Clarify comments in config/*.m4, vdev_geom.c, zfs_allow_*.ksh
Rephrase comments to be more clear. Reviewed-by: Serapheim Dimitropoulos <serapheim@delphix.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Ryan Moeller <ryan@iXsystems.com> Signed-off-by: Matthew Ahrens <mahrens@delphix.com> Closes #10481
This commit is contained in:
parent
745ace3f24
commit
540493ba4f
|
@ -29,9 +29,9 @@ AC_DEFUN([AM_ICONV_LINK],
|
||||||
AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY])
|
AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY])
|
||||||
|
|
||||||
dnl Add $INCICONV to CPPFLAGS before performing the following checks,
|
dnl Add $INCICONV to CPPFLAGS before performing the following checks,
|
||||||
dnl because if the user has installed libiconv and not disabled its use
|
dnl so that if libiconv is installed, it will be used (unless disabled
|
||||||
dnl via --without-libiconv-prefix, he wants to use it. The first
|
dnl via --without-libiconv-prefix). The first AC_LINK_IFELSE will
|
||||||
dnl AC_LINK_IFELSE will then fail, the second AC_LINK_IFELSE will succeed.
|
dnl then fail, the second AC_LINK_IFELSE will succeed.
|
||||||
am_save_CPPFLAGS="$CPPFLAGS"
|
am_save_CPPFLAGS="$CPPFLAGS"
|
||||||
AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCICONV])
|
AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCICONV])
|
||||||
|
|
||||||
|
|
|
@ -67,8 +67,8 @@ AC_DEFUN([AC_LIB_HAVE_LINKFLAGS],
|
||||||
AC_LIB_LINKFLAGS_BODY([$1], [$2])
|
AC_LIB_LINKFLAGS_BODY([$1], [$2])
|
||||||
|
|
||||||
dnl Add $INC[]NAME to CPPFLAGS before performing the following checks,
|
dnl Add $INC[]NAME to CPPFLAGS before performing the following checks,
|
||||||
dnl because if the user has installed lib[]Name and not disabled its use
|
dnl so that if lib[]Name is installed, it will be used (unless
|
||||||
dnl via --without-lib[]Name-prefix, he wants to use it.
|
dnl disabled via --without-lib[]Name-prefix).
|
||||||
ac_save_CPPFLAGS="$CPPFLAGS"
|
ac_save_CPPFLAGS="$CPPFLAGS"
|
||||||
AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
|
AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
|
||||||
|
|
||||||
|
|
|
@ -8,10 +8,9 @@ dnl From Bruno Haible.
|
||||||
|
|
||||||
dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed
|
dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed
|
||||||
dnl to access previously installed libraries. The basic assumption is that
|
dnl to access previously installed libraries. The basic assumption is that
|
||||||
dnl a user will want packages to use other packages he previously installed
|
dnl packages should use other packages that are installed with the same
|
||||||
dnl with the same --prefix option.
|
dnl --prefix option. This macro is not needed if only AC_LIB_LINKFLAGS is
|
||||||
dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate
|
dnl used to locate libraries, but is otherwise very convenient.
|
||||||
dnl libraries, but is otherwise very convenient.
|
|
||||||
AC_DEFUN([AC_LIB_PREFIX],
|
AC_DEFUN([AC_LIB_PREFIX],
|
||||||
[
|
[
|
||||||
AC_BEFORE([$0], [AC_LIB_LINKFLAGS])
|
AC_BEFORE([$0], [AC_LIB_LINKFLAGS])
|
||||||
|
|
|
@ -844,7 +844,7 @@ vdev_geom_open(vdev_t *vd, uint64_t *psize, uint64_t *max_psize,
|
||||||
* opened (since boot), and we are not loading an
|
* opened (since boot), and we are not loading an
|
||||||
* existing pool configuration. This looks like a
|
* existing pool configuration. This looks like a
|
||||||
* vdev add operation to a new or existing pool.
|
* vdev add operation to a new or existing pool.
|
||||||
* Assume the user knows what he/she is doing and find
|
* Assume the user really wants to do this, and find
|
||||||
* GEOM provider by its name, ignoring GUID mismatches.
|
* GEOM provider by its name, ignoring GUID mismatches.
|
||||||
*
|
*
|
||||||
* XXPOLICY: It would be safer to only allow a device
|
* XXPOLICY: It would be safer to only allow a device
|
||||||
|
|
|
@ -66,7 +66,7 @@ log_must zfs create $childfs
|
||||||
log_must zfs create $grandchild
|
log_must zfs create $grandchild
|
||||||
|
|
||||||
#
|
#
|
||||||
# Setting different permissions to the same set on two level.
|
# Setting different permissions to the same set on two levels.
|
||||||
# But only assign the user at one level.
|
# But only assign the user at one level.
|
||||||
#
|
#
|
||||||
log_must zfs allow -s @set $perms1 $ROOT_TESTFS
|
log_must zfs allow -s @set $perms1 $ROOT_TESTFS
|
||||||
|
@ -74,7 +74,8 @@ log_must zfs allow -s @set $perms2 $childfs
|
||||||
log_must zfs allow $STAFF1 @set $childfs
|
log_must zfs allow $STAFF1 @set $childfs
|
||||||
|
|
||||||
#
|
#
|
||||||
# Verify only perms2 is valid to user on the level which he was assigned.
|
# Verify that the user only has the permissions that they were assigned
|
||||||
|
# in each filesystem.
|
||||||
#
|
#
|
||||||
log_must verify_noperm $ROOT_TESTFS $perms1 $STAFF1
|
log_must verify_noperm $ROOT_TESTFS $perms1 $STAFF1
|
||||||
for fs in $childfs $grandchild ; do
|
for fs in $childfs $grandchild ; do
|
||||||
|
|
|
@ -33,13 +33,13 @@
|
||||||
|
|
||||||
#
|
#
|
||||||
# DESCRIPTION:
|
# DESCRIPTION:
|
||||||
# non-root user can allow any permissions which he is holding to
|
# A non-root user can use 'zfs allow' to delegate permissions that
|
||||||
# other else user when it get 'allow' permission.
|
# they have, if they also have the 'allow' permission.
|
||||||
#
|
#
|
||||||
# STRATEGY:
|
# STRATEGY:
|
||||||
# 1. Set two set permissions to two datasets locally.
|
# 1. Set two set permissions to two datasets locally.
|
||||||
# 2. Verify the non-root user can allow permission if he has allow
|
# 2. Verify the non-root user can use 'zfs allow' if they have
|
||||||
# permission.
|
# 'allow' permission.
|
||||||
#
|
#
|
||||||
|
|
||||||
verify_runnable "both"
|
verify_runnable "both"
|
||||||
|
@ -69,8 +69,8 @@ for dtst in $DATASETS ; do
|
||||||
log_must user_run $STAFF1 zfs allow -l $OTHER1 $perms1 $dtst
|
log_must user_run $STAFF1 zfs allow -l $OTHER1 $perms1 $dtst
|
||||||
log_must verify_perm $dtst $perms1 $OTHER1
|
log_must verify_perm $dtst $perms1 $OTHER1
|
||||||
|
|
||||||
# $perms2 was not allow to $STAFF1, so he have no permission to
|
# $perms2 was not allowed to $STAFF1, so they do not have
|
||||||
# delegate permission to other else.
|
# permission to delegate permission to other users.
|
||||||
log_mustnot user_run $STAFF1 zfs allow $OTHER1 $perms2 $dtst
|
log_mustnot user_run $STAFF1 zfs allow $OTHER1 $perms2 $dtst
|
||||||
log_must verify_noperm $dtst $perms2 $OTHER1
|
log_must verify_noperm $dtst $perms2 $OTHER1
|
||||||
done
|
done
|
||||||
|
|
Loading…
Reference in New Issue