #define ACE_GROUP 0x2000 #define ACE_EVERYONE 0x4000 +/* These four are the same as Windows, but with an ACE_ prefix added. */ #define ACE_ACCESS_ALLOWED_ACE_TYPE 0x0000 #define ACE_ACCESS_DENIED_ACE_TYPE 0x0001 #define ACE_SYSTEM_AUDIT_ACE_TYPE 0x0002 @@ -116,10 +138,9 @@ typedef struct acl_info acl_t; #define ACL_FLAGS_ALL (ACL_AUTO_INHERIT|ACL_PROTECTED| \ ACL_DEFAULTED) -#ifdef _KERNEL - /* * These are only applicable in a CIFS context. + * Here again, same as Windows, but with an ACE_ prefix added. */ #define ACE_ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x04 #define ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE 0x05 @@ -137,6 +158,8 @@ typedef struct acl_info acl_t; #define ACE_ALL_TYPES 0x001F +#if defined(_KERNEL) + typedef struct ace_object { uid_t a_who; /* uid or gid */ uint32_t a_access_mask; /* read,write,... */ @@ -154,6 +177,21 @@ typedef struct ace_object { ACE_WRITE_ATTRIBUTES|ACE_DELETE|ACE_READ_ACL|ACE_WRITE_ACL| \ ACE_WRITE_OWNER|ACE_SYNCHRONIZE) +#define ACE_ALL_WRITE_PERMS (ACE_WRITE_DATA|ACE_APPEND_DATA| \ + ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS|ACE_WRITE_ACL| \ + ACE_WRITE_OWNER|ACE_DELETE|ACE_DELETE_CHILD) + +#define ACE_READ_PERMS (ACE_READ_DATA|ACE_READ_ACL|ACE_READ_ATTRIBUTES| \ + ACE_READ_NAMED_ATTRS) + +#define ACE_WRITE_PERMS (ACE_WRITE_DATA|ACE_APPEND_DATA|ACE_WRITE_ATTRIBUTES| \ + ACE_WRITE_NAMED_ATTRS) + +#define ACE_MODIFY_PERMS (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ + ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_READ_NAMED_ATTRS| \ + ACE_WRITE_NAMED_ATTRS|ACE_EXECUTE|ACE_DELETE_CHILD|ACE_READ_ATTRIBUTES| \ + ACE_WRITE_ATTRIBUTES|ACE_DELETE|ACE_READ_ACL|ACE_SYNCHRONIZE) + /* * The following flags are supported by both NFSv4 ACLs and ace_t. */ @@ -217,6 +255,7 @@ typedef struct ace_object { #define ACL_APPEND_ID 0x1 /* append uid/gid to user/group entries */ #define ACL_COMPACT_FMT 0x2 /* build ACL in ls -V format */ #define ACL_NORESOLVE 0x4 /* don't do name service lookups */ +#define ACL_SID_FMT 0x8 /* use usersid/groupsid when appropriate */ /* * Legacy aclcheck errors for aclent_t ACLs @@ -272,13 +311,8 @@ extern int cmp2acls(void *, void *); #endif /* !defined(_KERNEL) */ -#if defined(__STDC__) extern int acl(const char *path, int cmd, int cnt, void *buf); extern int facl(int fd, int cmd, int cnt, void *buf); -#else /* !__STDC__ */ -extern int acl(); -extern int facl(); -#endif /* defined(__STDC__) */ #ifdef __cplusplus } diff --git a/man/man8/zfsprops.8 b/man/man8/zfsprops.8 index 5a2b45e64f6e..b2436da77443 100644 --- a/man/man8/zfsprops.8 +++ b/man/man8/zfsprops.8 @@ -282,9 +282,8 @@ has been set somewhere in the tree under which the dataset resides. The type of dataset: .Sy filesystem , .Sy volume , -.Sy snapshot , or -.Sy bookmark . +.Sy snapshot . .It Sy used The amount of space consumed by this dataset and all its descendents. This is the value that is checked against this dataset's quota and reservation. @@ -650,9 +649,12 @@ you must first remove all .Tn ACL entries which do not represent the current mode. .El -.It Sy acltype Ns = Ns Sy off Ns | Ns Sy noacl Ns | Ns Sy posixacl +.It Sy acltype Ns = Ns Sy off Ns | Ns Sy nfsv4 Ns | Ns Sy posix Controls whether ACLs are enabled and if so what type of ACL to use. -This property is not visible on FreeBSD yet. +When this property is set to a type of ACL not supported by the current +platform, the behavior is the same as if it were set to +.Sy off +. .Bl -tag -width "posixacl" .It Sy off default, when a file system has the @@ -661,15 +663,27 @@ property set to off then ACLs are disabled. .It Sy noacl an alias for .Sy off -.It Sy posixacl +.It Sy nfsv4 +indicates that NFSv4-style ZFS ACLs should be used. These ACLs can be managed +with the +.Xr getfacl 1 +and +.Xr setfacl 1 +commands on FreeBSD. The +.Sy nfsv4 +ZFS ACL type is not yet supported on Linux. +.It Sy posix indicates POSIX ACLs should be used. POSIX ACLs are specific to Linux and are not functional on other platforms. POSIX ACLs are stored as an extended attribute and therefore will not overwrite any existing NFSv4 ACLs which may be set. +.It Sy posixacl +an alias for +.Sy posix .El .Pp To obtain the best performance when setting -.Sy posixacl +.Sy posix users are strongly encouraged to set the .Sy xattr=sa property. This will result in the POSIX ACL being stored more efficiently on diff --git a/module/os/freebsd/zfs/zfs_acl.c b/module/os/freebsd/zfs/zfs_acl.c index 07fa42fc819b..f04ba98a1b6d 100644 --- a/module/os/freebsd/zfs/zfs_acl.c +++ b/module/os/freebsd/zfs/zfs_acl.c @@ -2532,7 +2532,7 @@ zfs_zaccess(znode_t *zp, int mode, int flags, boolean_t skipaclchk, cred_t *cr) /* * Translate traditional unix VREAD/VWRITE/VEXEC mode into - * native ACL format and call zfs_zaccess() + * NFSv4-style ZFS ACL format and call zfs_zaccess() */ int zfs_zaccess_rwx(znode_t *zp, mode_t mode, int flags, cred_t *cr) diff --git a/module/os/freebsd/zfs/zfs_vfsops.c b/module/os/freebsd/zfs/zfs_vfsops.c index 92a53afc2b5f..4c02d8665b99 100644 --- a/module/os/freebsd/zfs/zfs_vfsops.c +++ b/module/os/freebsd/zfs/zfs_vfsops.c @@ -592,6 +592,14 @@ acl_inherit_changed_cb(void *arg, uint64_t newval) zfsvfs->z_acl_inherit = newval; } +static void +acl_type_changed_cb(void *arg, uint64_t newval) +{ + zfsvfs_t *zfsvfs = arg; + + zfsvfs->z_acl_type = newval; +} + static int zfs_register_callbacks(vfs_t *vfsp) { @@ -722,6 +730,8 @@ zfs_register_callbacks(vfs_t *vfsp) zfs_prop_to_name(ZFS_PROP_EXEC), exec_changed_cb, zfsvfs); error = error ? error : dsl_prop_register(ds, zfs_prop_to_name(ZFS_PROP_SNAPDIR), snapdir_changed_cb, zfsvfs); + error = error ? error : dsl_prop_register(ds, + zfs_prop_to_name(ZFS_PROP_ACLTYPE), acl_type_changed_cb, zfsvfs); error = error ? error : dsl_prop_register(ds, zfs_prop_to_name(ZFS_PROP_ACLMODE), acl_mode_changed_cb, zfsvfs); error = error ? error : dsl_prop_register(ds, @@ -797,6 +807,11 @@ zfsvfs_init(zfsvfs_t *zfsvfs, objset_t *os) return (error); zfsvfs->z_case = (uint_t)val; + error = zfs_get_zplprop(os, ZFS_PROP_ACLTYPE, &val); + if (error != 0) + return (error); + zfsvfs->z_acl_type = (uint_t)val; + /* * Fold case on file systems that are always or sometimes case * insensitive. @@ -1229,6 +1244,10 @@ zfs_domount(vfs_t *vfsp, char *osname) "xattr", &pval, NULL))) goto out; xattr_changed_cb(zfsvfs, pval); + if ((error = dsl_prop_get_integer(osname, + "acltype", &pval, NULL))) + goto out; + acl_type_changed_cb(zfsvfs, pval); zfsvfs->z_issnap = B_TRUE; zfsvfs->z_os->os_sync = ZFS_SYNC_DISABLED; @@ -2399,6 +2418,9 @@ zfs_get_zplprop(objset_t *os, zfs_prop_t prop, uint64_t *value) case ZFS_PROP_CASE: *value = ZFS_CASE_SENSITIVE; break; + case ZFS_PROP_ACLTYPE: + *value = ZFS_ACLTYPE_OFF; + break; default: return (error); } diff --git a/module/os/linux/zfs/zfs_acl.c b/module/os/linux/zfs/zfs_acl.c index 87547eb54ec6..5b2ccca7354d 100644 --- a/module/os/linux/zfs/zfs_acl.c +++ b/module/os/linux/zfs/zfs_acl.c @@ -1153,7 +1153,7 @@ zfs_acl_chown_setattr(znode_t *zp) int error; zfs_acl_t *aclp; - if (ZTOZSB(zp)->z_acl_type == ZFS_ACLTYPE_POSIXACL) + if (ZTOZSB(zp)->z_acl_type == ZFS_ACLTYPE_POSIX) return (0); ASSERT(MUTEX_HELD(&zp->z_lock)); @@ -2662,7 +2662,7 @@ zfs_zaccess(znode_t *zp, int mode, int flags, boolean_t skipaclchk, cred_t *cr) /* * Translate traditional unix S_IRUSR/S_IWUSR/S_IXUSR mode into - * native ACL format and call zfs_zaccess() + * NFSv4-style ZFS ACL format and call zfs_zaccess() */ int zfs_zaccess_rwx(znode_t *zp, mode_t mode, int flags, cred_t *cr) diff --git a/module/os/linux/zfs/zfs_vfsops.c b/module/os/linux/zfs/zfs_vfsops.c index db831bf54704..7e674f028ee5 100644 --- a/module/os/linux/zfs/zfs_vfsops.c +++ b/module/os/linux/zfs/zfs_vfsops.c @@ -352,13 +352,14 @@ acltype_changed_cb(void *arg, uint64_t newval) zfsvfs_t *zfsvfs = arg; switch (newval) { + case ZFS_ACLTYPE_NFSV4: case ZFS_ACLTYPE_OFF: zfsvfs->z_acl_type = ZFS_ACLTYPE_OFF; zfsvfs->z_sb->s_flags &= ~SB_POSIXACL; break; - case ZFS_ACLTYPE_POSIXACL: + case ZFS_ACLTYPE_POSIX: #ifdef CONFIG_FS_POSIX_ACL - zfsvfs->z_acl_type = ZFS_ACLTYPE_POSIXACL; + zfsvfs->z_acl_type = ZFS_ACLTYPE_POSIX; zfsvfs->z_sb->s_flags |= SB_POSIXACL; #else zfsvfs->z_acl_type = ZFS_ACLTYPE_OFF; diff --git a/module/os/linux/zfs/zpl_super.c b/module/os/linux/zfs/zpl_super.c index 75adff51782e..1882e29f20fa 100644 --- a/module/os/linux/zfs/zpl_super.c +++ b/module/os/linux/zfs/zpl_super.c @@ -190,7 +190,7 @@ __zpl_show_options(struct seq_file *seq, zfsvfs_t *zfsvfs) #ifdef CONFIG_FS_POSIX_ACL switch (zfsvfs->z_acl_type) { - case ZFS_ACLTYPE_POSIXACL: + case ZFS_ACLTYPE_POSIX: seq_puts(seq, ",posixacl"); break; default: diff --git a/module/os/linux/zfs/zpl_xattr.c b/module/os/linux/zfs/zpl_xattr.c index fa3c036405b0..9b5fd0fd397b 100644 --- a/module/os/linux/zfs/zpl_xattr.c +++ b/module/os/linux/zfs/zpl_xattr.c @@ -1058,7 +1058,7 @@ zpl_init_acl(struct inode *ip, struct inode *dir) struct posix_acl *acl = NULL; int error = 0; - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) + if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) return (0); if (!S_ISLNK(ip->i_mode)) { @@ -1103,7 +1103,7 @@ zpl_chmod_acl(struct inode *ip) struct posix_acl *acl; int error; - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) + if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) return (0); if (S_ISLNK(ip->i_mode)) @@ -1129,7 +1129,7 @@ __zpl_xattr_acl_list_access(struct inode *ip, char *list, size_t list_size, char *xattr_name = XATTR_NAME_POSIX_ACL_ACCESS; size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_ACCESS); - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) + if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) return (0); if (list && xattr_size <= list_size) @@ -1146,7 +1146,7 @@ __zpl_xattr_acl_list_default(struct inode *ip, char *list, size_t list_size, char *xattr_name = XATTR_NAME_POSIX_ACL_DEFAULT; size_t xattr_size = sizeof (XATTR_NAME_POSIX_ACL_DEFAULT); - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) + if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) return (0); if (list && xattr_size <= list_size) @@ -1168,7 +1168,7 @@ __zpl_xattr_acl_get_access(struct inode *ip, const char *name, if (strcmp(name, "") != 0) return (-EINVAL); #endif - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) + if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) return (-EOPNOTSUPP); acl = zpl_get_acl(ip, type); @@ -1196,7 +1196,7 @@ __zpl_xattr_acl_get_default(struct inode *ip, const char *name, if (strcmp(name, "") != 0) return (-EINVAL); #endif - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) + if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) return (-EOPNOTSUPP); acl = zpl_get_acl(ip, type); @@ -1224,7 +1224,7 @@ __zpl_xattr_acl_set_access(struct inode *ip, const char *name, if (strcmp(name, "") != 0) return (-EINVAL); #endif - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) + if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) return (-EOPNOTSUPP); if (!inode_owner_or_capable(ip)) @@ -1264,7 +1264,7 @@ __zpl_xattr_acl_set_default(struct inode *ip, const char *name, if (strcmp(name, "") != 0) return (-EINVAL); #endif - if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIXACL) + if (ITOZSB(ip)->z_acl_type != ZFS_ACLTYPE_POSIX) return (-EOPNOTSUPP); if (!inode_owner_or_capable(ip)) diff --git a/module/zcommon/zfs_prop.c b/module/zcommon/zfs_prop.c index 3a005b687bbf..275bd1b5e110 100644 --- a/module/zcommon/zfs_prop.c +++ b/module/zcommon/zfs_prop.c @@ -170,9 +170,11 @@ zfs_prop_init(void) static zprop_index_t acltype_table[] = { { "off", ZFS_ACLTYPE_OFF }, - { "disabled", ZFS_ACLTYPE_OFF }, - { "noacl", ZFS_ACLTYPE_OFF }, - { "posixacl", ZFS_ACLTYPE_POSIXACL }, + { "disabled", ZFS_ACLTYPE_OFF }, /* bkwrd compatibility */ + { "noacl", ZFS_ACLTYPE_OFF }, /* bkwrd compatibility */ + { "posixacl", ZFS_ACLTYPE_POSIX }, /* bkwrd compatibility */ + { "posix", ZFS_ACLTYPE_POSIX }, + { "nfsv4", ZFS_ACLTYPE_NFSV4}, { NULL } }; @@ -342,11 +344,9 @@ zfs_prop_init(void) PROP_INHERIT, ZFS_TYPE_FILESYSTEM, "discard | groupmask | passthrough | restricted", "ACLMODE", acl_mode_table); -#ifndef __FreeBSD__ zprop_register_index(ZFS_PROP_ACLTYPE, "acltype", ZFS_ACLTYPE_OFF, PROP_INHERIT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT, - "noacl | posixacl", "ACLTYPE", acltype_table); -#endif + "off | nfsv4 | posix", "ACLTYPE", acltype_table); zprop_register_index(ZFS_PROP_ACLINHERIT, "aclinherit", ZFS_ACL_RESTRICTED, PROP_INHERIT, ZFS_TYPE_FILESYSTEM, "discard | noallow | restricted | passthrough | passthrough-x", diff --git a/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh b/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh index 66124fe9cc31..d62bf9c346b6 100755 --- a/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh +++ b/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh @@ -34,7 +34,7 @@ # # DESCRIPTION: -# Verify that user can access file/directory if acltype=posixacl. +# Verify that user can access file/directory if acltype=posix. # # STRATEGY: # 1. Test access to file (mode=rw-) @@ -50,7 +50,7 @@ function cleanup rmdir $TESTDIR/dir.0 } -log_assert "Verify acltype=posixacl works on file" +log_assert "Verify acltype=posix works on file" log_onexit cleanup # Test access to FILE diff --git a/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh b/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh index 1aceffd15692..d9b5036458f8 100755 --- a/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh +++ b/tests/zfs-tests/tests/functional/acl/posix/posix_002_pos.ksh @@ -34,7 +34,7 @@ # # DESCRIPTION: -# Verify that user can access file/directory if acltype=posixacl. +# Verify that user can access file/directory if acltype=posix. # # STRATEGY: # 1. Test access to directory (mode=-wx) @@ -43,7 +43,7 @@ # verify_runnable "both" -log_assert "Verify acltype=posixacl works on directory" +log_assert "Verify acltype=posix works on directory" # Test access to DIRECTORY log_note "Testing access to DIRECTORY" diff --git a/tests/zfs-tests/tests/functional/acl/posix/setup.ksh b/tests/zfs-tests/tests/functional/acl/posix/setup.ksh index 5d6d15864134..d8bf8a638e7b 100755 --- a/tests/zfs-tests/tests/functional/acl/posix/setup.ksh +++ b/tests/zfs-tests/tests/functional/acl/posix/setup.ksh @@ -46,7 +46,7 @@ default_setup_noexit $DISK log_must chmod 777 $TESTDIR # Use POSIX ACLs on filesystem -log_must zfs set acltype=posixacl $TESTPOOL/$TESTFS +log_must zfs set acltype=posix $TESTPOOL/$TESTFS log_must zfs set xattr=sa $TESTPOOL/$TESTFS log_pass diff --git a/tests/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_021_pos.ksh b/tests/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_021_pos.ksh index 6ea1573241f0..655f887b60ad 100755 --- a/tests/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_021_pos.ksh +++ b/tests/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_021_pos.ksh @@ -68,7 +68,7 @@ set -A RW_FS_PROP "quota=536870912" \ "setuid=off" \ "readonly=on" \ "snapdir=visible" \ - "acltype=posixacl" \ + "acltype=posix" \ "aclinherit=discard" \ "canmount=off" if is_freebsd; then diff --git a/tests/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_022_pos.ksh b/tests/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_022_pos.ksh index 349f73fecca5..4a918c0a683a 100755 --- a/tests/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_022_pos.ksh +++ b/tests/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_022_pos.ksh @@ -68,7 +68,7 @@ set -A RW_FS_PROP "quota=536870912" \ "setuid=off" \ "readonly=on" \ "snapdir=visible" \ - "acltype=posixacl" \ + "acltype=posix" \ "aclinherit=discard" \ "canmount=off" diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/misc.cfg b/tests/zfs-tests/tests/functional/cli_user/misc/misc.cfg index af867ded5374..35a02983b6c5 100644 --- a/tests/zfs-tests/tests/functional/cli_user/misc/misc.cfg +++ b/tests/zfs-tests/tests/functional/cli_user/misc/misc.cfg @@ -41,7 +41,7 @@ if is_linux; then # zfs get/set subcommands - ordered as per the list above so we # can iterate over both sets in an array PROP_VALS="\ - posixacl on \ + posix on \ fletcher2 on on \ on legacy none on \ 128K none on \ @@ -49,7 +49,7 @@ if is_linux; then # these are an alternate set of property values PROP_ALTVALS="\ - noacl off \ + nfsv4 off \ fletcher4 lzjb off \ off /tmp/zfstest 100M off \ 512 10m off \ @@ -66,7 +66,7 @@ elif is_freebsd; then # zfs get/set subcommands - ordered as per the list above so we # can iterate over both sets in an array PROP_VALS="\ - posixacl on \ + posix on \ fletcher2 on on \ on legacy none on \ 128K none on \ @@ -74,7 +74,7 @@ elif is_freebsd; then # these are an alternate set of property values PROP_ALTVALS="\ - noacl off \ + off off \ fletcher4 lzjb off \ off /tmp/zfstest 100M off \ 512 10m off \ diff --git a/tests/zfs-tests/tests/functional/history/history_002_pos.ksh b/tests/zfs-tests/tests/functional/history/history_002_pos.ksh index 5b9384b1bfd8..332752bd552a 100755 --- a/tests/zfs-tests/tests/functional/history/history_002_pos.ksh +++ b/tests/zfs-tests/tests/functional/history/history_002_pos.ksh @@ -72,8 +72,8 @@ props=( mountpoint /history.$$ mountpoint legacy mountpoint none compression lz4 compression on compression off - compression lzjb acltype noacl - acltype posixacl xattr sa + compression lzjb acltype off + acltype posix acltype nfsv4 atime on atime off devices on devices off exec on exec off @@ -84,9 +84,9 @@ props=( aclinherit discard aclinherit noallow aclinherit secure aclinherit passthrough canmount off canmount on - xattr on xattr off compression gzip compression gzip-$((RANDOM%9 + 1)) - copies $((RANDOM%3 + 1)) + xattr on xattr off + xattr sa copies $((RANDOM%3 + 1)) ) elif is_freebsd; then # property value property value @@ -111,7 +111,8 @@ props=( aclinherit secure aclinherit passthrough canmount off canmount on compression gzip compression gzip-$((RANDOM%9 + 1)) - copies $((RANDOM%3 + 1)) + acltype posix acltype nfsv4 + acltype off copies $((RANDOM%3 + 1)) ) else # property value property value diff --git a/tests/zfs-tests/tests/functional/rsend/rsend_012_pos.ksh b/tests/zfs-tests/tests/functional/rsend/rsend_012_pos.ksh index 0441f7ff32be..6434a40d754f 100755 --- a/tests/zfs-tests/tests/functional/rsend/rsend_012_pos.ksh +++ b/tests/zfs-tests/tests/functional/rsend/rsend_012_pos.ksh @@ -116,7 +116,7 @@ for fs in "$POOL" "$POOL/pclone" "$POOL/$FS" "$POOL/$FS/fs1" \ "$POOL/$FS/fs1/fs2" "$POOL/$FS/fs1/fclone" ; do rand_set_prop $fs aclinherit "discard" "noallow" "secure" "passthrough" rand_set_prop $fs checksum "on" "off" "fletcher2" "fletcher4" "sha256" - rand_set_prop $fs acltype "off" "noacl" "posixacl" + rand_set_prop $fs acltype "off" "nfsv4" "posix" "noacl" "posixacl" rand_set_prop $fs atime "on" "off" rand_set_prop $fs checksum "on" "off" "fletcher2" "fletcher4" "sha256" rand_set_prop $fs compression "${compress_prop_vals[@]}"