Add `zfs allow` and `zfs unallow` support

ZFS allows for specific permissions to be delegated to normal users
with the `zfs allow` and `zfs unallow` commands.  In addition, non-
privileged users should be able to run all of the following commands:

  * zpool [list | iostat | status | get]
  * zfs [list | get]

Historically this functionality was not available on Linux.  In order
to add it the secpolicy_* functions needed to be implemented and mapped
to the equivalent Linux capability.  Only then could the permissions on
the `/dev/zfs` be relaxed and the internal ZFS permission checks used.

Even with this change some limitations remain.  Under Linux only the
root user is allowed to modify the namespace (unless it's a private
namespace).  This means the mount, mountpoint, canmount, unmount,
and remount delegations cannot be supported with the existing code.  It
may be possible to add this functionality in the future.

This functionality was validated with the cli_user and delegation test
cases from the ZFS Test Suite.  These tests exhaustively verify each
of the supported permissions which can be delegated and ensures only
an authorized user can perform it.

Two minor bug fixes were required for test-running.py.  First, the
Timer() object cannot be safely created in a `try:` block when there
is an unconditional `finally` block which references it.  Second,
when running as a normal user also check for scripts using the
both the .ksh and .sh suffixes.

Finally, existing users who are simulating delegations by setting
group permissions on the /dev/zfs device should revert that
customization when updating to a version with this change.

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Tony Hutter <hutter2@llnl.gov>
Closes #362 
Closes #434 
Closes #4100
Closes #4394 
Closes #4410 
Closes #4487
This commit is contained in:
Brian Behlendorf 2016-06-07 09:16:52 -07:00
parent 2627e75245
commit f74b821a66
78 changed files with 759 additions and 242 deletions

View File

@ -610,7 +610,12 @@ zfs_mount_and_share(libzfs_handle_t *hdl, const char *dataset, zfs_type_t type)
*/
if (zfs_prop_valid_for_type(ZFS_PROP_CANMOUNT, type, B_FALSE) &&
zfs_prop_get_int(zhp, ZFS_PROP_CANMOUNT) == ZFS_CANMOUNT_ON) {
if (zfs_mount(zhp, NULL, 0) != 0) {
if (geteuid() != 0) {
(void) fprintf(stderr, gettext("filesystem "
"successfully created, but it may only be "
"mounted by root\n"));
ret = 1;
} else if (zfs_mount(zhp, NULL, 0) != 0) {
(void) fprintf(stderr, gettext("filesystem "
"successfully created, but not mounted\n"));
ret = 1;

View File

@ -42,7 +42,6 @@
#include <string.h>
#include <strings.h>
#include <unistd.h>
#include <priv.h>
#include <pwd.h>
#include <zone.h>
#include <zfs_prop.h>
@ -2331,13 +2330,13 @@ zpool_do_import(int argc, char **argv)
(void) fprintf(stderr, gettext("too many arguments\n"));
usage(B_FALSE);
}
}
/*
* Check for the SYS_CONFIG privilege. We do this explicitly
* here because otherwise any attempt to discover pools will
* silently fail.
* Check for the effective uid. We do this explicitly here because
* otherwise any attempt to discover pools will silently fail.
*/
if (argc == 0 && !priv_ineffect(PRIV_SYS_CONFIG)) {
if (argc == 0 && geteuid() != 0) {
(void) fprintf(stderr, gettext("cannot "
"discover pools: permission denied\n"));
if (searchdirs != NULL)
@ -2346,7 +2345,6 @@ zpool_do_import(int argc, char **argv)
nvlist_free(policy);
return (1);
}
}
/*
* Depending on the arguments given, we do one of the following:

View File

@ -39,6 +39,7 @@ COMMON_H = \
$(top_srcdir)/include/sys/nvpair.h \
$(top_srcdir)/include/sys/nvpair_impl.h \
$(top_srcdir)/include/sys/pathname.h \
$(top_srcdir)/include/sys/policy.h \
$(top_srcdir)/include/sys/range_tree.h \
$(top_srcdir)/include/sys/refcount.h \
$(top_srcdir)/include/sys/rrwlock.h \

60
include/sys/policy.h Normal file
View File

@ -0,0 +1,60 @@
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright 2015, Joyent, Inc. All rights reserved.
* Copyright (c) 2016, Lawrence Livermore National Security, LLC.
*/
#ifndef _SYS_POLICY_H
#define _SYS_POLICY_H
#ifdef _KERNEL
#include <sys/cred.h>
#include <sys/types.h>
#include <sys/xvattr.h>
#include <sys/zpl.h>
int secpolicy_nfs(const cred_t *);
int secpolicy_sys_config(const cred_t *, boolean_t);
int secpolicy_vnode_access2(const cred_t *, struct inode *,
uid_t, mode_t, mode_t);
int secpolicy_vnode_any_access(const cred_t *, struct inode *, uid_t);
int secpolicy_vnode_chown(const cred_t *, uid_t);
int secpolicy_vnode_create_gid(const cred_t *);
int secpolicy_vnode_remove(const cred_t *);
int secpolicy_vnode_setdac(const cred_t *, uid_t);
int secpolicy_vnode_setid_retain(const cred_t *, boolean_t);
int secpolicy_vnode_setids_setgids(const cred_t *, gid_t);
int secpolicy_zinject(const cred_t *);
int secpolicy_zfs(const cred_t *);
void secpolicy_setid_clear(vattr_t *, cred_t *);
int secpolicy_setid_setsticky_clear(struct inode *, vattr_t *,
const vattr_t *, cred_t *);
int secpolicy_xvattr(xvattr_t *, uid_t, cred_t *, vtype_t);
int secpolicy_vnode_setattr(cred_t *, struct inode *, struct vattr *,
const struct vattr *, int, int (void *, int, cred_t *), void *);
int secpolicy_basic_link(const cred_t *);
#endif /* _KERNEL */
#endif /* _SYS_POLICY_H */

View File

@ -738,6 +738,7 @@ extern int zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr);
extern int zfs_secpolicy_rename_perms(const char *from, const char *to,
cred_t *cr);
extern int zfs_secpolicy_destroy_perms(const char *name, cred_t *cr);
extern int secpolicy_zfs(const cred_t *cr);
extern zoneid_t getzoneid(void);
/* SID stuff */

View File

@ -12,7 +12,6 @@ libspl_HEADERS = \
$(top_srcdir)/lib/libspl/include/limits.h \
$(top_srcdir)/lib/libspl/include/locale.h \
$(top_srcdir)/lib/libspl/include/note.h \
$(top_srcdir)/lib/libspl/include/priv.h \
$(top_srcdir)/lib/libspl/include/statcommon.h \
$(top_srcdir)/lib/libspl/include/stdio.h \
$(top_srcdir)/lib/libspl/include/stdlib.h \

View File

@ -1,46 +0,0 @@
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _LIBSPL_PRIV_H
#define _LIBSPL_PRIV_H
#include <sys/types.h>
/* Couldn't find this definition in OpenGrok */
#define PRIV_SYS_CONFIG "sys_config"
/*
* priv_op_t indicates a privilege operation type
*/
typedef enum priv_op {
PRIV_ON,
PRIV_OFF,
PRIV_SET
} priv_op_t;
static inline boolean_t priv_ineffect(const char *priv) { return B_TRUE; }
#endif

View File

@ -43,7 +43,6 @@
#include <fcntl.h>
#include <sys/mntent.h>
#include <sys/mount.h>
#include <priv.h>
#include <pwd.h>
#include <grp.h>
#include <stddef.h>

View File

@ -1306,6 +1306,12 @@ zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
return (0);
}
int
secpolicy_zfs(const cred_t *cr)
{
return (0);
}
ksiddomain_t *
ksid_lookupdomain(const char *dom)
{

View File

@ -2933,6 +2933,11 @@ Force a rollback of the file system to the most recent snapshot before performin
.sp .6
.RS 4n
Displays permissions that have been delegated on the specified filesystem or volume. See the other forms of \fBzfs allow\fR for more information.
.sp
Delegations are supported under Linux with the exception of \fBmount\fR,
\fBunmount\fR, \fBmountpoint\fR, \fBcanmount\fR, \fBrename\fR, and \fBshare\fR.
These permissions cannot be delegated because the Linux \fBmount(8)\fR command
restricts modifications of the global namespace to the root user.
.RE
.sp
@ -3584,9 +3589,6 @@ If you are using \fBDNS\fR for host name resolution, specify the fully qualified
.LP
\fBExample 17 \fRDelegating ZFS Administration Permissions on a ZFS Dataset
.sp
.LP
This is not currently supported on Linux.
.sp
The following example shows how to set permissions so that user \fBcindys\fR can create, destroy, mount, and take snapshots on \fBtank/cindys\fR. The permissions on \fBtank/cindys\fR are also displayed.
.sp

View File

@ -43,6 +43,7 @@ $(MODULE)-objs += lz4.o
$(MODULE)-objs += metaslab.o
$(MODULE)-objs += multilist.o
$(MODULE)-objs += pathname.o
$(MODULE)-objs += policy.o
$(MODULE)-objs += range_tree.o
$(MODULE)-objs += refcount.o
$(MODULE)-objs += rrwlock.o

View File

@ -52,6 +52,7 @@
#include <sys/zfs_onexit.h>
#include <sys/dsl_destroy.h>
#include <sys/vdev.h>
#include <sys/policy.h>
/*
* Needed to close a window in dnode_move() that allows the objset to be freed

View File

@ -56,6 +56,7 @@
#include <sys/zfeature.h>
#include <sys/bqueue.h>
#include <sys/zvol.h>
#include <sys/policy.h>
/* Set this tunable to TRUE to replace corrupt data with 0x2f5baddb10c */
int zfs_send_corrupt_data = B_FALSE;

View File

@ -51,6 +51,7 @@
#include <sys/dsl_destroy.h>
#include <sys/dsl_userhold.h>
#include <sys/dsl_bookmark.h>
#include <sys/policy.h>
/*
* The SPA supports block sizes up to 16MB. However, very large blocks

303
module/zfs/policy.c Normal file
View File

@ -0,0 +1,303 @@
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright 2013, Joyent, Inc. All rights reserved.
* Copyright (C) 2016 Lawrence Livermore National Security, LLC.
*
* For Linux the vast majority of this enforcement is already handled via
* the standard Linux VFS permission checks. However certain administrative
* commands which bypass the standard mechanisms may need to make use of
* this functionality.
*/
#include <sys/policy.h>
#include <linux/security.h>
#include <linux/vfs_compat.h>
/*
* The passed credentials cannot be directly verified because Linux only
* provides and interface to check the *current* proces credentials. In
* order to handle this the capable() test is only run when the passed
* credentials match the current process credentials or the kcred. In
* all other cases this function must fail and return the passed err.
*/
static int
priv_policy(const cred_t *cr, int capability, boolean_t all, int err)
{
ASSERT3S(all, ==, B_FALSE);
if (cr != CRED() && (cr != kcred))
return (err);
if (!capable(capability))
return (err);
return (0);
}
/*
* Checks for operations that are either client-only or are used by
* both clients and servers.
*/
int
secpolicy_nfs(const cred_t *cr)
{
return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EPERM));
}
/*
* Catch all system configuration.
*/
int
secpolicy_sys_config(const cred_t *cr, boolean_t checkonly)
{
return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EPERM));
}
/*
* Like secpolicy_vnode_access() but we get the actual wanted mode and the
* current mode of the file, not the missing bits.
*
* Enforced in the Linux VFS.
*/
int
secpolicy_vnode_access2(const cred_t *cr, struct inode *ip, uid_t owner,
mode_t curmode, mode_t wantmode)
{
return (0);
}
/*
* This is a special routine for ZFS; it is used to determine whether
* any of the privileges in effect allow any form of access to the
* file. There's no reason to audit this or any reason to record
* this. More work is needed to do the "KPLD" stuff.
*/
int
secpolicy_vnode_any_access(const cred_t *cr, struct inode *ip, uid_t owner)
{
if (crgetuid(cr) == owner)
return (0);
if (zpl_inode_owner_or_capable(ip))
return (0);
if (priv_policy(cr, CAP_DAC_OVERRIDE, B_FALSE, EPERM) == 0)
return (0);
if (priv_policy(cr, CAP_DAC_READ_SEARCH, B_FALSE, EPERM) == 0)
return (0);
return (EPERM);
}
/*
* Determine if subject can chown owner of a file.
*/
int
secpolicy_vnode_chown(const cred_t *cr, uid_t owner)
{
if (crgetuid(cr) == owner)
return (0);
return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM));
}
/*
* Determine if subject can change group ownership of a file.
*/
int
secpolicy_vnode_create_gid(const cred_t *cr)
{
return (priv_policy(cr, CAP_SETGID, B_FALSE, EPERM));
}
/*
* Policy determines whether we can remove an entry from a directory,
* regardless of permission bits.
*/
int
secpolicy_vnode_remove(const cred_t *cr)
{
return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM));
}
/*
* Determine that subject can modify the mode of a file. allzone privilege
* needed when modifying root owned object.
*/
int
secpolicy_vnode_setdac(const cred_t *cr, uid_t owner)
{
if (crgetuid(cr) == owner)
return (0);
return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM));
}
/*
* Are we allowed to retain the set-uid/set-gid bits when
* changing ownership or when writing to a file?
* "issuid" should be true when set-uid; only in that case
* root ownership is checked (setgid is assumed).
*
* Enforced in the Linux VFS.
*/
int
secpolicy_vnode_setid_retain(const cred_t *cr, boolean_t issuidroot)
{
return (0);
}
/*
* Determine that subject can set the file setgid flag.
*/
int
secpolicy_vnode_setids_setgids(const cred_t *cr, gid_t gid)
{
if (!groupmember(gid, cr))
return (priv_policy(cr, CAP_FSETID, B_FALSE, EPERM));
return (0);
}
/*
* Determine if the subject can inject faults in the ZFS fault injection
* framework. Requires all privileges.
*/
int
secpolicy_zinject(const cred_t *cr)
{
return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EACCES));
}
/*
* Determine if the subject has permission to manipulate ZFS datasets
* (not pools). Equivalent to the SYS_MOUNT privilege.
*/
int
secpolicy_zfs(const cred_t *cr)
{
return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EACCES));
}
void
secpolicy_setid_clear(vattr_t *vap, cred_t *cr)
{
if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0 &&
secpolicy_vnode_setid_retain(cr,
(vap->va_mode & S_ISUID) != 0 &&
(vap->va_mask & AT_UID) != 0 && vap->va_uid == 0) != 0) {
vap->va_mask |= AT_MODE;
vap->va_mode &= ~(S_ISUID|S_ISGID);
}
}
/*
* Determine that subject can set the file setid flags.
*/
static int
secpolicy_vnode_setid_modify(const cred_t *cr, uid_t owner)
{
if (crgetuid(cr) == owner)
return (0);
return (priv_policy(cr, CAP_FSETID, B_FALSE, EPERM));
}
/*
* Determine that subject can make a file a "sticky".
*
* Enforced in the Linux VFS.
*/
static int
secpolicy_vnode_stky_modify(const cred_t *cr)
{
return (0);
}
int
secpolicy_setid_setsticky_clear(struct inode *ip, vattr_t *vap,
const vattr_t *ovap, cred_t *cr)
{
int error;
if ((vap->va_mode & S_ISUID) != 0 &&
(error = secpolicy_vnode_setid_modify(cr,
ovap->va_uid)) != 0) {
return (error);
}
/*
* Check privilege if attempting to set the
* sticky bit on a non-directory.
*/
if (!S_ISDIR(ip->i_mode) && (vap->va_mode & S_ISVTX) != 0 &&
secpolicy_vnode_stky_modify(cr) != 0) {
vap->va_mode &= ~S_ISVTX;
}
/*
* Check for privilege if attempting to set the
* group-id bit.
*/
if ((vap->va_mode & S_ISGID) != 0 &&
secpolicy_vnode_setids_setgids(cr, ovap->va_gid) != 0) {
vap->va_mode &= ~S_ISGID;
}
return (0);
}
/*
* Check privileges for setting xvattr attributes
*/
int
secpolicy_xvattr(xvattr_t *xvap, uid_t owner, cred_t *cr, vtype_t vtype)
{
return (secpolicy_vnode_chown(cr, owner));
}
/*
* Check privileges for setattr attributes.
*
* Enforced in the Linux VFS.
*/
int
secpolicy_vnode_setattr(cred_t *cr, struct inode *ip, struct vattr *vap,
const struct vattr *ovap, int flags,
int unlocked_access(void *, int, cred_t *), void *node)
{
return (0);
}
/*
* Check privileges for links.
*
* Enforced in the Linux VFS.
*/
int
secpolicy_basic_link(const cred_t *cr)
{
return (0);
}

View File

@ -1744,9 +1744,7 @@ zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr,
int error;
zfs_sb_t *zsb = ZTOZSB(dzp);
zfs_acl_t *paclp;
#ifdef HAVE_KSID
gid_t gid;
#endif /* HAVE_KSID */
boolean_t need_chmod = B_TRUE;
boolean_t inherited = B_FALSE;
@ -1760,7 +1758,6 @@ zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr,
acl_ids->z_fuid = vap->va_uid;
acl_ids->z_fgid = vap->va_gid;
#ifdef HAVE_KSID
/*
* Determine uid and gid.
*/
@ -1812,7 +1809,6 @@ zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr,
}
}
}
#endif /* HAVE_KSID */
/*
* If we're creating a directory, and the parent directory has the

View File

@ -109,7 +109,7 @@ static krwlock_t zfs_snapshot_lock;
* Control Directory Tunables (.zfs)
*/
int zfs_expire_snapshot = ZFSCTL_EXPIRE_SNAPSHOT;
int zfs_admin_snapshot = 0;
int zfs_admin_snapshot = 1;
/*
* Dedicated task queue for unmounting snapshots.
@ -490,7 +490,7 @@ zfsctl_inode_alloc(zfs_sb_t *zsb, uint64_t id,
zp->z_is_stale = B_FALSE;
ip->i_generation = 0;
ip->i_ino = id;
ip->i_mode = (S_IFDIR | S_IRUGO | S_IXUGO);
ip->i_mode = (S_IFDIR | S_IRWXUGO);
ip->i_uid = SUID_TO_KUID(0);
ip->i_gid = SGID_TO_KGID(0);
ip->i_blkbits = SPA_MINBLOCKSHIFT;

View File

@ -488,7 +488,6 @@ zfs_fuid_node_add(zfs_fuid_info_t **fuidpp, const char *domain, uint32_t rid,
}
}
#ifdef HAVE_KSID
/*
* Create a file system FUID, based on information in the users cred
*
@ -501,6 +500,7 @@ uint64_t
zfs_fuid_create_cred(zfs_sb_t *zsb, zfs_fuid_type_t type,
cred_t *cr, zfs_fuid_info_t **fuidp)
{
#ifdef HAVE_KSID
uint64_t idx;
ksid_t *ksid;
uint32_t rid;
@ -540,8 +540,12 @@ zfs_fuid_create_cred(zfs_sb_t *zsb, zfs_fuid_type_t type,
zfs_fuid_node_add(fuidp, kdomain, rid, idx, id, type);
return (FUID_ENCODE(idx, rid));
}
#else
VERIFY(type == ZFS_OWNER || type == ZFS_GROUP);
return ((uint64_t)((type == ZFS_OWNER) ? crgetuid(cr) : crgetgid(cr)));
#endif /* HAVE_KSID */
}
/*
* Create a file system FUID for an ACL ace

View File

@ -186,12 +186,19 @@
#include <sys/zfeature.h>
#include <linux/miscdevice.h>
#include <linux/slab.h>
#include "zfs_namecheck.h"
#include "zfs_prop.h"
#include "zfs_deleg.h"
#include "zfs_comutil.h"
/*
* Limit maximum nvlist size. We don't want users passing in insane values
* for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
*/
#define MAX_NVLIST_SRC_SIZE KMALLOC_MAX_SIZE
kmutex_t zfsdev_state_lock;
zfsdev_state_t *zfsdev_state_list;
@ -3182,8 +3189,25 @@ zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
if (error == 0) {
error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
nvprops, outnvl);
if (error != 0)
(void) dsl_destroy_head(fsname);
if (error != 0) {
spa_t *spa;
int error2;
/*
* Volumes will return EBUSY and cannot be destroyed
* until all asynchronous minor handling has completed.
* Wait for the spa_zvol_taskq to drain then retry.
*/
error2 = dsl_destroy_head(fsname);
while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
error2 = spa_open(fsname, &spa, FTAG);
if (error2 == 0) {
taskq_wait(spa->spa_zvol_taskq);
spa_close(spa, FTAG);
}
error2 = dsl_destroy_head(fsname);
}
}
}
return (error);
}
@ -5795,7 +5819,23 @@ zfsdev_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
}
zc->zc_iflags = flag & FKIOCTL;
if (zc->zc_nvlist_src_size != 0) {
if (zc->zc_nvlist_src_size > MAX_NVLIST_SRC_SIZE) {
/*
* Make sure the user doesn't pass in an insane value for
* zc_nvlist_src_size. We have to check, since we will end
* up allocating that much memory inside of get_nvlist(). This
* prevents a nefarious user from allocating tons of kernel
* memory.
*
* Also, we return EINVAL instead of ENOMEM here. The reason
* being that returning ENOMEM from an ioctl() has a special
* connotation; that the user's size value is too small and
* needs to be expanded to hold the nvlist. See
* zcmd_expand_dst_nvlist() for details.
*/
error = SET_ERROR(EINVAL); /* User's size too big */
} else if (zc->zc_nvlist_src_size != 0) {
error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
zc->zc_iflags, &innvl);
if (error != 0)

View File

@ -148,17 +148,6 @@ populate() {
}
init() {
# Disable the udev rule 90-zfs.rules to prevent the zfs module
# stack from being loaded due to the detection of a zfs device.
# This is important because the test scripts require full control
# over when and how the modules are loaded/unloaded. A trap is
# set to ensure the udev rule is correctly replaced on exit.
local RULE=${udevruledir}/90-zfs.rules
if test -e ${RULE}; then
trap "mv ${RULE}.disabled ${RULE}" INT TERM EXIT
mv ${RULE} ${RULE}.disabled
fi
# Create a random directory tree of files and sub-directories to
# to act as a copy source for the various regression tests.
SRC_DIR=`mktemp -d -p /var/tmp/ zfs.src.XXXXXXXX`

View File

@ -63,6 +63,17 @@ fi
# Initialize the test suite
init
# Disable the udev rule 90-zfs.rules to prevent the zfs module
# stack from being loaded due to the detection of a zfs device.
# This is important because this test scripts require full control
# over when and how the modules are loaded/unloaded. A trap is
# set to ensure the udev rule is correctly replaced on exit.
RULE=${udevruledir}/90-zfs.rules
if test -e ${RULE}; then
trap "mv ${RULE}.disabled ${RULE}" INT TERM EXIT
mv ${RULE} ${RULE}.disabled
fi
# Perform pre-cleanup is requested
if [ ${CLEANUP} ]; then
${ZFS_SH} -u

View File

@ -19,10 +19,11 @@ post_user = root
post = cleanup
outputdir = /var/tmp/test_results
# DISABLED:
# posix_001_pos - needs investigation
# DISABLED: update to use ZFS_ACL_* variables and user_run helper.
# posix_001_pos
# posix_002_pos
[tests/functional/acl/posix]
tests = ['posix_002_pos', 'posix_003_pos']
tests = ['posix_003_pos']
[tests/functional/atime]
tests = ['atime_001_pos', 'atime_002_neg', 'atime_003_pos']
@ -346,34 +347,39 @@ tests = ['zpool_status_001_pos', 'zpool_status_002_pos']
# 'zpool_upgrade_006_neg', 'zpool_upgrade_007_pos', 'zpool_upgrade_008_pos',
# 'zpool_upgrade_009_neg']
# DISABLED: nested pools
#[tests/functional/cli_user/misc]
#tests = ['zdb_001_neg', 'zfs_001_neg', 'zfs_allow_001_neg',
# 'zfs_clone_001_neg', 'zfs_create_001_neg', 'zfs_destroy_001_neg',
# 'zfs_get_001_neg', 'zfs_inherit_001_neg', 'zfs_mount_001_neg',
# 'zfs_promote_001_neg', 'zfs_receive_001_neg', 'zfs_rename_001_neg',
# 'zfs_rollback_001_neg', 'zfs_send_001_neg', 'zfs_set_001_neg',
# 'zfs_share_001_neg', 'zfs_snapshot_001_neg', 'zfs_unallow_001_neg',
# 'zfs_unmount_001_neg', 'zfs_unshare_001_neg', 'zfs_upgrade_001_neg',
# 'zpool_001_neg', 'zpool_add_001_neg', 'zpool_attach_001_neg',
# 'zpool_clear_001_neg', 'zpool_create_001_neg', 'zpool_destroy_001_neg',
# 'zpool_detach_001_neg', 'zpool_export_001_neg', 'zpool_get_001_neg',
# 'zpool_history_001_neg', 'zpool_import_001_neg', 'zpool_import_002_neg',
# 'zpool_offline_001_neg', 'zpool_online_001_neg', 'zpool_remove_001_neg',
# 'zpool_replace_001_neg', 'zpool_scrub_001_neg', 'zpool_set_001_neg',
# 'zpool_status_001_neg', 'zpool_upgrade_001_neg']
#user = zfs-tests
# DISABLED:
# zfs_share_001_neg - requires additional dependencies
# zfs_unshare_001_neg - requires additional dependencies
[tests/functional/cli_user/misc]
tests = ['zdb_001_neg', 'zfs_001_neg', 'zfs_allow_001_neg',
'zfs_clone_001_neg', 'zfs_create_001_neg', 'zfs_destroy_001_neg',
'zfs_get_001_neg', 'zfs_inherit_001_neg', 'zfs_mount_001_neg',
'zfs_promote_001_neg', 'zfs_receive_001_neg', 'zfs_rename_001_neg',
'zfs_rollback_001_neg', 'zfs_send_001_neg', 'zfs_set_001_neg',
'zfs_snapshot_001_neg', 'zfs_unallow_001_neg',
'zfs_unmount_001_neg', 'zfs_upgrade_001_neg',
'zpool_001_neg', 'zpool_add_001_neg', 'zpool_attach_001_neg',
'zpool_clear_001_neg', 'zpool_create_001_neg', 'zpool_destroy_001_neg',
'zpool_detach_001_neg', 'zpool_export_001_neg', 'zpool_get_001_neg',
'zpool_history_001_neg', 'zpool_import_001_neg', 'zpool_import_002_neg',
'zpool_offline_001_neg', 'zpool_online_001_neg', 'zpool_remove_001_neg',
'zpool_replace_001_neg', 'zpool_scrub_001_neg', 'zpool_set_001_neg',
'zpool_status_001_neg', 'zpool_upgrade_001_neg']
user =
[tests/functional/cli_user/zfs_list]
tests = ['zfs_list_001_pos', 'zfs_list_002_pos', 'zfs_list_003_pos',
'zfs_list_004_neg', 'zfs_list_007_pos', 'zfs_list_008_neg']
user =
[tests/functional/cli_user/zpool_iostat]
tests = ['zpool_iostat_001_neg', 'zpool_iostat_002_pos',
'zpool_iostat_003_neg', 'zpool_iostat_004_pos']
user =
[tests/functional/cli_user/zpool_list]
tests = ['zpool_list_001_pos', 'zpool_list_002_neg']
user =
[tests/functional/compression]
tests = ['compress_001_pos', 'compress_002_pos', 'compress_003_pos',
@ -382,15 +388,14 @@ tests = ['compress_001_pos', 'compress_002_pos', 'compress_003_pos',
[tests/functional/ctime]
tests = ['ctime_001_pos' ]
# DISABLED: Linux does not yet support delegations.
#[tests/functional/delegate]
#tests = ['zfs_allow_001_pos', 'zfs_allow_002_pos',
# 'zfs_allow_004_pos', 'zfs_allow_005_pos', 'zfs_allow_006_pos',
# 'zfs_allow_007_pos', 'zfs_allow_008_pos', 'zfs_allow_009_neg',
# 'zfs_allow_010_pos', 'zfs_allow_011_neg', 'zfs_allow_012_neg',
# 'zfs_unallow_001_pos', 'zfs_unallow_002_pos', 'zfs_unallow_003_pos',
# 'zfs_unallow_004_pos', 'zfs_unallow_005_pos', 'zfs_unallow_006_pos',
# 'zfs_unallow_007_neg', 'zfs_unallow_008_neg']
[tests/functional/delegate]
tests = ['zfs_allow_001_pos', 'zfs_allow_002_pos',
'zfs_allow_004_pos', 'zfs_allow_005_pos', 'zfs_allow_006_pos',
'zfs_allow_007_pos', 'zfs_allow_008_pos', 'zfs_allow_009_neg',
'zfs_allow_010_pos', 'zfs_allow_011_neg', 'zfs_allow_012_neg',
'zfs_unallow_001_pos', 'zfs_unallow_002_pos', 'zfs_unallow_003_pos',
'zfs_unallow_004_pos', 'zfs_unallow_005_pos', 'zfs_unallow_006_pos',
'zfs_unallow_007_neg', 'zfs_unallow_008_neg']
# DISABLED:
# devices_001_pos - needs investigation

View File

@ -158,6 +158,10 @@ class Cmd(object):
me = getpwuid(os.getuid())
if not user or user is me:
if os.path.isfile(cmd+'.ksh') and os.access(cmd+'.ksh', os.X_OK):
cmd += '.ksh'
if os.path.isfile(cmd+'.sh') and os.access(cmd+'.sh', os.X_OK):
cmd += '.sh'
return cmd
if not os.path.isfile(cmd):
@ -207,10 +211,11 @@ class Cmd(object):
except OSError, e:
fail('%s' % e)
try:
self.result.starttime = time()
proc = Popen(privcmd, stdout=PIPE, stderr=PIPE)
t = Timer(int(self.timeout), self.kill_cmd, [proc])
try:
t.start()
self.result.stdout, self.result.stderr = self.collect_output(proc)
except KeyboardInterrupt:

View File

@ -1876,6 +1876,14 @@ function add_user #<group_name> <user_name> <basedir>
log_must $USERADD -g $gname -d $basedir/$uname -m $uname
# Add new users to the same group and the command line utils.
# This allows them to be run out of the original users home
# directory as long as it permissioned to be group readable.
if is_linux; then
cmd_group=$(stat --format="%G" $ZFS)
log_must $USERMOD -a -G $cmd_group $uname
fi
return 0
}
@ -1919,15 +1927,11 @@ function add_group #<group_name>
# Assign 100 as the base gid, a larger value is selected for
# Linux because for many distributions 1000 and under are reserved.
if is_linux; then
typeset -i gid=1500
while true; do
$GROUPADD -g $gid $group > /dev/null 2>&1
$GROUPADD $group > /dev/null 2>&1
typeset -i ret=$?
case $ret in
0) return 0 ;;
# The gid is not unique
9) ((gid += 1)) ;;
*) return 1 ;;
esac
done
@ -2592,6 +2596,7 @@ function user_run
typeset user=$1
shift
log_note "user:$user $@"
eval \$SU \$user -c \"$@\" > /tmp/out 2>/tmp/err
return $?
}

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
if poolexists $TESTPOOL.virt
then

View File

@ -28,33 +28,59 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
# these are the set of setable ZFS properties
PROP_NAMES="\
if is_linux; then
# these are the set of setable ZFS properties
PROP_NAMES="\
aclinherit acltype atime \
checksum compression devices \
exec mountpoint quota readonly \
recordsize reservation setuid \
snapdir"
# these are a set of values we apply, for use when testing the
# zfs get/set subcommands - ordered as per the list above so we
# can iterate over both sets in an array
PROP_VALS="\
secure posixacl on \
fletcher2 on on \
on legacy none on \
128k none on \
visible"
# these are an alternate set of property values
PROP_ALTVALS="\
noallow noacl off \
fletcher4 lzjb off \
off /tmp/zfstest 100m off \
512 10m off \
hidden"
else
# these are the set of setable ZFS properties
PROP_NAMES="\
aclinherit aclmode atime \
checksum compression devices \
exec mountpoint quota readonly \
recordsize reservation setuid sharenfs \
snapdir"
# these are a set of values we apply, for use when testing the
# zfs get/set subcommands - ordered as per the list above so we
# can iterate over both sets in an array
PROP_VALS="\
# these are a set of values we apply, for use when testing the
# zfs get/set subcommands - ordered as per the list above so we
# can iterate over both sets in an array
PROP_VALS="\
secure discard on \
fletcher2 on on \
on legacy none on \
128k none on on \
visible"
# these are an alternate set of property values
PROP_ALTVALS="\
noallow groupmask off \
# these are an alternate set of property values
PROP_ALTVALS="\
noallow noacl off \
fletcher4 lzjb off \
off /tmp/zfstest 100m off \
512 10m off off \
hidden"
fi
# additional properties to worry about: canmount copies xattr zoned version

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
# This setup script is moderately complex, as it creates scenarios for all
# of the tests included in this directory. Usually we'd want each test case
@ -95,7 +95,7 @@ done
log_must $ZFS create $TESTPOOL/$TESTFS/renameme
if is_global_zone
if is_global_zone && !is_linux
then
# create a filesystem we can share
log_must $ZFS create $TESTPOOL/$TESTFS/unshared
@ -153,7 +153,7 @@ then
done
# copy a v1 pool from cli_root
$CP $STF_SUITE/tests/functional/cli_root/zpool_upgrade/blockfiles/zfs-pool-v1.dat.bz2 \
$CP $STF_SUITE/tests/functional/cli_root/zpool_upgrade/zfs-pool-v1.dat.bz2 \
/$TESTDIR
log_must $BUNZIP2 /$TESTDIR/zfs-pool-v1.dat.bz2
log_must $ZPOOL import -d /$TESTDIR v1-pool

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
@ -50,13 +50,21 @@ ADD_DISK="${ADD_DISK##* }"
[[ -z $ADD_DISK ]] && \
log_fail "No spare disks available."
set -A args "add" "add -f" "add -n" \
# Under Linux dry-run commands have no legitimate reason to fail.
if is_linux; then
set -A args "add" "add -f" "add -n" \
"add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \
"add -fn $TESTPOOL" "add -nf $TESTPOOL" \
"add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK"
else
set -A args "add" "add -f" "add -n" \
"add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \
"add -fn $TESTPOOL" "add -nf $TESTPOOL" \
"add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK" \
"add -n $TESTPOOL $ADD_DISK" \
"add -fn $TESTPOOL $ADD_DISK" \
"add -nf $TESTPOOL $ADD_DISK" \
"add -nf $TESTPOOL $ADD_DISK"
fi
log_assert "zpool add [-fn] pool_name vdev"

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
@ -50,13 +50,21 @@ ADD_DISK="${ADD_DISK##* }"
[[ -z $ADD_DISK ]] && \
log_fail "No spare disks available."
set -A args "create" "create -f" "create -n" \
# Under Linux dry-run commands have no legitimate reason to fail.
if is_linux; then
set -A args "create" "create -f" "create -n" \
"create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \
"create -fn $TESTPOOL" "create -nf $TESTPOOL" \
"create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK"
else
set -A args "create" "create -f" "create -n" \
"create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \
"create -fn $TESTPOOL" "create -nf $TESTPOOL" \
"create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK" \
"create -n $TESTPOOL $ADD_DISK" \
"create -fn $TESTPOOL $ADD_DISK" \
"create -nf $TESTPOOL $ADD_DISK"
fi
log_assert "zpool create [-fn] pool_name vdev"

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,8 +29,8 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:

View File

@ -29,14 +29,17 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
cleanup_user_group
# restore the state of svc:/network/nis/client:default
if [[ -e $NISSTAFILE ]]; then
if ! is_linux; then
# restore the state of svc:/network/nis/client:default
if [[ -e $NISSTAFILE ]]; then
log_must $SVCADM enable svc:/network/nis/client:default
log_must $RM -f $NISSTAFILE
fi
fi
default_cleanup

View File

@ -40,9 +40,22 @@ export OTHER2=other2
export EVERYONE="$STAFF1 $STAFF2 $OTHER1 $OTHER2"
export LOCAL_SET="snapshot"
export LOCAL_DESC_SET="readonly,checksum"
export DESC_SET="compression"
#
# 'readonly' is disabled for Linux because it requires remounting the
# filesystem which is restricted to root for older versions of mount(8).
#
if is_linux; then
LOCAL_SET="snapshot"
LOCAL_DESC_SET="checksum"
DESC_SET="compression"
else
LOCAL_SET="snapshot"
LOCAL_DESC_SET="readonly,checksum"
DESC_SET="compression"
fi
export LOCAL_SET
export LOCAL_DESC_SET
export DESC_SET
export TESTVOL=testvol.delegate
export VOLSIZE=150m

View File

@ -63,6 +63,7 @@ function restore_root_datasets
log_must $ZFS destroy -Rf $ROOT_TESTVOL
fi
log_must $ZFS create -V $VOLSIZE $ROOT_TESTVOL
block_device_wait
fi
return 0
@ -101,6 +102,7 @@ function verify_perm
ret=$?
fi
log_note "Check $type $user $perm $dtst"
if ((ret != 0)) ; then
log_note "Fail: $user should have $perm " \
"on $dtst"
@ -376,7 +378,7 @@ function verify_send
typeset dtst=$3
typeset oldval
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset snap=$dtst@snap.$stamp
typeset -i ret=1
@ -405,7 +407,7 @@ function verify_fs_receive
typeset fs=$3
typeset dtst
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset newfs=$fs/newfs.$stamp
typeset newvol=$fs/newvol.$stamp
typeset bak_user=/tmp/bak.$user.$stamp
@ -415,6 +417,7 @@ function verify_fs_receive
typeset datasets="$newfs"
if is_global_zone ; then
log_must $ZFS create -V $VOLSIZE $newvol
block_device_wait
datasets="$newfs $newvol"
fi
@ -476,7 +479,7 @@ function verify_userprop
typeset perm=$2
typeset dtst=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
user_run $user $ZFS set "$user:ts=$stamp" $dtst
if [[ $stamp != $(get_prop "$user:ts" $dtst) ]]; then
@ -560,7 +563,7 @@ function verify_fs_create
typeset perm=$2
typeset fs=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset newfs=$fs/nfs.$stamp
typeset newvol=$fs/nvol.$stamp
@ -581,6 +584,7 @@ function verify_fs_create
if is_global_zone ; then
# mount permission is required for sparse volume
user_run $user $ZFS create -V 150m -s $newvol
block_device_wait
if datasetexists $newvol ; then
return 1
fi
@ -591,17 +595,22 @@ function verify_fs_create
if ! datasetexists $newvol ; then
return 1
fi
block_device_wait
log_must $ZFS destroy $newvol
block_device_wait
# mount and reserveration permission are
# required for normal volume
user_run $user $ZFS create -V 150m $newvol
block_device_wait
if datasetexists $newvol ; then
return 1
fi
log_must $ZFS allow $user mount $fs
user_run $user $ZFS create -V 150m $newvol
block_device_wait
log_must $ZFS unallow $user mount $fs
if datasetexists $newvol ; then
return 1
@ -609,6 +618,7 @@ function verify_fs_create
log_must $ZFS allow $user reservation $fs
user_run $user $ZFS create -V 150m $newvol
block_device_wait
log_must $ZFS unallow $user reservation $fs
if datasetexists $newvol ; then
return 1
@ -616,6 +626,7 @@ function verify_fs_create
log_must $ZFS allow $user refreservation $fs
user_run $user $ZFS create -V 150m $newvol
block_device_wait
log_must $ZFS unallow $user refreservation $fs
if datasetexists $newvol ; then
return 1
@ -631,7 +642,10 @@ function verify_fs_create
if ! datasetexists $newvol ; then
return 1
fi
block_device_wait
log_must $ZFS destroy $newvol
block_device_wait
fi
return 0
@ -677,7 +691,7 @@ function verify_fs_snapshot
typeset perm=$2
typeset fs=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset snap=$fs@snap.$stamp
typeset mntpt=$(get_prop mountpoint $fs)
@ -718,7 +732,7 @@ function verify_fs_rollback
typeset fs=$3
typeset oldval
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset snap=$fs@snap.$stamp
typeset mntpt=$(get_prop mountpoint $fs)
@ -751,7 +765,7 @@ function verify_fs_clone
typeset perm=$2
typeset fs=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basefs=${fs%/*}
typeset snap=$fs@snap.$stamp
typeset clone=$basefs/cfs.$stamp
@ -796,7 +810,7 @@ function verify_fs_rename
typeset perm=$2
typeset fs=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basefs=${fs%/*}
typeset snap=$fs@snap.$stamp
typeset renamefs=$basefs/nfs.$stamp
@ -879,7 +893,7 @@ function verify_fs_mount
typeset perm=$2
typeset fs=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset mntpt=$(get_prop mountpoint $fs)
typeset newmntpt=/tmp/mnt.$stamp
@ -947,7 +961,7 @@ function verify_fs_mountpoint
typeset perm=$2
typeset fs=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset mntpt=$(get_prop mountpoint $fs)
typeset newmntpt=/tmp/mnt.$stamp
@ -986,7 +1000,7 @@ function verify_fs_promote
typeset perm=$2
typeset fs=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basefs=${fs%/*}
typeset snap=$fs@snap.$stamp
typeset clone=$basefs/cfs.$stamp
@ -1042,7 +1056,7 @@ function verify_fs_canmount
typeset fs=$3
typeset oldval
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
if ! ismounted $fs ; then
set -A modes "on" "off"
@ -1338,7 +1352,7 @@ function verify_vol_snapshot
typeset perm=$2
typeset vol=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basevol=${vol%/*}
typeset snap=$vol@snap.$stamp
@ -1363,7 +1377,7 @@ function verify_vol_rollback
typeset perm=$2
typeset vol=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basevol=${vol%/*}
typeset snap=$vol@snap.$stamp
@ -1398,7 +1412,7 @@ function verify_vol_clone
typeset perm=$2
typeset vol=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basevol=${vol%/*}
typeset snap=$vol@snap.$stamp
typeset clone=$basevol/cvol.$stamp
@ -1444,7 +1458,7 @@ function verify_vol_rename
typeset perm=$2
typeset vol=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basevol=${vol%/*}
typeset snap=$vol@snap.$stamp
typeset clone=$basevol/cvol.$stamp
@ -1491,7 +1505,7 @@ function verify_vol_promote
typeset perm=$2
typeset vol=$3
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basevol=${vol%/*}
typeset snap=$vol@snap.$stamp
typeset clone=$basevol/cvol.$stamp

View File

@ -29,15 +29,18 @@
# Copyright (c) 2013 by Delphix. All rights reserved.
#
. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
# check svc:/network/nis/client:default state
# disable it if the state is ON
# and the state will be restored during cleanup.ksh
log_must $RM -f $NISSTAFILE
if [[ "ON" == $($SVCS -H -o sta svc:/network/nis/client:default) ]]; then
if ! is_linux; then
# check svc:/network/nis/client:default state
# disable it if the state is ON
# and the state will be restored during cleanup.ksh
log_must $RM -f $NISSTAFILE
if [[ "ON" == $($SVCS -H -o sta svc:/network/nis/client:default) ]]; then
log_must $SVCADM disable -t svc:/network/nis/client:default
log_must $TOUCH $NISSTAFILE
fi
fi
cleanup_user_group

View File

@ -67,7 +67,7 @@ typeset perms="snapshot,reservation,compression,checksum,send,userprop"
log_note "Create a user called 'everyone'."
if ! $ID everyone > /dev/null 2>&1; then
user_added="TRUE"
log_must $USERADD everyone
log_must add_user $STAFF_GROUP everyone
fi
for dtst in $DATASETS ; do
log_must $ZFS allow everyone $perms $dtst
@ -75,7 +75,7 @@ for dtst in $DATASETS ; do
done
log_must restore_root_datasets
if [[ $user_added == "TRUE" ]]; then
log_must $USERDEL everyone
log_must del_user everyone
fi
log_note "Created a group called 'everyone'."

View File

@ -61,7 +61,7 @@ log_onexit cleanup
eval set -A dataset $DATASETS
typeset perms="snapshot,reservation,compression,checksum,send,userprop"
log_must $USERADD $STAFF_GROUP
log_must add_user $STAFF_GROUP $STAFF_GROUP
for dtst in $DATASETS ; do
log_must $ZFS allow $STAFF_GROUP $perms $dtst
log_must verify_perm $dtst $perms $STAFF_GROUP

View File

@ -48,10 +48,46 @@ log_assert "Verify privileged user has correct permissions once which was "\
"delegated to him in datasets"
log_onexit restore_root_datasets
if is_linux; then
#
# Results in Results in
# Permission Filesystem Volume
#
# Removed for Linux:
# - mount - mount(8) does not permit non-superuser mounts
# - mountpoint - mount(8) does not permit non-superuser mounts
# - canmount - mount(8) does not permit non-superuser mounts
# - rename - mount(8) does not permit non-superuser mounts
# - zoned - zones are not supported
# - destroy - umount(8) does not permit non-superuser umounts
# - sharenfs - sharing requires superuser priviliges
# - share - sharing requires superuser priviliges
# - readonly - mount(8) does not permit non-superuser remounts
#
set -A perms create true false \
snapshot true true \
send true true \
allow true true \
quota true false \
reservation true true \
recordsize true false \
checksum true true \
compression true true \
atime true false \
devices true false \
exec true false \
volsize false true \
setuid true false \
snapdir true false \
userprop true true \
aclinherit true false \
rollback true true \
clone true true \
promote true true \
xattr true false \
receive true false
else
set -A perms create true false \
snapshot true true \
mount true false \
@ -82,11 +118,13 @@ set -A perms create true false \
xattr true false \
receive true false \
destroy true true
if is_global_zone; then
typeset -i n=${#perms[@]}
perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false"
perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false"
fi
fi
for dtst in $DATASETS; do
typeset -i k=1

View File

@ -55,11 +55,19 @@ log_assert "Verify privileged user can not use permissions properly when " \
log_onexit cleanup
if is_linux; then
set -A perms create snapshot mount send allow quota reservation \
recordsize mountpoint checksum compression canmount atime \
devices exec volsize setuid readonly snapdir userprop \
rollback clone rename promote \
zoned xattr receive destroy
else
set -A perms create snapshot mount send allow quota reservation \
recordsize mountpoint checksum compression canmount atime \
devices exec volsize setuid readonly snapdir userprop \
aclmode aclinherit rollback clone rename promote \
zoned xattr receive destroy sharenfs share
fi
log_must $ZPOOL set delegation=off $TESTPOOL

View File

@ -60,6 +60,13 @@ set -A badopts "everyone -e" "everyone -u $STAFF1" "everyone everyone" \
log_must setup_unallow_testenv
#
# The GNU getopt(3) implementation will reorder these arguments such the
# the parser can handle them and the test doesn't fail. POSIXLY_CORRECT
# is set to disable the reordering so the original test cases will fail.
#
export POSIXLY_CORRECT=1
for dtst in $DATASETS ; do
log_must $ZFS allow -c create $dtst
@ -72,4 +79,6 @@ for dtst in $DATASETS ; do
# Causes test failure: neg_test user_run $STAFF1 $ZFS unallow $dtst
done
unset POSIXLY_CORRECT
log_pass "zfs unallow can handle invalid arguments passed."

View File

@ -7,6 +7,6 @@ ENV{ID_FS_TYPE}=="zfs_member", RUN+="/sbin/modprobe zfs"
KERNEL=="null", SYMLINK+="root"
SYMLINK=="null", SYMLINK+="root"
SUBSYSTEM=="misc", KERNEL=="zfs", RUN+="@sbindir@/zpool list"
SUBSYSTEM=="misc", KERNEL=="zfs", MODE="0666"
LABEL="zfs_end"