OpenZFS 3254 - add support in zfs for aclmode=restricted
Authored-by: Paul B. Henson <henson@acm.org> Reviewed by: Albert Lee <trisk@nexenta.com> Reviewed by: Gordon Ross <gwr@nexenta.com> Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov> Approved by: Richard Lowe <richlowe@richlowe.net> Ported-by: Paul B. Henson <henson@acm.org> OpenZFS-issue: https://www.illumos.org/issues/3254 OpenZFS-commit: https://github.com/openzfs/openzfs/commit/71dbfc287c Closes #10266
This commit is contained in:
parent
a1af567bb6
commit
7bf3e1fa0f
|
@ -601,7 +601,7 @@ The
|
||||||
property does not apply to POSIX ACLs.
|
property does not apply to POSIX ACLs.
|
||||||
.It Xo
|
.It Xo
|
||||||
.Sy aclmode Ns = Ns Sy discard Ns | Ns Sy groupmask Ns | Ns
|
.Sy aclmode Ns = Ns Sy discard Ns | Ns Sy groupmask Ns | Ns
|
||||||
.Sy passthrough Ns
|
.Sy passthrough Ns | Ns Sy restricted Ns
|
||||||
.Xc
|
.Xc
|
||||||
Controls how an ACL is modified during chmod(2) and how inherited ACEs
|
Controls how an ACL is modified during chmod(2) and how inherited ACEs
|
||||||
are modified by the file creation mode.
|
are modified by the file creation mode.
|
||||||
|
|
|
@ -3077,6 +3077,12 @@ top:
|
||||||
uint64_t acl_obj;
|
uint64_t acl_obj;
|
||||||
new_mode = (pmode & S_IFMT) | (vap->va_mode & ~S_IFMT);
|
new_mode = (pmode & S_IFMT) | (vap->va_mode & ~S_IFMT);
|
||||||
|
|
||||||
|
if (ZTOZSB(zp)->z_acl_mode == ZFS_ACL_RESTRICTED &&
|
||||||
|
!(zp->z_pflags & ZFS_ACL_TRIVIAL)) {
|
||||||
|
err = EPERM;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
if ((err = zfs_acl_chmod_setattr(zp, &aclp, new_mode)))
|
if ((err = zfs_acl_chmod_setattr(zp, &aclp, new_mode)))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
|
|
|
@ -176,13 +176,6 @@ zfs_prop_init(void)
|
||||||
{ NULL }
|
{ NULL }
|
||||||
};
|
};
|
||||||
|
|
||||||
static zprop_index_t acl_mode_table[] = {
|
|
||||||
{ "discard", ZFS_ACL_DISCARD },
|
|
||||||
{ "groupmask", ZFS_ACL_GROUPMASK },
|
|
||||||
{ "passthrough", ZFS_ACL_PASSTHROUGH },
|
|
||||||
{ NULL }
|
|
||||||
};
|
|
||||||
|
|
||||||
static zprop_index_t acl_inherit_table[] = {
|
static zprop_index_t acl_inherit_table[] = {
|
||||||
{ "discard", ZFS_ACL_DISCARD },
|
{ "discard", ZFS_ACL_DISCARD },
|
||||||
{ "noallow", ZFS_ACL_NOALLOW },
|
{ "noallow", ZFS_ACL_NOALLOW },
|
||||||
|
@ -349,9 +342,11 @@ zfs_prop_init(void)
|
||||||
PROP_INHERIT, ZFS_TYPE_FILESYSTEM,
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM,
|
||||||
"discard | groupmask | passthrough | restricted", "ACLMODE",
|
"discard | groupmask | passthrough | restricted", "ACLMODE",
|
||||||
acl_mode_table);
|
acl_mode_table);
|
||||||
|
#ifndef __FreeBSD__
|
||||||
zprop_register_index(ZFS_PROP_ACLTYPE, "acltype", ZFS_ACLTYPE_OFF,
|
zprop_register_index(ZFS_PROP_ACLTYPE, "acltype", ZFS_ACLTYPE_OFF,
|
||||||
PROP_INHERIT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT,
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT,
|
||||||
"noacl | posixacl", "ACLTYPE", acltype_table);
|
"noacl | posixacl", "ACLTYPE", acltype_table);
|
||||||
|
#endif
|
||||||
zprop_register_index(ZFS_PROP_ACLINHERIT, "aclinherit",
|
zprop_register_index(ZFS_PROP_ACLINHERIT, "aclinherit",
|
||||||
ZFS_ACL_RESTRICTED, PROP_INHERIT, ZFS_TYPE_FILESYSTEM,
|
ZFS_ACL_RESTRICTED, PROP_INHERIT, ZFS_TYPE_FILESYSTEM,
|
||||||
"discard | noallow | restricted | passthrough | passthrough-x",
|
"discard | noallow | restricted | passthrough | passthrough-x",
|
||||||
|
|
Loading…
Reference in New Issue