From 4a1195ca5041cbff2a6b025a31937fef84876c52 Mon Sep 17 00:00:00 2001 From: Allan Jude Date: Tue, 14 Sep 2021 19:10:00 -0400 Subject: [PATCH] Temporarily use root credentials to mount snapshots in .zfs When mounting a snapshot in the .zfs/snapshots control directory, temporarily assume roots credentials to perform the VFS_MOUNT(). This allows regular users and users inside jails to access these snapshots. The regular usermount code is not helpful here, since it requires that the user performing the mount own the mountpoint, which won't be the case for .zfs/snapshot/ Reviewed-by: Brian Behlendorf Reviewed-by: Tony Nguyen Signed-off-by: Allan Jude Sponsored-By: Modirum MDPay Sponsored-By: Klara Inc. Closes #11312 --- module/os/freebsd/spl/spl_vfs.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/module/os/freebsd/spl/spl_vfs.c b/module/os/freebsd/spl/spl_vfs.c index 60ea627e97..3f4feb140d 100644 --- a/module/os/freebsd/spl/spl_vfs.c +++ b/module/os/freebsd/spl/spl_vfs.c @@ -125,7 +125,7 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const char *fstype, char *fspath, struct vfsconf *vfsp; struct mount *mp; vnode_t *vp, *mvp; - struct ucred *cr; + struct ucred *pcr, *tcr; int error; ASSERT_VOP_ELOCKED(*vpp, "mount_snapshot"); @@ -194,14 +194,18 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const char *fstype, char *fspath, * mount(8) and df(1) output. */ mp->mnt_flag |= MNT_IGNORE; + /* * XXX: This is evil, but we can't mount a snapshot as a regular user. * XXX: Is is safe when snapshot is mounted from within a jail? */ - cr = td->td_ucred; + tcr = td->td_ucred; + pcr = td->td_proc->p_ucred; td->td_ucred = kcred; + td->td_proc->p_ucred = kcred; error = VFS_MOUNT(mp); - td->td_ucred = cr; + td->td_ucred = tcr; + td->td_proc->p_ucred = pcr; if (error != 0) { /*