From f74b821a6696fef9e9953aae05941e99bf83800e Mon Sep 17 00:00:00 2001 From: Brian Behlendorf Date: Tue, 7 Jun 2016 09:16:52 -0700 Subject: [PATCH] Add `zfs allow` and `zfs unallow` support ZFS allows for specific permissions to be delegated to normal users with the `zfs allow` and `zfs unallow` commands. In addition, non- privileged users should be able to run all of the following commands: * zpool [list | iostat | status | get] * zfs [list | get] Historically this functionality was not available on Linux. In order to add it the secpolicy_* functions needed to be implemented and mapped to the equivalent Linux capability. Only then could the permissions on the `/dev/zfs` be relaxed and the internal ZFS permission checks used. Even with this change some limitations remain. Under Linux only the root user is allowed to modify the namespace (unless it's a private namespace). This means the mount, mountpoint, canmount, unmount, and remount delegations cannot be supported with the existing code. It may be possible to add this functionality in the future. This functionality was validated with the cli_user and delegation test cases from the ZFS Test Suite. These tests exhaustively verify each of the supported permissions which can be delegated and ensures only an authorized user can perform it. Two minor bug fixes were required for test-running.py. First, the Timer() object cannot be safely created in a `try:` block when there is an unconditional `finally` block which references it. Second, when running as a normal user also check for scripts using the both the .ksh and .sh suffixes. Finally, existing users who are simulating delegations by setting group permissions on the /dev/zfs device should revert that customization when updating to a version with this change. Signed-off-by: Brian Behlendorf Signed-off-by: Tony Hutter Closes #362 Closes #434 Closes #4100 Closes #4394 Closes #4410 Closes #4487 --- cmd/zfs/zfs_main.c | 7 +- cmd/zpool/zpool_main.c | 26 +- include/sys/Makefile.am | 1 + include/sys/policy.h | 60 ++++ include/sys/zfs_context.h | 1 + lib/libspl/include/Makefile.am | 1 - lib/libspl/include/priv.h | 46 --- lib/libzfs/libzfs_dataset.c | 1 - lib/libzpool/kernel.c | 6 + man/man8/zfs.8 | 8 +- module/zfs/Makefile.in | 1 + module/zfs/dmu_objset.c | 1 + module/zfs/dmu_send.c | 1 + module/zfs/dsl_dataset.c | 1 + module/zfs/policy.c | 303 ++++++++++++++++++ module/zfs/zfs_acl.c | 4 - module/zfs/zfs_ctldir.c | 4 +- module/zfs/zfs_fuid.c | 8 +- module/zfs/zfs_ioctl.c | 46 ++- scripts/common.sh.in | 11 - scripts/zconfig.sh | 11 + tests/runfiles/linux.run | 63 ++-- tests/test-runner/cmd/test-runner.py | 11 +- tests/zfs-tests/include/libtest.shlib | 15 +- .../functional/cli_user/misc/cleanup.ksh | 2 +- .../tests/functional/cli_user/misc/misc.cfg | 72 +++-- .../tests/functional/cli_user/misc/setup.ksh | 6 +- .../functional/cli_user/misc/zdb_001_neg.ksh | 2 +- .../functional/cli_user/misc/zfs_001_neg.ksh | 2 +- .../cli_user/misc/zfs_allow_001_neg.ksh | 2 +- .../cli_user/misc/zfs_clone_001_neg.ksh | 2 +- .../cli_user/misc/zfs_create_001_neg.ksh | 2 +- .../cli_user/misc/zfs_destroy_001_neg.ksh | 2 +- .../cli_user/misc/zfs_get_001_neg.ksh | 2 +- .../cli_user/misc/zfs_inherit_001_neg.ksh | 2 +- .../cli_user/misc/zfs_mount_001_neg.ksh | 2 +- .../cli_user/misc/zfs_promote_001_neg.ksh | 2 +- .../cli_user/misc/zfs_receive_001_neg.ksh | 2 +- .../cli_user/misc/zfs_rename_001_neg.ksh | 2 +- .../cli_user/misc/zfs_rollback_001_neg.ksh | 2 +- .../cli_user/misc/zfs_send_001_neg.ksh | 2 +- .../cli_user/misc/zfs_set_001_neg.ksh | 2 +- .../cli_user/misc/zfs_share_001_neg.ksh | 2 +- .../cli_user/misc/zfs_snapshot_001_neg.ksh | 2 +- .../cli_user/misc/zfs_unallow_001_neg.ksh | 2 +- .../cli_user/misc/zfs_unmount_001_neg.ksh | 2 +- .../cli_user/misc/zfs_unshare_001_neg.ksh | 2 +- .../cli_user/misc/zfs_upgrade_001_neg.ksh | 2 +- .../cli_user/misc/zpool_001_neg.ksh | 2 +- .../cli_user/misc/zpool_add_001_neg.ksh | 24 +- .../cli_user/misc/zpool_attach_001_neg.ksh | 2 +- .../cli_user/misc/zpool_clear_001_neg.ksh | 2 +- .../cli_user/misc/zpool_create_001_neg.ksh | 24 +- .../cli_user/misc/zpool_destroy_001_neg.ksh | 2 +- .../cli_user/misc/zpool_detach_001_neg.ksh | 2 +- .../cli_user/misc/zpool_export_001_neg.ksh | 2 +- .../cli_user/misc/zpool_get_001_neg.ksh | 2 +- .../cli_user/misc/zpool_history_001_neg.ksh | 2 +- .../cli_user/misc/zpool_import_001_neg.ksh | 2 +- .../cli_user/misc/zpool_import_002_neg.ksh | 2 +- .../cli_user/misc/zpool_offline_001_neg.ksh | 2 +- .../cli_user/misc/zpool_online_001_neg.ksh | 2 +- .../cli_user/misc/zpool_remove_001_neg.ksh | 2 +- .../cli_user/misc/zpool_replace_001_neg.ksh | 2 +- .../cli_user/misc/zpool_scrub_001_neg.ksh | 2 +- .../cli_user/misc/zpool_set_001_neg.ksh | 2 +- .../cli_user/misc/zpool_status_001_neg.ksh | 2 +- .../cli_user/misc/zpool_upgrade_001_neg.ksh | 2 +- .../tests/functional/delegate/cleanup.ksh | 11 +- .../tests/functional/delegate/delegate.cfg | 19 +- .../delegate/delegate_common.kshlib | 48 ++- .../tests/functional/delegate/setup.ksh | 17 +- .../functional/delegate/zfs_allow_001_pos.ksh | 4 +- .../functional/delegate/zfs_allow_002_pos.ksh | 2 +- .../functional/delegate/zfs_allow_010_pos.ksh | 38 +++ .../functional/delegate/zfs_allow_012_neg.ksh | 8 + .../delegate/zfs_unallow_008_neg.ksh | 9 + udev/rules.d/90-zfs.rules.in | 2 +- 78 files changed, 759 insertions(+), 242 deletions(-) create mode 100644 include/sys/policy.h delete mode 100644 lib/libspl/include/priv.h create mode 100644 module/zfs/policy.c diff --git a/cmd/zfs/zfs_main.c b/cmd/zfs/zfs_main.c index 7525afcbfd..8bcff2dba7 100644 --- a/cmd/zfs/zfs_main.c +++ b/cmd/zfs/zfs_main.c @@ -610,7 +610,12 @@ zfs_mount_and_share(libzfs_handle_t *hdl, const char *dataset, zfs_type_t type) */ if (zfs_prop_valid_for_type(ZFS_PROP_CANMOUNT, type, B_FALSE) && zfs_prop_get_int(zhp, ZFS_PROP_CANMOUNT) == ZFS_CANMOUNT_ON) { - if (zfs_mount(zhp, NULL, 0) != 0) { + if (geteuid() != 0) { + (void) fprintf(stderr, gettext("filesystem " + "successfully created, but it may only be " + "mounted by root\n")); + ret = 1; + } else if (zfs_mount(zhp, NULL, 0) != 0) { (void) fprintf(stderr, gettext("filesystem " "successfully created, but not mounted\n")); ret = 1; diff --git a/cmd/zpool/zpool_main.c b/cmd/zpool/zpool_main.c index 588af4b695..9041f9c33e 100644 --- a/cmd/zpool/zpool_main.c +++ b/cmd/zpool/zpool_main.c @@ -42,7 +42,6 @@ #include #include #include -#include #include #include #include @@ -2331,21 +2330,20 @@ zpool_do_import(int argc, char **argv) (void) fprintf(stderr, gettext("too many arguments\n")); usage(B_FALSE); } + } - /* - * Check for the SYS_CONFIG privilege. We do this explicitly - * here because otherwise any attempt to discover pools will - * silently fail. - */ - if (argc == 0 && !priv_ineffect(PRIV_SYS_CONFIG)) { - (void) fprintf(stderr, gettext("cannot " - "discover pools: permission denied\n")); - if (searchdirs != NULL) - free(searchdirs); + /* + * Check for the effective uid. We do this explicitly here because + * otherwise any attempt to discover pools will silently fail. + */ + if (argc == 0 && geteuid() != 0) { + (void) fprintf(stderr, gettext("cannot " + "discover pools: permission denied\n")); + if (searchdirs != NULL) + free(searchdirs); - nvlist_free(policy); - return (1); - } + nvlist_free(policy); + return (1); } /* diff --git a/include/sys/Makefile.am b/include/sys/Makefile.am index 3f87daade2..25e74af182 100644 --- a/include/sys/Makefile.am +++ b/include/sys/Makefile.am @@ -39,6 +39,7 @@ COMMON_H = \ $(top_srcdir)/include/sys/nvpair.h \ $(top_srcdir)/include/sys/nvpair_impl.h \ $(top_srcdir)/include/sys/pathname.h \ + $(top_srcdir)/include/sys/policy.h \ $(top_srcdir)/include/sys/range_tree.h \ $(top_srcdir)/include/sys/refcount.h \ $(top_srcdir)/include/sys/rrwlock.h \ diff --git a/include/sys/policy.h b/include/sys/policy.h new file mode 100644 index 0000000000..23d7d4db77 --- /dev/null +++ b/include/sys/policy.h @@ -0,0 +1,60 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2015, Joyent, Inc. All rights reserved. + * Copyright (c) 2016, Lawrence Livermore National Security, LLC. + */ + +#ifndef _SYS_POLICY_H +#define _SYS_POLICY_H + +#ifdef _KERNEL + +#include +#include +#include +#include + +int secpolicy_nfs(const cred_t *); +int secpolicy_sys_config(const cred_t *, boolean_t); +int secpolicy_vnode_access2(const cred_t *, struct inode *, + uid_t, mode_t, mode_t); +int secpolicy_vnode_any_access(const cred_t *, struct inode *, uid_t); +int secpolicy_vnode_chown(const cred_t *, uid_t); +int secpolicy_vnode_create_gid(const cred_t *); +int secpolicy_vnode_remove(const cred_t *); +int secpolicy_vnode_setdac(const cred_t *, uid_t); +int secpolicy_vnode_setid_retain(const cred_t *, boolean_t); +int secpolicy_vnode_setids_setgids(const cred_t *, gid_t); +int secpolicy_zinject(const cred_t *); +int secpolicy_zfs(const cred_t *); +void secpolicy_setid_clear(vattr_t *, cred_t *); +int secpolicy_setid_setsticky_clear(struct inode *, vattr_t *, + const vattr_t *, cred_t *); +int secpolicy_xvattr(xvattr_t *, uid_t, cred_t *, vtype_t); +int secpolicy_vnode_setattr(cred_t *, struct inode *, struct vattr *, + const struct vattr *, int, int (void *, int, cred_t *), void *); +int secpolicy_basic_link(const cred_t *); + +#endif /* _KERNEL */ +#endif /* _SYS_POLICY_H */ diff --git a/include/sys/zfs_context.h b/include/sys/zfs_context.h index fc15d70421..56824e84a4 100644 --- a/include/sys/zfs_context.h +++ b/include/sys/zfs_context.h @@ -738,6 +738,7 @@ extern int zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr); extern int zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr); extern int zfs_secpolicy_destroy_perms(const char *name, cred_t *cr); +extern int secpolicy_zfs(const cred_t *cr); extern zoneid_t getzoneid(void); /* SID stuff */ diff --git a/lib/libspl/include/Makefile.am b/lib/libspl/include/Makefile.am index 626a8f46b0..7882c1b9c6 100644 --- a/lib/libspl/include/Makefile.am +++ b/lib/libspl/include/Makefile.am @@ -12,7 +12,6 @@ libspl_HEADERS = \ $(top_srcdir)/lib/libspl/include/limits.h \ $(top_srcdir)/lib/libspl/include/locale.h \ $(top_srcdir)/lib/libspl/include/note.h \ - $(top_srcdir)/lib/libspl/include/priv.h \ $(top_srcdir)/lib/libspl/include/statcommon.h \ $(top_srcdir)/lib/libspl/include/stdio.h \ $(top_srcdir)/lib/libspl/include/stdlib.h \ diff --git a/lib/libspl/include/priv.h b/lib/libspl/include/priv.h deleted file mode 100644 index 15b76a4006..0000000000 --- a/lib/libspl/include/priv.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#ifndef _LIBSPL_PRIV_H -#define _LIBSPL_PRIV_H - -#include - -/* Couldn't find this definition in OpenGrok */ -#define PRIV_SYS_CONFIG "sys_config" - -/* - * priv_op_t indicates a privilege operation type - */ -typedef enum priv_op { - PRIV_ON, - PRIV_OFF, - PRIV_SET -} priv_op_t; - -static inline boolean_t priv_ineffect(const char *priv) { return B_TRUE; } - -#endif diff --git a/lib/libzfs/libzfs_dataset.c b/lib/libzfs/libzfs_dataset.c index cc26927eb1..87f79a5329 100644 --- a/lib/libzfs/libzfs_dataset.c +++ b/lib/libzfs/libzfs_dataset.c @@ -43,7 +43,6 @@ #include #include #include -#include #include #include #include diff --git a/lib/libzpool/kernel.c b/lib/libzpool/kernel.c index 5d6bdf2510..800cdd7d7c 100644 --- a/lib/libzpool/kernel.c +++ b/lib/libzpool/kernel.c @@ -1306,6 +1306,12 @@ zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) return (0); } +int +secpolicy_zfs(const cred_t *cr) +{ + return (0); +} + ksiddomain_t * ksid_lookupdomain(const char *dom) { diff --git a/man/man8/zfs.8 b/man/man8/zfs.8 index 30660a60d5..4e3fa54a87 100644 --- a/man/man8/zfs.8 +++ b/man/man8/zfs.8 @@ -2933,6 +2933,11 @@ Force a rollback of the file system to the most recent snapshot before performin .sp .6 .RS 4n Displays permissions that have been delegated on the specified filesystem or volume. See the other forms of \fBzfs allow\fR for more information. +.sp +Delegations are supported under Linux with the exception of \fBmount\fR, +\fBunmount\fR, \fBmountpoint\fR, \fBcanmount\fR, \fBrename\fR, and \fBshare\fR. +These permissions cannot be delegated because the Linux \fBmount(8)\fR command +restricts modifications of the global namespace to the root user. .RE .sp @@ -3584,9 +3589,6 @@ If you are using \fBDNS\fR for host name resolution, specify the fully qualified .LP \fBExample 17 \fRDelegating ZFS Administration Permissions on a ZFS Dataset .sp -.LP -This is not currently supported on Linux. -.sp The following example shows how to set permissions so that user \fBcindys\fR can create, destroy, mount, and take snapshots on \fBtank/cindys\fR. The permissions on \fBtank/cindys\fR are also displayed. .sp diff --git a/module/zfs/Makefile.in b/module/zfs/Makefile.in index f33faf157c..33f923ffd5 100644 --- a/module/zfs/Makefile.in +++ b/module/zfs/Makefile.in @@ -43,6 +43,7 @@ $(MODULE)-objs += lz4.o $(MODULE)-objs += metaslab.o $(MODULE)-objs += multilist.o $(MODULE)-objs += pathname.o +$(MODULE)-objs += policy.o $(MODULE)-objs += range_tree.o $(MODULE)-objs += refcount.o $(MODULE)-objs += rrwlock.o diff --git a/module/zfs/dmu_objset.c b/module/zfs/dmu_objset.c index f9c534eb57..c8a4351858 100644 --- a/module/zfs/dmu_objset.c +++ b/module/zfs/dmu_objset.c @@ -52,6 +52,7 @@ #include #include #include +#include /* * Needed to close a window in dnode_move() that allows the objset to be freed diff --git a/module/zfs/dmu_send.c b/module/zfs/dmu_send.c index 7dc62dc208..896a84b507 100644 --- a/module/zfs/dmu_send.c +++ b/module/zfs/dmu_send.c @@ -56,6 +56,7 @@ #include #include #include +#include /* Set this tunable to TRUE to replace corrupt data with 0x2f5baddb10c */ int zfs_send_corrupt_data = B_FALSE; diff --git a/module/zfs/dsl_dataset.c b/module/zfs/dsl_dataset.c index 230027daf9..9c275b234c 100644 --- a/module/zfs/dsl_dataset.c +++ b/module/zfs/dsl_dataset.c @@ -51,6 +51,7 @@ #include #include #include +#include /* * The SPA supports block sizes up to 16MB. However, very large blocks diff --git a/module/zfs/policy.c b/module/zfs/policy.c new file mode 100644 index 0000000000..81629e0dc6 --- /dev/null +++ b/module/zfs/policy.c @@ -0,0 +1,303 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2013, Joyent, Inc. All rights reserved. + * Copyright (C) 2016 Lawrence Livermore National Security, LLC. + * + * For Linux the vast majority of this enforcement is already handled via + * the standard Linux VFS permission checks. However certain administrative + * commands which bypass the standard mechanisms may need to make use of + * this functionality. + */ + +#include +#include +#include + +/* + * The passed credentials cannot be directly verified because Linux only + * provides and interface to check the *current* proces credentials. In + * order to handle this the capable() test is only run when the passed + * credentials match the current process credentials or the kcred. In + * all other cases this function must fail and return the passed err. + */ +static int +priv_policy(const cred_t *cr, int capability, boolean_t all, int err) +{ + ASSERT3S(all, ==, B_FALSE); + + if (cr != CRED() && (cr != kcred)) + return (err); + + if (!capable(capability)) + return (err); + + return (0); +} + +/* + * Checks for operations that are either client-only or are used by + * both clients and servers. + */ +int +secpolicy_nfs(const cred_t *cr) +{ + return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EPERM)); +} + +/* + * Catch all system configuration. + */ +int +secpolicy_sys_config(const cred_t *cr, boolean_t checkonly) +{ + return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EPERM)); +} + +/* + * Like secpolicy_vnode_access() but we get the actual wanted mode and the + * current mode of the file, not the missing bits. + * + * Enforced in the Linux VFS. + */ +int +secpolicy_vnode_access2(const cred_t *cr, struct inode *ip, uid_t owner, + mode_t curmode, mode_t wantmode) +{ + return (0); +} + +/* + * This is a special routine for ZFS; it is used to determine whether + * any of the privileges in effect allow any form of access to the + * file. There's no reason to audit this or any reason to record + * this. More work is needed to do the "KPLD" stuff. + */ +int +secpolicy_vnode_any_access(const cred_t *cr, struct inode *ip, uid_t owner) +{ + if (crgetuid(cr) == owner) + return (0); + + if (zpl_inode_owner_or_capable(ip)) + return (0); + + if (priv_policy(cr, CAP_DAC_OVERRIDE, B_FALSE, EPERM) == 0) + return (0); + + if (priv_policy(cr, CAP_DAC_READ_SEARCH, B_FALSE, EPERM) == 0) + return (0); + + return (EPERM); +} + +/* + * Determine if subject can chown owner of a file. + */ +int +secpolicy_vnode_chown(const cred_t *cr, uid_t owner) +{ + if (crgetuid(cr) == owner) + return (0); + + return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM)); +} + +/* + * Determine if subject can change group ownership of a file. + */ +int +secpolicy_vnode_create_gid(const cred_t *cr) +{ + return (priv_policy(cr, CAP_SETGID, B_FALSE, EPERM)); +} + +/* + * Policy determines whether we can remove an entry from a directory, + * regardless of permission bits. + */ +int +secpolicy_vnode_remove(const cred_t *cr) +{ + return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM)); +} + +/* + * Determine that subject can modify the mode of a file. allzone privilege + * needed when modifying root owned object. + */ +int +secpolicy_vnode_setdac(const cred_t *cr, uid_t owner) +{ + if (crgetuid(cr) == owner) + return (0); + + return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM)); +} + +/* + * Are we allowed to retain the set-uid/set-gid bits when + * changing ownership or when writing to a file? + * "issuid" should be true when set-uid; only in that case + * root ownership is checked (setgid is assumed). + * + * Enforced in the Linux VFS. + */ +int +secpolicy_vnode_setid_retain(const cred_t *cr, boolean_t issuidroot) +{ + return (0); +} + +/* + * Determine that subject can set the file setgid flag. + */ +int +secpolicy_vnode_setids_setgids(const cred_t *cr, gid_t gid) +{ + if (!groupmember(gid, cr)) + return (priv_policy(cr, CAP_FSETID, B_FALSE, EPERM)); + + return (0); +} + +/* + * Determine if the subject can inject faults in the ZFS fault injection + * framework. Requires all privileges. + */ +int +secpolicy_zinject(const cred_t *cr) +{ + return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EACCES)); +} + +/* + * Determine if the subject has permission to manipulate ZFS datasets + * (not pools). Equivalent to the SYS_MOUNT privilege. + */ +int +secpolicy_zfs(const cred_t *cr) +{ + return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EACCES)); +} + +void +secpolicy_setid_clear(vattr_t *vap, cred_t *cr) +{ + if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0 && + secpolicy_vnode_setid_retain(cr, + (vap->va_mode & S_ISUID) != 0 && + (vap->va_mask & AT_UID) != 0 && vap->va_uid == 0) != 0) { + vap->va_mask |= AT_MODE; + vap->va_mode &= ~(S_ISUID|S_ISGID); + } +} + +/* + * Determine that subject can set the file setid flags. + */ +static int +secpolicy_vnode_setid_modify(const cred_t *cr, uid_t owner) +{ + if (crgetuid(cr) == owner) + return (0); + + return (priv_policy(cr, CAP_FSETID, B_FALSE, EPERM)); +} + +/* + * Determine that subject can make a file a "sticky". + * + * Enforced in the Linux VFS. + */ +static int +secpolicy_vnode_stky_modify(const cred_t *cr) +{ + return (0); +} + +int +secpolicy_setid_setsticky_clear(struct inode *ip, vattr_t *vap, + const vattr_t *ovap, cred_t *cr) +{ + int error; + + if ((vap->va_mode & S_ISUID) != 0 && + (error = secpolicy_vnode_setid_modify(cr, + ovap->va_uid)) != 0) { + return (error); + } + + /* + * Check privilege if attempting to set the + * sticky bit on a non-directory. + */ + if (!S_ISDIR(ip->i_mode) && (vap->va_mode & S_ISVTX) != 0 && + secpolicy_vnode_stky_modify(cr) != 0) { + vap->va_mode &= ~S_ISVTX; + } + + /* + * Check for privilege if attempting to set the + * group-id bit. + */ + if ((vap->va_mode & S_ISGID) != 0 && + secpolicy_vnode_setids_setgids(cr, ovap->va_gid) != 0) { + vap->va_mode &= ~S_ISGID; + } + + return (0); +} + +/* + * Check privileges for setting xvattr attributes + */ +int +secpolicy_xvattr(xvattr_t *xvap, uid_t owner, cred_t *cr, vtype_t vtype) +{ + return (secpolicy_vnode_chown(cr, owner)); +} + +/* + * Check privileges for setattr attributes. + * + * Enforced in the Linux VFS. + */ +int +secpolicy_vnode_setattr(cred_t *cr, struct inode *ip, struct vattr *vap, + const struct vattr *ovap, int flags, + int unlocked_access(void *, int, cred_t *), void *node) +{ + return (0); +} + +/* + * Check privileges for links. + * + * Enforced in the Linux VFS. + */ +int +secpolicy_basic_link(const cred_t *cr) +{ + return (0); +} diff --git a/module/zfs/zfs_acl.c b/module/zfs/zfs_acl.c index 47cfd464b1..69a93a8b6a 100644 --- a/module/zfs/zfs_acl.c +++ b/module/zfs/zfs_acl.c @@ -1744,9 +1744,7 @@ zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr, int error; zfs_sb_t *zsb = ZTOZSB(dzp); zfs_acl_t *paclp; -#ifdef HAVE_KSID gid_t gid; -#endif /* HAVE_KSID */ boolean_t need_chmod = B_TRUE; boolean_t inherited = B_FALSE; @@ -1760,7 +1758,6 @@ zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr, acl_ids->z_fuid = vap->va_uid; acl_ids->z_fgid = vap->va_gid; -#ifdef HAVE_KSID /* * Determine uid and gid. */ @@ -1812,7 +1809,6 @@ zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr, } } } -#endif /* HAVE_KSID */ /* * If we're creating a directory, and the parent directory has the diff --git a/module/zfs/zfs_ctldir.c b/module/zfs/zfs_ctldir.c index 7d160f23d9..e47cfc878d 100644 --- a/module/zfs/zfs_ctldir.c +++ b/module/zfs/zfs_ctldir.c @@ -109,7 +109,7 @@ static krwlock_t zfs_snapshot_lock; * Control Directory Tunables (.zfs) */ int zfs_expire_snapshot = ZFSCTL_EXPIRE_SNAPSHOT; -int zfs_admin_snapshot = 0; +int zfs_admin_snapshot = 1; /* * Dedicated task queue for unmounting snapshots. @@ -490,7 +490,7 @@ zfsctl_inode_alloc(zfs_sb_t *zsb, uint64_t id, zp->z_is_stale = B_FALSE; ip->i_generation = 0; ip->i_ino = id; - ip->i_mode = (S_IFDIR | S_IRUGO | S_IXUGO); + ip->i_mode = (S_IFDIR | S_IRWXUGO); ip->i_uid = SUID_TO_KUID(0); ip->i_gid = SGID_TO_KGID(0); ip->i_blkbits = SPA_MINBLOCKSHIFT; diff --git a/module/zfs/zfs_fuid.c b/module/zfs/zfs_fuid.c index 6ca61b8724..d4916bf583 100644 --- a/module/zfs/zfs_fuid.c +++ b/module/zfs/zfs_fuid.c @@ -488,7 +488,6 @@ zfs_fuid_node_add(zfs_fuid_info_t **fuidpp, const char *domain, uint32_t rid, } } -#ifdef HAVE_KSID /* * Create a file system FUID, based on information in the users cred * @@ -501,6 +500,7 @@ uint64_t zfs_fuid_create_cred(zfs_sb_t *zsb, zfs_fuid_type_t type, cred_t *cr, zfs_fuid_info_t **fuidp) { +#ifdef HAVE_KSID uint64_t idx; ksid_t *ksid; uint32_t rid; @@ -540,8 +540,12 @@ zfs_fuid_create_cred(zfs_sb_t *zsb, zfs_fuid_type_t type, zfs_fuid_node_add(fuidp, kdomain, rid, idx, id, type); return (FUID_ENCODE(idx, rid)); -} +#else + VERIFY(type == ZFS_OWNER || type == ZFS_GROUP); + + return ((uint64_t)((type == ZFS_OWNER) ? crgetuid(cr) : crgetgid(cr))); #endif /* HAVE_KSID */ +} /* * Create a file system FUID for an ACL ace diff --git a/module/zfs/zfs_ioctl.c b/module/zfs/zfs_ioctl.c index 7969f525ef..c63af167af 100644 --- a/module/zfs/zfs_ioctl.c +++ b/module/zfs/zfs_ioctl.c @@ -186,12 +186,19 @@ #include #include +#include #include "zfs_namecheck.h" #include "zfs_prop.h" #include "zfs_deleg.h" #include "zfs_comutil.h" +/* + * Limit maximum nvlist size. We don't want users passing in insane values + * for zc->zc_nvlist_src_size, since we will need to allocate that much memory. + */ +#define MAX_NVLIST_SRC_SIZE KMALLOC_MAX_SIZE + kmutex_t zfsdev_state_lock; zfsdev_state_t *zfsdev_state_list; @@ -3182,8 +3189,25 @@ zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) if (error == 0) { error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, nvprops, outnvl); - if (error != 0) - (void) dsl_destroy_head(fsname); + if (error != 0) { + spa_t *spa; + int error2; + + /* + * Volumes will return EBUSY and cannot be destroyed + * until all asynchronous minor handling has completed. + * Wait for the spa_zvol_taskq to drain then retry. + */ + error2 = dsl_destroy_head(fsname); + while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) { + error2 = spa_open(fsname, &spa, FTAG); + if (error2 == 0) { + taskq_wait(spa->spa_zvol_taskq); + spa_close(spa, FTAG); + } + error2 = dsl_destroy_head(fsname); + } + } } return (error); } @@ -5795,7 +5819,23 @@ zfsdev_ioctl(struct file *filp, unsigned cmd, unsigned long arg) } zc->zc_iflags = flag & FKIOCTL; - if (zc->zc_nvlist_src_size != 0) { + if (zc->zc_nvlist_src_size > MAX_NVLIST_SRC_SIZE) { + /* + * Make sure the user doesn't pass in an insane value for + * zc_nvlist_src_size. We have to check, since we will end + * up allocating that much memory inside of get_nvlist(). This + * prevents a nefarious user from allocating tons of kernel + * memory. + * + * Also, we return EINVAL instead of ENOMEM here. The reason + * being that returning ENOMEM from an ioctl() has a special + * connotation; that the user's size value is too small and + * needs to be expanded to hold the nvlist. See + * zcmd_expand_dst_nvlist() for details. + */ + error = SET_ERROR(EINVAL); /* User's size too big */ + + } else if (zc->zc_nvlist_src_size != 0) { error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, zc->zc_iflags, &innvl); if (error != 0) diff --git a/scripts/common.sh.in b/scripts/common.sh.in index 27ba88fae7..9727363d55 100644 --- a/scripts/common.sh.in +++ b/scripts/common.sh.in @@ -148,17 +148,6 @@ populate() { } init() { - # Disable the udev rule 90-zfs.rules to prevent the zfs module - # stack from being loaded due to the detection of a zfs device. - # This is important because the test scripts require full control - # over when and how the modules are loaded/unloaded. A trap is - # set to ensure the udev rule is correctly replaced on exit. - local RULE=${udevruledir}/90-zfs.rules - if test -e ${RULE}; then - trap "mv ${RULE}.disabled ${RULE}" INT TERM EXIT - mv ${RULE} ${RULE}.disabled - fi - # Create a random directory tree of files and sub-directories to # to act as a copy source for the various regression tests. SRC_DIR=`mktemp -d -p /var/tmp/ zfs.src.XXXXXXXX` diff --git a/scripts/zconfig.sh b/scripts/zconfig.sh index 1908dc1d69..c2b97c2c55 100755 --- a/scripts/zconfig.sh +++ b/scripts/zconfig.sh @@ -63,6 +63,17 @@ fi # Initialize the test suite init +# Disable the udev rule 90-zfs.rules to prevent the zfs module +# stack from being loaded due to the detection of a zfs device. +# This is important because this test scripts require full control +# over when and how the modules are loaded/unloaded. A trap is +# set to ensure the udev rule is correctly replaced on exit. +RULE=${udevruledir}/90-zfs.rules +if test -e ${RULE}; then + trap "mv ${RULE}.disabled ${RULE}" INT TERM EXIT + mv ${RULE} ${RULE}.disabled +fi + # Perform pre-cleanup is requested if [ ${CLEANUP} ]; then ${ZFS_SH} -u diff --git a/tests/runfiles/linux.run b/tests/runfiles/linux.run index c9b882987b..ad20d352a3 100644 --- a/tests/runfiles/linux.run +++ b/tests/runfiles/linux.run @@ -19,10 +19,11 @@ post_user = root post = cleanup outputdir = /var/tmp/test_results -# DISABLED: -# posix_001_pos - needs investigation +# DISABLED: update to use ZFS_ACL_* variables and user_run helper. +# posix_001_pos +# posix_002_pos [tests/functional/acl/posix] -tests = ['posix_002_pos', 'posix_003_pos'] +tests = ['posix_003_pos'] [tests/functional/atime] tests = ['atime_001_pos', 'atime_002_neg', 'atime_003_pos'] @@ -346,34 +347,39 @@ tests = ['zpool_status_001_pos', 'zpool_status_002_pos'] # 'zpool_upgrade_006_neg', 'zpool_upgrade_007_pos', 'zpool_upgrade_008_pos', # 'zpool_upgrade_009_neg'] -# DISABLED: nested pools -#[tests/functional/cli_user/misc] -#tests = ['zdb_001_neg', 'zfs_001_neg', 'zfs_allow_001_neg', -# 'zfs_clone_001_neg', 'zfs_create_001_neg', 'zfs_destroy_001_neg', -# 'zfs_get_001_neg', 'zfs_inherit_001_neg', 'zfs_mount_001_neg', -# 'zfs_promote_001_neg', 'zfs_receive_001_neg', 'zfs_rename_001_neg', -# 'zfs_rollback_001_neg', 'zfs_send_001_neg', 'zfs_set_001_neg', -# 'zfs_share_001_neg', 'zfs_snapshot_001_neg', 'zfs_unallow_001_neg', -# 'zfs_unmount_001_neg', 'zfs_unshare_001_neg', 'zfs_upgrade_001_neg', -# 'zpool_001_neg', 'zpool_add_001_neg', 'zpool_attach_001_neg', -# 'zpool_clear_001_neg', 'zpool_create_001_neg', 'zpool_destroy_001_neg', -# 'zpool_detach_001_neg', 'zpool_export_001_neg', 'zpool_get_001_neg', -# 'zpool_history_001_neg', 'zpool_import_001_neg', 'zpool_import_002_neg', -# 'zpool_offline_001_neg', 'zpool_online_001_neg', 'zpool_remove_001_neg', -# 'zpool_replace_001_neg', 'zpool_scrub_001_neg', 'zpool_set_001_neg', -# 'zpool_status_001_neg', 'zpool_upgrade_001_neg'] -#user = zfs-tests +# DISABLED: +# zfs_share_001_neg - requires additional dependencies +# zfs_unshare_001_neg - requires additional dependencies +[tests/functional/cli_user/misc] +tests = ['zdb_001_neg', 'zfs_001_neg', 'zfs_allow_001_neg', + 'zfs_clone_001_neg', 'zfs_create_001_neg', 'zfs_destroy_001_neg', + 'zfs_get_001_neg', 'zfs_inherit_001_neg', 'zfs_mount_001_neg', + 'zfs_promote_001_neg', 'zfs_receive_001_neg', 'zfs_rename_001_neg', + 'zfs_rollback_001_neg', 'zfs_send_001_neg', 'zfs_set_001_neg', + 'zfs_snapshot_001_neg', 'zfs_unallow_001_neg', + 'zfs_unmount_001_neg', 'zfs_upgrade_001_neg', + 'zpool_001_neg', 'zpool_add_001_neg', 'zpool_attach_001_neg', + 'zpool_clear_001_neg', 'zpool_create_001_neg', 'zpool_destroy_001_neg', + 'zpool_detach_001_neg', 'zpool_export_001_neg', 'zpool_get_001_neg', + 'zpool_history_001_neg', 'zpool_import_001_neg', 'zpool_import_002_neg', + 'zpool_offline_001_neg', 'zpool_online_001_neg', 'zpool_remove_001_neg', + 'zpool_replace_001_neg', 'zpool_scrub_001_neg', 'zpool_set_001_neg', + 'zpool_status_001_neg', 'zpool_upgrade_001_neg'] +user = [tests/functional/cli_user/zfs_list] tests = ['zfs_list_001_pos', 'zfs_list_002_pos', 'zfs_list_003_pos', 'zfs_list_004_neg', 'zfs_list_007_pos', 'zfs_list_008_neg'] +user = [tests/functional/cli_user/zpool_iostat] tests = ['zpool_iostat_001_neg', 'zpool_iostat_002_pos', 'zpool_iostat_003_neg', 'zpool_iostat_004_pos'] +user = [tests/functional/cli_user/zpool_list] tests = ['zpool_list_001_pos', 'zpool_list_002_neg'] +user = [tests/functional/compression] tests = ['compress_001_pos', 'compress_002_pos', 'compress_003_pos', @@ -382,15 +388,14 @@ tests = ['compress_001_pos', 'compress_002_pos', 'compress_003_pos', [tests/functional/ctime] tests = ['ctime_001_pos' ] -# DISABLED: Linux does not yet support delegations. -#[tests/functional/delegate] -#tests = ['zfs_allow_001_pos', 'zfs_allow_002_pos', -# 'zfs_allow_004_pos', 'zfs_allow_005_pos', 'zfs_allow_006_pos', -# 'zfs_allow_007_pos', 'zfs_allow_008_pos', 'zfs_allow_009_neg', -# 'zfs_allow_010_pos', 'zfs_allow_011_neg', 'zfs_allow_012_neg', -# 'zfs_unallow_001_pos', 'zfs_unallow_002_pos', 'zfs_unallow_003_pos', -# 'zfs_unallow_004_pos', 'zfs_unallow_005_pos', 'zfs_unallow_006_pos', -# 'zfs_unallow_007_neg', 'zfs_unallow_008_neg'] +[tests/functional/delegate] +tests = ['zfs_allow_001_pos', 'zfs_allow_002_pos', + 'zfs_allow_004_pos', 'zfs_allow_005_pos', 'zfs_allow_006_pos', + 'zfs_allow_007_pos', 'zfs_allow_008_pos', 'zfs_allow_009_neg', + 'zfs_allow_010_pos', 'zfs_allow_011_neg', 'zfs_allow_012_neg', + 'zfs_unallow_001_pos', 'zfs_unallow_002_pos', 'zfs_unallow_003_pos', + 'zfs_unallow_004_pos', 'zfs_unallow_005_pos', 'zfs_unallow_006_pos', + 'zfs_unallow_007_neg', 'zfs_unallow_008_neg'] # DISABLED: # devices_001_pos - needs investigation diff --git a/tests/test-runner/cmd/test-runner.py b/tests/test-runner/cmd/test-runner.py index dd6a3c7b67..ad1afff806 100755 --- a/tests/test-runner/cmd/test-runner.py +++ b/tests/test-runner/cmd/test-runner.py @@ -158,6 +158,10 @@ class Cmd(object): me = getpwuid(os.getuid()) if not user or user is me: + if os.path.isfile(cmd+'.ksh') and os.access(cmd+'.ksh', os.X_OK): + cmd += '.ksh' + if os.path.isfile(cmd+'.sh') and os.access(cmd+'.sh', os.X_OK): + cmd += '.sh' return cmd if not os.path.isfile(cmd): @@ -207,10 +211,11 @@ class Cmd(object): except OSError, e: fail('%s' % e) + self.result.starttime = time() + proc = Popen(privcmd, stdout=PIPE, stderr=PIPE) + t = Timer(int(self.timeout), self.kill_cmd, [proc]) + try: - self.result.starttime = time() - proc = Popen(privcmd, stdout=PIPE, stderr=PIPE) - t = Timer(int(self.timeout), self.kill_cmd, [proc]) t.start() self.result.stdout, self.result.stderr = self.collect_output(proc) except KeyboardInterrupt: diff --git a/tests/zfs-tests/include/libtest.shlib b/tests/zfs-tests/include/libtest.shlib index 1ac3d06411..a9236a3bc7 100644 --- a/tests/zfs-tests/include/libtest.shlib +++ b/tests/zfs-tests/include/libtest.shlib @@ -1876,6 +1876,14 @@ function add_user # log_must $USERADD -g $gname -d $basedir/$uname -m $uname + # Add new users to the same group and the command line utils. + # This allows them to be run out of the original users home + # directory as long as it permissioned to be group readable. + if is_linux; then + cmd_group=$(stat --format="%G" $ZFS) + log_must $USERMOD -a -G $cmd_group $uname + fi + return 0 } @@ -1919,15 +1927,11 @@ function add_group # # Assign 100 as the base gid, a larger value is selected for # Linux because for many distributions 1000 and under are reserved. if is_linux; then - typeset -i gid=1500 - while true; do - $GROUPADD -g $gid $group > /dev/null 2>&1 + $GROUPADD $group > /dev/null 2>&1 typeset -i ret=$? case $ret in 0) return 0 ;; - # The gid is not unique - 9) ((gid += 1)) ;; *) return 1 ;; esac done @@ -2592,6 +2596,7 @@ function user_run typeset user=$1 shift + log_note "user:$user $@" eval \$SU \$user -c \"$@\" > /tmp/out 2>/tmp/err return $? } diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/cleanup.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/cleanup.ksh index 77090baafb..4bb4991103 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/cleanup.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/cleanup.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg if poolexists $TESTPOOL.virt then diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/misc.cfg b/tests/zfs-tests/tests/functional/cli_user/misc/misc.cfg index 55d38e824f..8054f0ed86 100644 --- a/tests/zfs-tests/tests/functional/cli_user/misc/misc.cfg +++ b/tests/zfs-tests/tests/functional/cli_user/misc/misc.cfg @@ -28,33 +28,59 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -# these are the set of setable ZFS properties -PROP_NAMES="\ - aclinherit aclmode atime \ - checksum compression devices \ - exec mountpoint quota readonly \ - recordsize reservation setuid sharenfs \ - snapdir" +if is_linux; then + # these are the set of setable ZFS properties + PROP_NAMES="\ + aclinherit acltype atime \ + checksum compression devices \ + exec mountpoint quota readonly \ + recordsize reservation setuid \ + snapdir" -# these are a set of values we apply, for use when testing the -# zfs get/set subcommands - ordered as per the list above so we -# can iterate over both sets in an array -PROP_VALS="\ - secure discard on \ - fletcher2 on on \ - on legacy none on \ - 128k none on on \ - visible" + # these are a set of values we apply, for use when testing the + # zfs get/set subcommands - ordered as per the list above so we + # can iterate over both sets in an array + PROP_VALS="\ + secure posixacl on \ + fletcher2 on on \ + on legacy none on \ + 128k none on \ + visible" -# these are an alternate set of property values -PROP_ALTVALS="\ - noallow groupmask off \ - fletcher4 lzjb off \ - off /tmp/zfstest 100m off \ - 512 10m off off \ - hidden" + # these are an alternate set of property values + PROP_ALTVALS="\ + noallow noacl off \ + fletcher4 lzjb off \ + off /tmp/zfstest 100m off \ + 512 10m off \ + hidden" +else + # these are the set of setable ZFS properties + PROP_NAMES="\ + aclinherit aclmode atime \ + checksum compression devices \ + exec mountpoint quota readonly \ + recordsize reservation setuid sharenfs \ + snapdir" + # these are a set of values we apply, for use when testing the + # zfs get/set subcommands - ordered as per the list above so we + # can iterate over both sets in an array + PROP_VALS="\ + secure discard on \ + fletcher2 on on \ + on legacy none on \ + 128k none on on \ + visible" + # these are an alternate set of property values + PROP_ALTVALS="\ + noallow noacl off \ + fletcher4 lzjb off \ + off /tmp/zfstest 100m off \ + 512 10m off off \ + hidden" +fi # additional properties to worry about: canmount copies xattr zoned version diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/setup.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/setup.ksh index e651acb031..ac5b93472a 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/setup.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/setup.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # This setup script is moderately complex, as it creates scenarios for all # of the tests included in this directory. Usually we'd want each test case @@ -95,7 +95,7 @@ done log_must $ZFS create $TESTPOOL/$TESTFS/renameme -if is_global_zone +if is_global_zone && !is_linux then # create a filesystem we can share log_must $ZFS create $TESTPOOL/$TESTFS/unshared @@ -153,7 +153,7 @@ then done # copy a v1 pool from cli_root - $CP $STF_SUITE/tests/functional/cli_root/zpool_upgrade/blockfiles/zfs-pool-v1.dat.bz2 \ + $CP $STF_SUITE/tests/functional/cli_root/zpool_upgrade/zfs-pool-v1.dat.bz2 \ /$TESTDIR log_must $BUNZIP2 /$TESTDIR/zfs-pool-v1.dat.bz2 log_must $ZPOOL import -d /$TESTDIR v1-pool diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zdb_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zdb_001_neg.ksh index 876f1e0d26..4e4276f74a 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zdb_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zdb_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_001_neg.ksh index 5edf7350ac..f055e2bfea 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_allow_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_allow_001_neg.ksh index 0fb22e0197..40f99378b3 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_allow_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_allow_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_clone_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_clone_001_neg.ksh index 406f913051..ccf5b4db32 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_clone_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_clone_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_create_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_create_001_neg.ksh index 579771e840..2b5d9bfe31 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_create_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_create_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_destroy_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_destroy_001_neg.ksh index d7a23acedf..3beb68f6cb 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_destroy_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_destroy_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_get_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_get_001_neg.ksh index 70b468117b..c2d61a2878 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_get_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_get_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_inherit_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_inherit_001_neg.ksh index d68cec6e5b..61b9c87873 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_inherit_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_inherit_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_mount_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_mount_001_neg.ksh index ecf356228c..d324f1c490 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_mount_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_mount_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_promote_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_promote_001_neg.ksh index 579ee93776..d6b17183be 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_promote_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_promote_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_receive_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_receive_001_neg.ksh index 7ea4a47971..ae07fef849 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_receive_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_receive_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_rename_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_rename_001_neg.ksh index 20b017fb0e..118b420512 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_rename_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_rename_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_rollback_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_rollback_001_neg.ksh index ecc95c1313..02f3422b6a 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_rollback_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_rollback_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_send_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_send_001_neg.ksh index 0b92ed355b..0e3af12913 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_send_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_send_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_set_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_set_001_neg.ksh index 1f1a8bdc5f..9f1c57cd83 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_set_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_set_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_share_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_share_001_neg.ksh index 0f45f507f5..4127234ee9 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_share_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_share_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_snapshot_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_snapshot_001_neg.ksh index f473c5e83c..88183b1409 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_snapshot_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_snapshot_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_unallow_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_unallow_001_neg.ksh index 84dc938708..106e0f87c1 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_unallow_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_unallow_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_unmount_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_unmount_001_neg.ksh index 22a3d75e07..e0c703f900 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_unmount_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_unmount_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_unshare_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_unshare_001_neg.ksh index 069279cad8..4849244d84 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_unshare_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_unshare_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_upgrade_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_upgrade_001_neg.ksh index 0053871dc2..290827d14f 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zfs_upgrade_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zfs_upgrade_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_001_neg.ksh index 447fc9705b..e4512bc493 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_add_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_add_001_neg.ksh index d02dd0b9e3..9858f28849 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_add_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_add_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: @@ -50,13 +50,21 @@ ADD_DISK="${ADD_DISK##* }" [[ -z $ADD_DISK ]] && \ log_fail "No spare disks available." -set -A args "add" "add -f" "add -n" \ - "add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \ - "add -fn $TESTPOOL" "add -nf $TESTPOOL" \ - "add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK" \ - "add -n $TESTPOOL $ADD_DISK" \ - "add -fn $TESTPOOL $ADD_DISK" \ - "add -nf $TESTPOOL $ADD_DISK" \ +# Under Linux dry-run commands have no legitimate reason to fail. +if is_linux; then + set -A args "add" "add -f" "add -n" \ + "add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \ + "add -fn $TESTPOOL" "add -nf $TESTPOOL" \ + "add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK" +else + set -A args "add" "add -f" "add -n" \ + "add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \ + "add -fn $TESTPOOL" "add -nf $TESTPOOL" \ + "add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK" \ + "add -n $TESTPOOL $ADD_DISK" \ + "add -fn $TESTPOOL $ADD_DISK" \ + "add -nf $TESTPOOL $ADD_DISK" +fi log_assert "zpool add [-fn] pool_name vdev" diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_attach_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_attach_001_neg.ksh index 59254ea459..e1d883d28b 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_attach_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_attach_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_clear_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_clear_001_neg.ksh index 0a6bb8c0b3..0100bed1cc 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_clear_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_clear_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_create_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_create_001_neg.ksh index f77df30a09..592c51a100 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_create_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_create_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: @@ -50,13 +50,21 @@ ADD_DISK="${ADD_DISK##* }" [[ -z $ADD_DISK ]] && \ log_fail "No spare disks available." -set -A args "create" "create -f" "create -n" \ - "create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \ - "create -fn $TESTPOOL" "create -nf $TESTPOOL" \ - "create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK" \ - "create -n $TESTPOOL $ADD_DISK" \ - "create -fn $TESTPOOL $ADD_DISK" \ - "create -nf $TESTPOOL $ADD_DISK" +# Under Linux dry-run commands have no legitimate reason to fail. +if is_linux; then + set -A args "create" "create -f" "create -n" \ + "create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \ + "create -fn $TESTPOOL" "create -nf $TESTPOOL" \ + "create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK" +else + set -A args "create" "create -f" "create -n" \ + "create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \ + "create -fn $TESTPOOL" "create -nf $TESTPOOL" \ + "create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK" \ + "create -n $TESTPOOL $ADD_DISK" \ + "create -fn $TESTPOOL $ADD_DISK" \ + "create -nf $TESTPOOL $ADD_DISK" +fi log_assert "zpool create [-fn] pool_name vdev" diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_destroy_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_destroy_001_neg.ksh index 8d28f70935..4deb2281a2 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_destroy_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_destroy_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_detach_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_detach_001_neg.ksh index 849308dd66..c5e8ab12b0 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_detach_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_detach_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_export_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_export_001_neg.ksh index 6d44be7227..49151909fc 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_export_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_export_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_get_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_get_001_neg.ksh index 6965a58bd5..697ec6ea5c 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_get_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_get_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_history_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_history_001_neg.ksh index b29d083ac0..9a304b7e6f 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_history_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_history_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_import_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_import_001_neg.ksh index c73c12f482..b15a451ff9 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_import_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_import_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_import_002_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_import_002_neg.ksh index 011cd1c030..dfcef4dd19 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_import_002_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_import_002_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_offline_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_offline_001_neg.ksh index 6fa03c4272..952c921fe8 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_offline_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_offline_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_online_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_online_001_neg.ksh index db886eb730..36d3aef3a0 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_online_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_online_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_remove_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_remove_001_neg.ksh index 7e93bc0a46..38acd5f4d6 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_remove_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_remove_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_replace_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_replace_001_neg.ksh index 12576bf03e..b933d41954 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_replace_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_replace_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_scrub_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_scrub_001_neg.ksh index abbdcd6ca2..ddc06f88f8 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_scrub_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_scrub_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_set_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_set_001_neg.ksh index e353d2dd8c..bcf3a908a5 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_set_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_set_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_status_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_status_001_neg.ksh index 54806b50af..42111a6a1d 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_status_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_status_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_upgrade_001_neg.ksh b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_upgrade_001_neg.ksh index 2dc02b7f69..02c33ca152 100755 --- a/tests/zfs-tests/tests/functional/cli_user/misc/zpool_upgrade_001_neg.ksh +++ b/tests/zfs-tests/tests/functional/cli_user/misc/zpool_upgrade_001_neg.ksh @@ -29,8 +29,8 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # -. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg . $STF_SUITE/include/libtest.shlib +. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg # # DESCRIPTION: diff --git a/tests/zfs-tests/tests/functional/delegate/cleanup.ksh b/tests/zfs-tests/tests/functional/delegate/cleanup.ksh index c0a3e34d64..e14979d654 100755 --- a/tests/zfs-tests/tests/functional/delegate/cleanup.ksh +++ b/tests/zfs-tests/tests/functional/delegate/cleanup.ksh @@ -29,14 +29,17 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # +. $STF_SUITE/include/libtest.shlib . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib cleanup_user_group -# restore the state of svc:/network/nis/client:default -if [[ -e $NISSTAFILE ]]; then - log_must $SVCADM enable svc:/network/nis/client:default - log_must $RM -f $NISSTAFILE +if ! is_linux; then + # restore the state of svc:/network/nis/client:default + if [[ -e $NISSTAFILE ]]; then + log_must $SVCADM enable svc:/network/nis/client:default + log_must $RM -f $NISSTAFILE + fi fi default_cleanup diff --git a/tests/zfs-tests/tests/functional/delegate/delegate.cfg b/tests/zfs-tests/tests/functional/delegate/delegate.cfg index 57ec0a582c..aaa6760483 100644 --- a/tests/zfs-tests/tests/functional/delegate/delegate.cfg +++ b/tests/zfs-tests/tests/functional/delegate/delegate.cfg @@ -40,9 +40,22 @@ export OTHER2=other2 export EVERYONE="$STAFF1 $STAFF2 $OTHER1 $OTHER2" -export LOCAL_SET="snapshot" -export LOCAL_DESC_SET="readonly,checksum" -export DESC_SET="compression" +# +# 'readonly' is disabled for Linux because it requires remounting the +# filesystem which is restricted to root for older versions of mount(8). +# +if is_linux; then + LOCAL_SET="snapshot" + LOCAL_DESC_SET="checksum" + DESC_SET="compression" +else + LOCAL_SET="snapshot" + LOCAL_DESC_SET="readonly,checksum" + DESC_SET="compression" +fi +export LOCAL_SET +export LOCAL_DESC_SET +export DESC_SET export TESTVOL=testvol.delegate export VOLSIZE=150m diff --git a/tests/zfs-tests/tests/functional/delegate/delegate_common.kshlib b/tests/zfs-tests/tests/functional/delegate/delegate_common.kshlib index d4b7733355..c90329ce11 100644 --- a/tests/zfs-tests/tests/functional/delegate/delegate_common.kshlib +++ b/tests/zfs-tests/tests/functional/delegate/delegate_common.kshlib @@ -63,6 +63,7 @@ function restore_root_datasets log_must $ZFS destroy -Rf $ROOT_TESTVOL fi log_must $ZFS create -V $VOLSIZE $ROOT_TESTVOL + block_device_wait fi return 0 @@ -101,6 +102,7 @@ function verify_perm ret=$? fi + log_note "Check $type $user $perm $dtst" if ((ret != 0)) ; then log_note "Fail: $user should have $perm " \ "on $dtst" @@ -376,7 +378,7 @@ function verify_send typeset dtst=$3 typeset oldval - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset snap=$dtst@snap.$stamp typeset -i ret=1 @@ -405,7 +407,7 @@ function verify_fs_receive typeset fs=$3 typeset dtst - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset newfs=$fs/newfs.$stamp typeset newvol=$fs/newvol.$stamp typeset bak_user=/tmp/bak.$user.$stamp @@ -415,6 +417,7 @@ function verify_fs_receive typeset datasets="$newfs" if is_global_zone ; then log_must $ZFS create -V $VOLSIZE $newvol + block_device_wait datasets="$newfs $newvol" fi @@ -476,7 +479,7 @@ function verify_userprop typeset perm=$2 typeset dtst=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') user_run $user $ZFS set "$user:ts=$stamp" $dtst if [[ $stamp != $(get_prop "$user:ts" $dtst) ]]; then @@ -560,7 +563,7 @@ function verify_fs_create typeset perm=$2 typeset fs=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset newfs=$fs/nfs.$stamp typeset newvol=$fs/nvol.$stamp @@ -581,6 +584,7 @@ function verify_fs_create if is_global_zone ; then # mount permission is required for sparse volume user_run $user $ZFS create -V 150m -s $newvol + block_device_wait if datasetexists $newvol ; then return 1 fi @@ -591,17 +595,22 @@ function verify_fs_create if ! datasetexists $newvol ; then return 1 fi + + block_device_wait log_must $ZFS destroy $newvol + block_device_wait # mount and reserveration permission are # required for normal volume user_run $user $ZFS create -V 150m $newvol + block_device_wait if datasetexists $newvol ; then return 1 fi log_must $ZFS allow $user mount $fs user_run $user $ZFS create -V 150m $newvol + block_device_wait log_must $ZFS unallow $user mount $fs if datasetexists $newvol ; then return 1 @@ -609,6 +618,7 @@ function verify_fs_create log_must $ZFS allow $user reservation $fs user_run $user $ZFS create -V 150m $newvol + block_device_wait log_must $ZFS unallow $user reservation $fs if datasetexists $newvol ; then return 1 @@ -616,6 +626,7 @@ function verify_fs_create log_must $ZFS allow $user refreservation $fs user_run $user $ZFS create -V 150m $newvol + block_device_wait log_must $ZFS unallow $user refreservation $fs if datasetexists $newvol ; then return 1 @@ -631,7 +642,10 @@ function verify_fs_create if ! datasetexists $newvol ; then return 1 fi + + block_device_wait log_must $ZFS destroy $newvol + block_device_wait fi return 0 @@ -677,7 +691,7 @@ function verify_fs_snapshot typeset perm=$2 typeset fs=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset snap=$fs@snap.$stamp typeset mntpt=$(get_prop mountpoint $fs) @@ -718,7 +732,7 @@ function verify_fs_rollback typeset fs=$3 typeset oldval - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset snap=$fs@snap.$stamp typeset mntpt=$(get_prop mountpoint $fs) @@ -751,7 +765,7 @@ function verify_fs_clone typeset perm=$2 typeset fs=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset basefs=${fs%/*} typeset snap=$fs@snap.$stamp typeset clone=$basefs/cfs.$stamp @@ -796,7 +810,7 @@ function verify_fs_rename typeset perm=$2 typeset fs=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset basefs=${fs%/*} typeset snap=$fs@snap.$stamp typeset renamefs=$basefs/nfs.$stamp @@ -879,7 +893,7 @@ function verify_fs_mount typeset perm=$2 typeset fs=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset mntpt=$(get_prop mountpoint $fs) typeset newmntpt=/tmp/mnt.$stamp @@ -947,7 +961,7 @@ function verify_fs_mountpoint typeset perm=$2 typeset fs=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset mntpt=$(get_prop mountpoint $fs) typeset newmntpt=/tmp/mnt.$stamp @@ -986,7 +1000,7 @@ function verify_fs_promote typeset perm=$2 typeset fs=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset basefs=${fs%/*} typeset snap=$fs@snap.$stamp typeset clone=$basefs/cfs.$stamp @@ -1042,7 +1056,7 @@ function verify_fs_canmount typeset fs=$3 typeset oldval - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') if ! ismounted $fs ; then set -A modes "on" "off" @@ -1338,7 +1352,7 @@ function verify_vol_snapshot typeset perm=$2 typeset vol=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset basevol=${vol%/*} typeset snap=$vol@snap.$stamp @@ -1363,7 +1377,7 @@ function verify_vol_rollback typeset perm=$2 typeset vol=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset basevol=${vol%/*} typeset snap=$vol@snap.$stamp @@ -1398,7 +1412,7 @@ function verify_vol_clone typeset perm=$2 typeset vol=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset basevol=${vol%/*} typeset snap=$vol@snap.$stamp typeset clone=$basevol/cvol.$stamp @@ -1444,7 +1458,7 @@ function verify_vol_rename typeset perm=$2 typeset vol=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset basevol=${vol%/*} typeset snap=$vol@snap.$stamp typeset clone=$basevol/cvol.$stamp @@ -1491,7 +1505,7 @@ function verify_vol_promote typeset perm=$2 typeset vol=$3 - typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S') + typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N') typeset basevol=${vol%/*} typeset snap=$vol@snap.$stamp typeset clone=$basevol/cvol.$stamp diff --git a/tests/zfs-tests/tests/functional/delegate/setup.ksh b/tests/zfs-tests/tests/functional/delegate/setup.ksh index 0e4a9ec294..6533f27cb9 100755 --- a/tests/zfs-tests/tests/functional/delegate/setup.ksh +++ b/tests/zfs-tests/tests/functional/delegate/setup.ksh @@ -29,15 +29,18 @@ # Copyright (c) 2013 by Delphix. All rights reserved. # +. $STF_SUITE/include/libtest.shlib . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib -# check svc:/network/nis/client:default state -# disable it if the state is ON -# and the state will be restored during cleanup.ksh -log_must $RM -f $NISSTAFILE -if [[ "ON" == $($SVCS -H -o sta svc:/network/nis/client:default) ]]; then - log_must $SVCADM disable -t svc:/network/nis/client:default - log_must $TOUCH $NISSTAFILE +if ! is_linux; then + # check svc:/network/nis/client:default state + # disable it if the state is ON + # and the state will be restored during cleanup.ksh + log_must $RM -f $NISSTAFILE + if [[ "ON" == $($SVCS -H -o sta svc:/network/nis/client:default) ]]; then + log_must $SVCADM disable -t svc:/network/nis/client:default + log_must $TOUCH $NISSTAFILE + fi fi cleanup_user_group diff --git a/tests/zfs-tests/tests/functional/delegate/zfs_allow_001_pos.ksh b/tests/zfs-tests/tests/functional/delegate/zfs_allow_001_pos.ksh index 32b1a8841a..14a3bc10e3 100755 --- a/tests/zfs-tests/tests/functional/delegate/zfs_allow_001_pos.ksh +++ b/tests/zfs-tests/tests/functional/delegate/zfs_allow_001_pos.ksh @@ -67,7 +67,7 @@ typeset perms="snapshot,reservation,compression,checksum,send,userprop" log_note "Create a user called 'everyone'." if ! $ID everyone > /dev/null 2>&1; then user_added="TRUE" - log_must $USERADD everyone + log_must add_user $STAFF_GROUP everyone fi for dtst in $DATASETS ; do log_must $ZFS allow everyone $perms $dtst @@ -75,7 +75,7 @@ for dtst in $DATASETS ; do done log_must restore_root_datasets if [[ $user_added == "TRUE" ]]; then - log_must $USERDEL everyone + log_must del_user everyone fi log_note "Created a group called 'everyone'." diff --git a/tests/zfs-tests/tests/functional/delegate/zfs_allow_002_pos.ksh b/tests/zfs-tests/tests/functional/delegate/zfs_allow_002_pos.ksh index 2da435eec3..e11051adfe 100755 --- a/tests/zfs-tests/tests/functional/delegate/zfs_allow_002_pos.ksh +++ b/tests/zfs-tests/tests/functional/delegate/zfs_allow_002_pos.ksh @@ -61,7 +61,7 @@ log_onexit cleanup eval set -A dataset $DATASETS typeset perms="snapshot,reservation,compression,checksum,send,userprop" -log_must $USERADD $STAFF_GROUP +log_must add_user $STAFF_GROUP $STAFF_GROUP for dtst in $DATASETS ; do log_must $ZFS allow $STAFF_GROUP $perms $dtst log_must verify_perm $dtst $perms $STAFF_GROUP diff --git a/tests/zfs-tests/tests/functional/delegate/zfs_allow_010_pos.ksh b/tests/zfs-tests/tests/functional/delegate/zfs_allow_010_pos.ksh index 397b1a568f..28b2b1dec1 100755 --- a/tests/zfs-tests/tests/functional/delegate/zfs_allow_010_pos.ksh +++ b/tests/zfs-tests/tests/functional/delegate/zfs_allow_010_pos.ksh @@ -48,10 +48,46 @@ log_assert "Verify privileged user has correct permissions once which was "\ "delegated to him in datasets" log_onexit restore_root_datasets +if is_linux; then # # Results in Results in # Permission Filesystem Volume # +# Removed for Linux: +# - mount - mount(8) does not permit non-superuser mounts +# - mountpoint - mount(8) does not permit non-superuser mounts +# - canmount - mount(8) does not permit non-superuser mounts +# - rename - mount(8) does not permit non-superuser mounts +# - zoned - zones are not supported +# - destroy - umount(8) does not permit non-superuser umounts +# - sharenfs - sharing requires superuser priviliges +# - share - sharing requires superuser priviliges +# - readonly - mount(8) does not permit non-superuser remounts +# +set -A perms create true false \ + snapshot true true \ + send true true \ + allow true true \ + quota true false \ + reservation true true \ + recordsize true false \ + checksum true true \ + compression true true \ + atime true false \ + devices true false \ + exec true false \ + volsize false true \ + setuid true false \ + snapdir true false \ + userprop true true \ + aclinherit true false \ + rollback true true \ + clone true true \ + promote true true \ + xattr true false \ + receive true false +else + set -A perms create true false \ snapshot true true \ mount true false \ @@ -82,11 +118,13 @@ set -A perms create true false \ xattr true false \ receive true false \ destroy true true + if is_global_zone; then typeset -i n=${#perms[@]} perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false" perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false" fi +fi for dtst in $DATASETS; do typeset -i k=1 diff --git a/tests/zfs-tests/tests/functional/delegate/zfs_allow_012_neg.ksh b/tests/zfs-tests/tests/functional/delegate/zfs_allow_012_neg.ksh index c33c29b99e..a64561b692 100755 --- a/tests/zfs-tests/tests/functional/delegate/zfs_allow_012_neg.ksh +++ b/tests/zfs-tests/tests/functional/delegate/zfs_allow_012_neg.ksh @@ -55,11 +55,19 @@ log_assert "Verify privileged user can not use permissions properly when " \ log_onexit cleanup +if is_linux; then +set -A perms create snapshot mount send allow quota reservation \ + recordsize mountpoint checksum compression canmount atime \ + devices exec volsize setuid readonly snapdir userprop \ + rollback clone rename promote \ + zoned xattr receive destroy +else set -A perms create snapshot mount send allow quota reservation \ recordsize mountpoint checksum compression canmount atime \ devices exec volsize setuid readonly snapdir userprop \ aclmode aclinherit rollback clone rename promote \ zoned xattr receive destroy sharenfs share +fi log_must $ZPOOL set delegation=off $TESTPOOL diff --git a/tests/zfs-tests/tests/functional/delegate/zfs_unallow_008_neg.ksh b/tests/zfs-tests/tests/functional/delegate/zfs_unallow_008_neg.ksh index 7cd824cdb4..b00119df6e 100755 --- a/tests/zfs-tests/tests/functional/delegate/zfs_unallow_008_neg.ksh +++ b/tests/zfs-tests/tests/functional/delegate/zfs_unallow_008_neg.ksh @@ -60,6 +60,13 @@ set -A badopts "everyone -e" "everyone -u $STAFF1" "everyone everyone" \ log_must setup_unallow_testenv +# +# The GNU getopt(3) implementation will reorder these arguments such the +# the parser can handle them and the test doesn't fail. POSIXLY_CORRECT +# is set to disable the reordering so the original test cases will fail. +# +export POSIXLY_CORRECT=1 + for dtst in $DATASETS ; do log_must $ZFS allow -c create $dtst @@ -72,4 +79,6 @@ for dtst in $DATASETS ; do # Causes test failure: neg_test user_run $STAFF1 $ZFS unallow $dtst done +unset POSIXLY_CORRECT + log_pass "zfs unallow can handle invalid arguments passed." diff --git a/udev/rules.d/90-zfs.rules.in b/udev/rules.d/90-zfs.rules.in index a2715d2e78..855c154040 100644 --- a/udev/rules.d/90-zfs.rules.in +++ b/udev/rules.d/90-zfs.rules.in @@ -7,6 +7,6 @@ ENV{ID_FS_TYPE}=="zfs_member", RUN+="/sbin/modprobe zfs" KERNEL=="null", SYMLINK+="root" SYMLINK=="null", SYMLINK+="root" -SUBSYSTEM=="misc", KERNEL=="zfs", RUN+="@sbindir@/zpool list" +SUBSYSTEM=="misc", KERNEL=="zfs", MODE="0666" LABEL="zfs_end"