Add `zfs allow` and `zfs unallow` support
ZFS allows for specific permissions to be delegated to normal users with the `zfs allow` and `zfs unallow` commands. In addition, non- privileged users should be able to run all of the following commands: * zpool [list | iostat | status | get] * zfs [list | get] Historically this functionality was not available on Linux. In order to add it the secpolicy_* functions needed to be implemented and mapped to the equivalent Linux capability. Only then could the permissions on the `/dev/zfs` be relaxed and the internal ZFS permission checks used. Even with this change some limitations remain. Under Linux only the root user is allowed to modify the namespace (unless it's a private namespace). This means the mount, mountpoint, canmount, unmount, and remount delegations cannot be supported with the existing code. It may be possible to add this functionality in the future. This functionality was validated with the cli_user and delegation test cases from the ZFS Test Suite. These tests exhaustively verify each of the supported permissions which can be delegated and ensures only an authorized user can perform it. Two minor bug fixes were required for test-running.py. First, the Timer() object cannot be safely created in a `try:` block when there is an unconditional `finally` block which references it. Second, when running as a normal user also check for scripts using the both the .ksh and .sh suffixes. Finally, existing users who are simulating delegations by setting group permissions on the /dev/zfs device should revert that customization when updating to a version with this change. Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tony Hutter <hutter2@llnl.gov> Closes #362 Closes #434 Closes #4100 Closes #4394 Closes #4410 Closes #4487
This commit is contained in:
parent
2627e75245
commit
f74b821a66
|
@ -610,7 +610,12 @@ zfs_mount_and_share(libzfs_handle_t *hdl, const char *dataset, zfs_type_t type)
|
|||
*/
|
||||
if (zfs_prop_valid_for_type(ZFS_PROP_CANMOUNT, type, B_FALSE) &&
|
||||
zfs_prop_get_int(zhp, ZFS_PROP_CANMOUNT) == ZFS_CANMOUNT_ON) {
|
||||
if (zfs_mount(zhp, NULL, 0) != 0) {
|
||||
if (geteuid() != 0) {
|
||||
(void) fprintf(stderr, gettext("filesystem "
|
||||
"successfully created, but it may only be "
|
||||
"mounted by root\n"));
|
||||
ret = 1;
|
||||
} else if (zfs_mount(zhp, NULL, 0) != 0) {
|
||||
(void) fprintf(stderr, gettext("filesystem "
|
||||
"successfully created, but not mounted\n"));
|
||||
ret = 1;
|
||||
|
|
|
@ -42,7 +42,6 @@
|
|||
#include <string.h>
|
||||
#include <strings.h>
|
||||
#include <unistd.h>
|
||||
#include <priv.h>
|
||||
#include <pwd.h>
|
||||
#include <zone.h>
|
||||
#include <zfs_prop.h>
|
||||
|
@ -2331,13 +2330,13 @@ zpool_do_import(int argc, char **argv)
|
|||
(void) fprintf(stderr, gettext("too many arguments\n"));
|
||||
usage(B_FALSE);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Check for the SYS_CONFIG privilege. We do this explicitly
|
||||
* here because otherwise any attempt to discover pools will
|
||||
* silently fail.
|
||||
* Check for the effective uid. We do this explicitly here because
|
||||
* otherwise any attempt to discover pools will silently fail.
|
||||
*/
|
||||
if (argc == 0 && !priv_ineffect(PRIV_SYS_CONFIG)) {
|
||||
if (argc == 0 && geteuid() != 0) {
|
||||
(void) fprintf(stderr, gettext("cannot "
|
||||
"discover pools: permission denied\n"));
|
||||
if (searchdirs != NULL)
|
||||
|
@ -2346,7 +2345,6 @@ zpool_do_import(int argc, char **argv)
|
|||
nvlist_free(policy);
|
||||
return (1);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Depending on the arguments given, we do one of the following:
|
||||
|
|
|
@ -39,6 +39,7 @@ COMMON_H = \
|
|||
$(top_srcdir)/include/sys/nvpair.h \
|
||||
$(top_srcdir)/include/sys/nvpair_impl.h \
|
||||
$(top_srcdir)/include/sys/pathname.h \
|
||||
$(top_srcdir)/include/sys/policy.h \
|
||||
$(top_srcdir)/include/sys/range_tree.h \
|
||||
$(top_srcdir)/include/sys/refcount.h \
|
||||
$(top_srcdir)/include/sys/rrwlock.h \
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
/*
|
||||
* CDDL HEADER START
|
||||
*
|
||||
* The contents of this file are subject to the terms of the
|
||||
* Common Development and Distribution License (the "License").
|
||||
* You may not use this file except in compliance with the License.
|
||||
*
|
||||
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
* or http://www.opensolaris.org/os/licensing.
|
||||
* See the License for the specific language governing permissions
|
||||
* and limitations under the License.
|
||||
*
|
||||
* When distributing Covered Code, include this CDDL HEADER in each
|
||||
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
* If applicable, add the following below this CDDL HEADER, with the
|
||||
* fields enclosed by brackets "[]" replaced with your own identifying
|
||||
* information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
*
|
||||
* CDDL HEADER END
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright 2015, Joyent, Inc. All rights reserved.
|
||||
* Copyright (c) 2016, Lawrence Livermore National Security, LLC.
|
||||
*/
|
||||
|
||||
#ifndef _SYS_POLICY_H
|
||||
#define _SYS_POLICY_H
|
||||
|
||||
#ifdef _KERNEL
|
||||
|
||||
#include <sys/cred.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/xvattr.h>
|
||||
#include <sys/zpl.h>
|
||||
|
||||
int secpolicy_nfs(const cred_t *);
|
||||
int secpolicy_sys_config(const cred_t *, boolean_t);
|
||||
int secpolicy_vnode_access2(const cred_t *, struct inode *,
|
||||
uid_t, mode_t, mode_t);
|
||||
int secpolicy_vnode_any_access(const cred_t *, struct inode *, uid_t);
|
||||
int secpolicy_vnode_chown(const cred_t *, uid_t);
|
||||
int secpolicy_vnode_create_gid(const cred_t *);
|
||||
int secpolicy_vnode_remove(const cred_t *);
|
||||
int secpolicy_vnode_setdac(const cred_t *, uid_t);
|
||||
int secpolicy_vnode_setid_retain(const cred_t *, boolean_t);
|
||||
int secpolicy_vnode_setids_setgids(const cred_t *, gid_t);
|
||||
int secpolicy_zinject(const cred_t *);
|
||||
int secpolicy_zfs(const cred_t *);
|
||||
void secpolicy_setid_clear(vattr_t *, cred_t *);
|
||||
int secpolicy_setid_setsticky_clear(struct inode *, vattr_t *,
|
||||
const vattr_t *, cred_t *);
|
||||
int secpolicy_xvattr(xvattr_t *, uid_t, cred_t *, vtype_t);
|
||||
int secpolicy_vnode_setattr(cred_t *, struct inode *, struct vattr *,
|
||||
const struct vattr *, int, int (void *, int, cred_t *), void *);
|
||||
int secpolicy_basic_link(const cred_t *);
|
||||
|
||||
#endif /* _KERNEL */
|
||||
#endif /* _SYS_POLICY_H */
|
|
@ -738,6 +738,7 @@ extern int zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr);
|
|||
extern int zfs_secpolicy_rename_perms(const char *from, const char *to,
|
||||
cred_t *cr);
|
||||
extern int zfs_secpolicy_destroy_perms(const char *name, cred_t *cr);
|
||||
extern int secpolicy_zfs(const cred_t *cr);
|
||||
extern zoneid_t getzoneid(void);
|
||||
|
||||
/* SID stuff */
|
||||
|
|
|
@ -12,7 +12,6 @@ libspl_HEADERS = \
|
|||
$(top_srcdir)/lib/libspl/include/limits.h \
|
||||
$(top_srcdir)/lib/libspl/include/locale.h \
|
||||
$(top_srcdir)/lib/libspl/include/note.h \
|
||||
$(top_srcdir)/lib/libspl/include/priv.h \
|
||||
$(top_srcdir)/lib/libspl/include/statcommon.h \
|
||||
$(top_srcdir)/lib/libspl/include/stdio.h \
|
||||
$(top_srcdir)/lib/libspl/include/stdlib.h \
|
||||
|
|
|
@ -1,46 +0,0 @@
|
|||
/*
|
||||
* CDDL HEADER START
|
||||
*
|
||||
* The contents of this file are subject to the terms of the
|
||||
* Common Development and Distribution License, Version 1.0 only
|
||||
* (the "License"). You may not use this file except in compliance
|
||||
* with the License.
|
||||
*
|
||||
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
* or http://www.opensolaris.org/os/licensing.
|
||||
* See the License for the specific language governing permissions
|
||||
* and limitations under the License.
|
||||
*
|
||||
* When distributing Covered Code, include this CDDL HEADER in each
|
||||
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
* If applicable, add the following below this CDDL HEADER, with the
|
||||
* fields enclosed by brackets "[]" replaced with your own identifying
|
||||
* information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
*
|
||||
* CDDL HEADER END
|
||||
*/
|
||||
/*
|
||||
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
|
||||
* Use is subject to license terms.
|
||||
*/
|
||||
|
||||
#ifndef _LIBSPL_PRIV_H
|
||||
#define _LIBSPL_PRIV_H
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
/* Couldn't find this definition in OpenGrok */
|
||||
#define PRIV_SYS_CONFIG "sys_config"
|
||||
|
||||
/*
|
||||
* priv_op_t indicates a privilege operation type
|
||||
*/
|
||||
typedef enum priv_op {
|
||||
PRIV_ON,
|
||||
PRIV_OFF,
|
||||
PRIV_SET
|
||||
} priv_op_t;
|
||||
|
||||
static inline boolean_t priv_ineffect(const char *priv) { return B_TRUE; }
|
||||
|
||||
#endif
|
|
@ -43,7 +43,6 @@
|
|||
#include <fcntl.h>
|
||||
#include <sys/mntent.h>
|
||||
#include <sys/mount.h>
|
||||
#include <priv.h>
|
||||
#include <pwd.h>
|
||||
#include <grp.h>
|
||||
#include <stddef.h>
|
||||
|
|
|
@ -1306,6 +1306,12 @@ zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
|
|||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
secpolicy_zfs(const cred_t *cr)
|
||||
{
|
||||
return (0);
|
||||
}
|
||||
|
||||
ksiddomain_t *
|
||||
ksid_lookupdomain(const char *dom)
|
||||
{
|
||||
|
|
|
@ -2933,6 +2933,11 @@ Force a rollback of the file system to the most recent snapshot before performin
|
|||
.sp .6
|
||||
.RS 4n
|
||||
Displays permissions that have been delegated on the specified filesystem or volume. See the other forms of \fBzfs allow\fR for more information.
|
||||
.sp
|
||||
Delegations are supported under Linux with the exception of \fBmount\fR,
|
||||
\fBunmount\fR, \fBmountpoint\fR, \fBcanmount\fR, \fBrename\fR, and \fBshare\fR.
|
||||
These permissions cannot be delegated because the Linux \fBmount(8)\fR command
|
||||
restricts modifications of the global namespace to the root user.
|
||||
.RE
|
||||
|
||||
.sp
|
||||
|
@ -3584,9 +3589,6 @@ If you are using \fBDNS\fR for host name resolution, specify the fully qualified
|
|||
.LP
|
||||
\fBExample 17 \fRDelegating ZFS Administration Permissions on a ZFS Dataset
|
||||
.sp
|
||||
.LP
|
||||
This is not currently supported on Linux.
|
||||
.sp
|
||||
The following example shows how to set permissions so that user \fBcindys\fR can create, destroy, mount, and take snapshots on \fBtank/cindys\fR. The permissions on \fBtank/cindys\fR are also displayed.
|
||||
|
||||
.sp
|
||||
|
|
|
@ -43,6 +43,7 @@ $(MODULE)-objs += lz4.o
|
|||
$(MODULE)-objs += metaslab.o
|
||||
$(MODULE)-objs += multilist.o
|
||||
$(MODULE)-objs += pathname.o
|
||||
$(MODULE)-objs += policy.o
|
||||
$(MODULE)-objs += range_tree.o
|
||||
$(MODULE)-objs += refcount.o
|
||||
$(MODULE)-objs += rrwlock.o
|
||||
|
|
|
@ -52,6 +52,7 @@
|
|||
#include <sys/zfs_onexit.h>
|
||||
#include <sys/dsl_destroy.h>
|
||||
#include <sys/vdev.h>
|
||||
#include <sys/policy.h>
|
||||
|
||||
/*
|
||||
* Needed to close a window in dnode_move() that allows the objset to be freed
|
||||
|
|
|
@ -56,6 +56,7 @@
|
|||
#include <sys/zfeature.h>
|
||||
#include <sys/bqueue.h>
|
||||
#include <sys/zvol.h>
|
||||
#include <sys/policy.h>
|
||||
|
||||
/* Set this tunable to TRUE to replace corrupt data with 0x2f5baddb10c */
|
||||
int zfs_send_corrupt_data = B_FALSE;
|
||||
|
|
|
@ -51,6 +51,7 @@
|
|||
#include <sys/dsl_destroy.h>
|
||||
#include <sys/dsl_userhold.h>
|
||||
#include <sys/dsl_bookmark.h>
|
||||
#include <sys/policy.h>
|
||||
|
||||
/*
|
||||
* The SPA supports block sizes up to 16MB. However, very large blocks
|
||||
|
|
|
@ -0,0 +1,303 @@
|
|||
/*
|
||||
* CDDL HEADER START
|
||||
*
|
||||
* The contents of this file are subject to the terms of the
|
||||
* Common Development and Distribution License (the "License").
|
||||
* You may not use this file except in compliance with the License.
|
||||
*
|
||||
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
* or http://www.opensolaris.org/os/licensing.
|
||||
* See the License for the specific language governing permissions
|
||||
* and limitations under the License.
|
||||
*
|
||||
* When distributing Covered Code, include this CDDL HEADER in each
|
||||
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
* If applicable, add the following below this CDDL HEADER, with the
|
||||
* fields enclosed by brackets "[]" replaced with your own identifying
|
||||
* information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
*
|
||||
* CDDL HEADER END
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright 2013, Joyent, Inc. All rights reserved.
|
||||
* Copyright (C) 2016 Lawrence Livermore National Security, LLC.
|
||||
*
|
||||
* For Linux the vast majority of this enforcement is already handled via
|
||||
* the standard Linux VFS permission checks. However certain administrative
|
||||
* commands which bypass the standard mechanisms may need to make use of
|
||||
* this functionality.
|
||||
*/
|
||||
|
||||
#include <sys/policy.h>
|
||||
#include <linux/security.h>
|
||||
#include <linux/vfs_compat.h>
|
||||
|
||||
/*
|
||||
* The passed credentials cannot be directly verified because Linux only
|
||||
* provides and interface to check the *current* proces credentials. In
|
||||
* order to handle this the capable() test is only run when the passed
|
||||
* credentials match the current process credentials or the kcred. In
|
||||
* all other cases this function must fail and return the passed err.
|
||||
*/
|
||||
static int
|
||||
priv_policy(const cred_t *cr, int capability, boolean_t all, int err)
|
||||
{
|
||||
ASSERT3S(all, ==, B_FALSE);
|
||||
|
||||
if (cr != CRED() && (cr != kcred))
|
||||
return (err);
|
||||
|
||||
if (!capable(capability))
|
||||
return (err);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Checks for operations that are either client-only or are used by
|
||||
* both clients and servers.
|
||||
*/
|
||||
int
|
||||
secpolicy_nfs(const cred_t *cr)
|
||||
{
|
||||
return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EPERM));
|
||||
}
|
||||
|
||||
/*
|
||||
* Catch all system configuration.
|
||||
*/
|
||||
int
|
||||
secpolicy_sys_config(const cred_t *cr, boolean_t checkonly)
|
||||
{
|
||||
return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EPERM));
|
||||
}
|
||||
|
||||
/*
|
||||
* Like secpolicy_vnode_access() but we get the actual wanted mode and the
|
||||
* current mode of the file, not the missing bits.
|
||||
*
|
||||
* Enforced in the Linux VFS.
|
||||
*/
|
||||
int
|
||||
secpolicy_vnode_access2(const cred_t *cr, struct inode *ip, uid_t owner,
|
||||
mode_t curmode, mode_t wantmode)
|
||||
{
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* This is a special routine for ZFS; it is used to determine whether
|
||||
* any of the privileges in effect allow any form of access to the
|
||||
* file. There's no reason to audit this or any reason to record
|
||||
* this. More work is needed to do the "KPLD" stuff.
|
||||
*/
|
||||
int
|
||||
secpolicy_vnode_any_access(const cred_t *cr, struct inode *ip, uid_t owner)
|
||||
{
|
||||
if (crgetuid(cr) == owner)
|
||||
return (0);
|
||||
|
||||
if (zpl_inode_owner_or_capable(ip))
|
||||
return (0);
|
||||
|
||||
if (priv_policy(cr, CAP_DAC_OVERRIDE, B_FALSE, EPERM) == 0)
|
||||
return (0);
|
||||
|
||||
if (priv_policy(cr, CAP_DAC_READ_SEARCH, B_FALSE, EPERM) == 0)
|
||||
return (0);
|
||||
|
||||
return (EPERM);
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine if subject can chown owner of a file.
|
||||
*/
|
||||
int
|
||||
secpolicy_vnode_chown(const cred_t *cr, uid_t owner)
|
||||
{
|
||||
if (crgetuid(cr) == owner)
|
||||
return (0);
|
||||
|
||||
return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM));
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine if subject can change group ownership of a file.
|
||||
*/
|
||||
int
|
||||
secpolicy_vnode_create_gid(const cred_t *cr)
|
||||
{
|
||||
return (priv_policy(cr, CAP_SETGID, B_FALSE, EPERM));
|
||||
}
|
||||
|
||||
/*
|
||||
* Policy determines whether we can remove an entry from a directory,
|
||||
* regardless of permission bits.
|
||||
*/
|
||||
int
|
||||
secpolicy_vnode_remove(const cred_t *cr)
|
||||
{
|
||||
return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM));
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine that subject can modify the mode of a file. allzone privilege
|
||||
* needed when modifying root owned object.
|
||||
*/
|
||||
int
|
||||
secpolicy_vnode_setdac(const cred_t *cr, uid_t owner)
|
||||
{
|
||||
if (crgetuid(cr) == owner)
|
||||
return (0);
|
||||
|
||||
return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM));
|
||||
}
|
||||
|
||||
/*
|
||||
* Are we allowed to retain the set-uid/set-gid bits when
|
||||
* changing ownership or when writing to a file?
|
||||
* "issuid" should be true when set-uid; only in that case
|
||||
* root ownership is checked (setgid is assumed).
|
||||
*
|
||||
* Enforced in the Linux VFS.
|
||||
*/
|
||||
int
|
||||
secpolicy_vnode_setid_retain(const cred_t *cr, boolean_t issuidroot)
|
||||
{
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine that subject can set the file setgid flag.
|
||||
*/
|
||||
int
|
||||
secpolicy_vnode_setids_setgids(const cred_t *cr, gid_t gid)
|
||||
{
|
||||
if (!groupmember(gid, cr))
|
||||
return (priv_policy(cr, CAP_FSETID, B_FALSE, EPERM));
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine if the subject can inject faults in the ZFS fault injection
|
||||
* framework. Requires all privileges.
|
||||
*/
|
||||
int
|
||||
secpolicy_zinject(const cred_t *cr)
|
||||
{
|
||||
return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EACCES));
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine if the subject has permission to manipulate ZFS datasets
|
||||
* (not pools). Equivalent to the SYS_MOUNT privilege.
|
||||
*/
|
||||
int
|
||||
secpolicy_zfs(const cred_t *cr)
|
||||
{
|
||||
return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EACCES));
|
||||
}
|
||||
|
||||
void
|
||||
secpolicy_setid_clear(vattr_t *vap, cred_t *cr)
|
||||
{
|
||||
if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0 &&
|
||||
secpolicy_vnode_setid_retain(cr,
|
||||
(vap->va_mode & S_ISUID) != 0 &&
|
||||
(vap->va_mask & AT_UID) != 0 && vap->va_uid == 0) != 0) {
|
||||
vap->va_mask |= AT_MODE;
|
||||
vap->va_mode &= ~(S_ISUID|S_ISGID);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine that subject can set the file setid flags.
|
||||
*/
|
||||
static int
|
||||
secpolicy_vnode_setid_modify(const cred_t *cr, uid_t owner)
|
||||
{
|
||||
if (crgetuid(cr) == owner)
|
||||
return (0);
|
||||
|
||||
return (priv_policy(cr, CAP_FSETID, B_FALSE, EPERM));
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine that subject can make a file a "sticky".
|
||||
*
|
||||
* Enforced in the Linux VFS.
|
||||
*/
|
||||
static int
|
||||
secpolicy_vnode_stky_modify(const cred_t *cr)
|
||||
{
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
secpolicy_setid_setsticky_clear(struct inode *ip, vattr_t *vap,
|
||||
const vattr_t *ovap, cred_t *cr)
|
||||
{
|
||||
int error;
|
||||
|
||||
if ((vap->va_mode & S_ISUID) != 0 &&
|
||||
(error = secpolicy_vnode_setid_modify(cr,
|
||||
ovap->va_uid)) != 0) {
|
||||
return (error);
|
||||
}
|
||||
|
||||
/*
|
||||
* Check privilege if attempting to set the
|
||||
* sticky bit on a non-directory.
|
||||
*/
|
||||
if (!S_ISDIR(ip->i_mode) && (vap->va_mode & S_ISVTX) != 0 &&
|
||||
secpolicy_vnode_stky_modify(cr) != 0) {
|
||||
vap->va_mode &= ~S_ISVTX;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check for privilege if attempting to set the
|
||||
* group-id bit.
|
||||
*/
|
||||
if ((vap->va_mode & S_ISGID) != 0 &&
|
||||
secpolicy_vnode_setids_setgids(cr, ovap->va_gid) != 0) {
|
||||
vap->va_mode &= ~S_ISGID;
|
||||
}
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Check privileges for setting xvattr attributes
|
||||
*/
|
||||
int
|
||||
secpolicy_xvattr(xvattr_t *xvap, uid_t owner, cred_t *cr, vtype_t vtype)
|
||||
{
|
||||
return (secpolicy_vnode_chown(cr, owner));
|
||||
}
|
||||
|
||||
/*
|
||||
* Check privileges for setattr attributes.
|
||||
*
|
||||
* Enforced in the Linux VFS.
|
||||
*/
|
||||
int
|
||||
secpolicy_vnode_setattr(cred_t *cr, struct inode *ip, struct vattr *vap,
|
||||
const struct vattr *ovap, int flags,
|
||||
int unlocked_access(void *, int, cred_t *), void *node)
|
||||
{
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Check privileges for links.
|
||||
*
|
||||
* Enforced in the Linux VFS.
|
||||
*/
|
||||
int
|
||||
secpolicy_basic_link(const cred_t *cr)
|
||||
{
|
||||
return (0);
|
||||
}
|
|
@ -1744,9 +1744,7 @@ zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr,
|
|||
int error;
|
||||
zfs_sb_t *zsb = ZTOZSB(dzp);
|
||||
zfs_acl_t *paclp;
|
||||
#ifdef HAVE_KSID
|
||||
gid_t gid;
|
||||
#endif /* HAVE_KSID */
|
||||
boolean_t need_chmod = B_TRUE;
|
||||
boolean_t inherited = B_FALSE;
|
||||
|
||||
|
@ -1760,7 +1758,6 @@ zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr,
|
|||
|
||||
acl_ids->z_fuid = vap->va_uid;
|
||||
acl_ids->z_fgid = vap->va_gid;
|
||||
#ifdef HAVE_KSID
|
||||
/*
|
||||
* Determine uid and gid.
|
||||
*/
|
||||
|
@ -1812,7 +1809,6 @@ zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr,
|
|||
}
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_KSID */
|
||||
|
||||
/*
|
||||
* If we're creating a directory, and the parent directory has the
|
||||
|
|
|
@ -109,7 +109,7 @@ static krwlock_t zfs_snapshot_lock;
|
|||
* Control Directory Tunables (.zfs)
|
||||
*/
|
||||
int zfs_expire_snapshot = ZFSCTL_EXPIRE_SNAPSHOT;
|
||||
int zfs_admin_snapshot = 0;
|
||||
int zfs_admin_snapshot = 1;
|
||||
|
||||
/*
|
||||
* Dedicated task queue for unmounting snapshots.
|
||||
|
@ -490,7 +490,7 @@ zfsctl_inode_alloc(zfs_sb_t *zsb, uint64_t id,
|
|||
zp->z_is_stale = B_FALSE;
|
||||
ip->i_generation = 0;
|
||||
ip->i_ino = id;
|
||||
ip->i_mode = (S_IFDIR | S_IRUGO | S_IXUGO);
|
||||
ip->i_mode = (S_IFDIR | S_IRWXUGO);
|
||||
ip->i_uid = SUID_TO_KUID(0);
|
||||
ip->i_gid = SGID_TO_KGID(0);
|
||||
ip->i_blkbits = SPA_MINBLOCKSHIFT;
|
||||
|
|
|
@ -488,7 +488,6 @@ zfs_fuid_node_add(zfs_fuid_info_t **fuidpp, const char *domain, uint32_t rid,
|
|||
}
|
||||
}
|
||||
|
||||
#ifdef HAVE_KSID
|
||||
/*
|
||||
* Create a file system FUID, based on information in the users cred
|
||||
*
|
||||
|
@ -501,6 +500,7 @@ uint64_t
|
|||
zfs_fuid_create_cred(zfs_sb_t *zsb, zfs_fuid_type_t type,
|
||||
cred_t *cr, zfs_fuid_info_t **fuidp)
|
||||
{
|
||||
#ifdef HAVE_KSID
|
||||
uint64_t idx;
|
||||
ksid_t *ksid;
|
||||
uint32_t rid;
|
||||
|
@ -540,8 +540,12 @@ zfs_fuid_create_cred(zfs_sb_t *zsb, zfs_fuid_type_t type,
|
|||
zfs_fuid_node_add(fuidp, kdomain, rid, idx, id, type);
|
||||
|
||||
return (FUID_ENCODE(idx, rid));
|
||||
}
|
||||
#else
|
||||
VERIFY(type == ZFS_OWNER || type == ZFS_GROUP);
|
||||
|
||||
return ((uint64_t)((type == ZFS_OWNER) ? crgetuid(cr) : crgetgid(cr)));
|
||||
#endif /* HAVE_KSID */
|
||||
}
|
||||
|
||||
/*
|
||||
* Create a file system FUID for an ACL ace
|
||||
|
|
|
@ -186,12 +186,19 @@
|
|||
#include <sys/zfeature.h>
|
||||
|
||||
#include <linux/miscdevice.h>
|
||||
#include <linux/slab.h>
|
||||
|
||||
#include "zfs_namecheck.h"
|
||||
#include "zfs_prop.h"
|
||||
#include "zfs_deleg.h"
|
||||
#include "zfs_comutil.h"
|
||||
|
||||
/*
|
||||
* Limit maximum nvlist size. We don't want users passing in insane values
|
||||
* for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
|
||||
*/
|
||||
#define MAX_NVLIST_SRC_SIZE KMALLOC_MAX_SIZE
|
||||
|
||||
kmutex_t zfsdev_state_lock;
|
||||
zfsdev_state_t *zfsdev_state_list;
|
||||
|
||||
|
@ -3182,8 +3189,25 @@ zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
|
|||
if (error == 0) {
|
||||
error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
|
||||
nvprops, outnvl);
|
||||
if (error != 0)
|
||||
(void) dsl_destroy_head(fsname);
|
||||
if (error != 0) {
|
||||
spa_t *spa;
|
||||
int error2;
|
||||
|
||||
/*
|
||||
* Volumes will return EBUSY and cannot be destroyed
|
||||
* until all asynchronous minor handling has completed.
|
||||
* Wait for the spa_zvol_taskq to drain then retry.
|
||||
*/
|
||||
error2 = dsl_destroy_head(fsname);
|
||||
while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
|
||||
error2 = spa_open(fsname, &spa, FTAG);
|
||||
if (error2 == 0) {
|
||||
taskq_wait(spa->spa_zvol_taskq);
|
||||
spa_close(spa, FTAG);
|
||||
}
|
||||
error2 = dsl_destroy_head(fsname);
|
||||
}
|
||||
}
|
||||
}
|
||||
return (error);
|
||||
}
|
||||
|
@ -5795,7 +5819,23 @@ zfsdev_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
|
|||
}
|
||||
|
||||
zc->zc_iflags = flag & FKIOCTL;
|
||||
if (zc->zc_nvlist_src_size != 0) {
|
||||
if (zc->zc_nvlist_src_size > MAX_NVLIST_SRC_SIZE) {
|
||||
/*
|
||||
* Make sure the user doesn't pass in an insane value for
|
||||
* zc_nvlist_src_size. We have to check, since we will end
|
||||
* up allocating that much memory inside of get_nvlist(). This
|
||||
* prevents a nefarious user from allocating tons of kernel
|
||||
* memory.
|
||||
*
|
||||
* Also, we return EINVAL instead of ENOMEM here. The reason
|
||||
* being that returning ENOMEM from an ioctl() has a special
|
||||
* connotation; that the user's size value is too small and
|
||||
* needs to be expanded to hold the nvlist. See
|
||||
* zcmd_expand_dst_nvlist() for details.
|
||||
*/
|
||||
error = SET_ERROR(EINVAL); /* User's size too big */
|
||||
|
||||
} else if (zc->zc_nvlist_src_size != 0) {
|
||||
error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
|
||||
zc->zc_iflags, &innvl);
|
||||
if (error != 0)
|
||||
|
|
|
@ -148,17 +148,6 @@ populate() {
|
|||
}
|
||||
|
||||
init() {
|
||||
# Disable the udev rule 90-zfs.rules to prevent the zfs module
|
||||
# stack from being loaded due to the detection of a zfs device.
|
||||
# This is important because the test scripts require full control
|
||||
# over when and how the modules are loaded/unloaded. A trap is
|
||||
# set to ensure the udev rule is correctly replaced on exit.
|
||||
local RULE=${udevruledir}/90-zfs.rules
|
||||
if test -e ${RULE}; then
|
||||
trap "mv ${RULE}.disabled ${RULE}" INT TERM EXIT
|
||||
mv ${RULE} ${RULE}.disabled
|
||||
fi
|
||||
|
||||
# Create a random directory tree of files and sub-directories to
|
||||
# to act as a copy source for the various regression tests.
|
||||
SRC_DIR=`mktemp -d -p /var/tmp/ zfs.src.XXXXXXXX`
|
||||
|
|
|
@ -63,6 +63,17 @@ fi
|
|||
# Initialize the test suite
|
||||
init
|
||||
|
||||
# Disable the udev rule 90-zfs.rules to prevent the zfs module
|
||||
# stack from being loaded due to the detection of a zfs device.
|
||||
# This is important because this test scripts require full control
|
||||
# over when and how the modules are loaded/unloaded. A trap is
|
||||
# set to ensure the udev rule is correctly replaced on exit.
|
||||
RULE=${udevruledir}/90-zfs.rules
|
||||
if test -e ${RULE}; then
|
||||
trap "mv ${RULE}.disabled ${RULE}" INT TERM EXIT
|
||||
mv ${RULE} ${RULE}.disabled
|
||||
fi
|
||||
|
||||
# Perform pre-cleanup is requested
|
||||
if [ ${CLEANUP} ]; then
|
||||
${ZFS_SH} -u
|
||||
|
|
|
@ -19,10 +19,11 @@ post_user = root
|
|||
post = cleanup
|
||||
outputdir = /var/tmp/test_results
|
||||
|
||||
# DISABLED:
|
||||
# posix_001_pos - needs investigation
|
||||
# DISABLED: update to use ZFS_ACL_* variables and user_run helper.
|
||||
# posix_001_pos
|
||||
# posix_002_pos
|
||||
[tests/functional/acl/posix]
|
||||
tests = ['posix_002_pos', 'posix_003_pos']
|
||||
tests = ['posix_003_pos']
|
||||
|
||||
[tests/functional/atime]
|
||||
tests = ['atime_001_pos', 'atime_002_neg', 'atime_003_pos']
|
||||
|
@ -346,34 +347,39 @@ tests = ['zpool_status_001_pos', 'zpool_status_002_pos']
|
|||
# 'zpool_upgrade_006_neg', 'zpool_upgrade_007_pos', 'zpool_upgrade_008_pos',
|
||||
# 'zpool_upgrade_009_neg']
|
||||
|
||||
# DISABLED: nested pools
|
||||
#[tests/functional/cli_user/misc]
|
||||
#tests = ['zdb_001_neg', 'zfs_001_neg', 'zfs_allow_001_neg',
|
||||
# 'zfs_clone_001_neg', 'zfs_create_001_neg', 'zfs_destroy_001_neg',
|
||||
# 'zfs_get_001_neg', 'zfs_inherit_001_neg', 'zfs_mount_001_neg',
|
||||
# 'zfs_promote_001_neg', 'zfs_receive_001_neg', 'zfs_rename_001_neg',
|
||||
# 'zfs_rollback_001_neg', 'zfs_send_001_neg', 'zfs_set_001_neg',
|
||||
# 'zfs_share_001_neg', 'zfs_snapshot_001_neg', 'zfs_unallow_001_neg',
|
||||
# 'zfs_unmount_001_neg', 'zfs_unshare_001_neg', 'zfs_upgrade_001_neg',
|
||||
# 'zpool_001_neg', 'zpool_add_001_neg', 'zpool_attach_001_neg',
|
||||
# 'zpool_clear_001_neg', 'zpool_create_001_neg', 'zpool_destroy_001_neg',
|
||||
# 'zpool_detach_001_neg', 'zpool_export_001_neg', 'zpool_get_001_neg',
|
||||
# 'zpool_history_001_neg', 'zpool_import_001_neg', 'zpool_import_002_neg',
|
||||
# 'zpool_offline_001_neg', 'zpool_online_001_neg', 'zpool_remove_001_neg',
|
||||
# 'zpool_replace_001_neg', 'zpool_scrub_001_neg', 'zpool_set_001_neg',
|
||||
# 'zpool_status_001_neg', 'zpool_upgrade_001_neg']
|
||||
#user = zfs-tests
|
||||
# DISABLED:
|
||||
# zfs_share_001_neg - requires additional dependencies
|
||||
# zfs_unshare_001_neg - requires additional dependencies
|
||||
[tests/functional/cli_user/misc]
|
||||
tests = ['zdb_001_neg', 'zfs_001_neg', 'zfs_allow_001_neg',
|
||||
'zfs_clone_001_neg', 'zfs_create_001_neg', 'zfs_destroy_001_neg',
|
||||
'zfs_get_001_neg', 'zfs_inherit_001_neg', 'zfs_mount_001_neg',
|
||||
'zfs_promote_001_neg', 'zfs_receive_001_neg', 'zfs_rename_001_neg',
|
||||
'zfs_rollback_001_neg', 'zfs_send_001_neg', 'zfs_set_001_neg',
|
||||
'zfs_snapshot_001_neg', 'zfs_unallow_001_neg',
|
||||
'zfs_unmount_001_neg', 'zfs_upgrade_001_neg',
|
||||
'zpool_001_neg', 'zpool_add_001_neg', 'zpool_attach_001_neg',
|
||||
'zpool_clear_001_neg', 'zpool_create_001_neg', 'zpool_destroy_001_neg',
|
||||
'zpool_detach_001_neg', 'zpool_export_001_neg', 'zpool_get_001_neg',
|
||||
'zpool_history_001_neg', 'zpool_import_001_neg', 'zpool_import_002_neg',
|
||||
'zpool_offline_001_neg', 'zpool_online_001_neg', 'zpool_remove_001_neg',
|
||||
'zpool_replace_001_neg', 'zpool_scrub_001_neg', 'zpool_set_001_neg',
|
||||
'zpool_status_001_neg', 'zpool_upgrade_001_neg']
|
||||
user =
|
||||
|
||||
[tests/functional/cli_user/zfs_list]
|
||||
tests = ['zfs_list_001_pos', 'zfs_list_002_pos', 'zfs_list_003_pos',
|
||||
'zfs_list_004_neg', 'zfs_list_007_pos', 'zfs_list_008_neg']
|
||||
user =
|
||||
|
||||
[tests/functional/cli_user/zpool_iostat]
|
||||
tests = ['zpool_iostat_001_neg', 'zpool_iostat_002_pos',
|
||||
'zpool_iostat_003_neg', 'zpool_iostat_004_pos']
|
||||
user =
|
||||
|
||||
[tests/functional/cli_user/zpool_list]
|
||||
tests = ['zpool_list_001_pos', 'zpool_list_002_neg']
|
||||
user =
|
||||
|
||||
[tests/functional/compression]
|
||||
tests = ['compress_001_pos', 'compress_002_pos', 'compress_003_pos',
|
||||
|
@ -382,15 +388,14 @@ tests = ['compress_001_pos', 'compress_002_pos', 'compress_003_pos',
|
|||
[tests/functional/ctime]
|
||||
tests = ['ctime_001_pos' ]
|
||||
|
||||
# DISABLED: Linux does not yet support delegations.
|
||||
#[tests/functional/delegate]
|
||||
#tests = ['zfs_allow_001_pos', 'zfs_allow_002_pos',
|
||||
# 'zfs_allow_004_pos', 'zfs_allow_005_pos', 'zfs_allow_006_pos',
|
||||
# 'zfs_allow_007_pos', 'zfs_allow_008_pos', 'zfs_allow_009_neg',
|
||||
# 'zfs_allow_010_pos', 'zfs_allow_011_neg', 'zfs_allow_012_neg',
|
||||
# 'zfs_unallow_001_pos', 'zfs_unallow_002_pos', 'zfs_unallow_003_pos',
|
||||
# 'zfs_unallow_004_pos', 'zfs_unallow_005_pos', 'zfs_unallow_006_pos',
|
||||
# 'zfs_unallow_007_neg', 'zfs_unallow_008_neg']
|
||||
[tests/functional/delegate]
|
||||
tests = ['zfs_allow_001_pos', 'zfs_allow_002_pos',
|
||||
'zfs_allow_004_pos', 'zfs_allow_005_pos', 'zfs_allow_006_pos',
|
||||
'zfs_allow_007_pos', 'zfs_allow_008_pos', 'zfs_allow_009_neg',
|
||||
'zfs_allow_010_pos', 'zfs_allow_011_neg', 'zfs_allow_012_neg',
|
||||
'zfs_unallow_001_pos', 'zfs_unallow_002_pos', 'zfs_unallow_003_pos',
|
||||
'zfs_unallow_004_pos', 'zfs_unallow_005_pos', 'zfs_unallow_006_pos',
|
||||
'zfs_unallow_007_neg', 'zfs_unallow_008_neg']
|
||||
|
||||
# DISABLED:
|
||||
# devices_001_pos - needs investigation
|
||||
|
|
|
@ -158,6 +158,10 @@ class Cmd(object):
|
|||
me = getpwuid(os.getuid())
|
||||
|
||||
if not user or user is me:
|
||||
if os.path.isfile(cmd+'.ksh') and os.access(cmd+'.ksh', os.X_OK):
|
||||
cmd += '.ksh'
|
||||
if os.path.isfile(cmd+'.sh') and os.access(cmd+'.sh', os.X_OK):
|
||||
cmd += '.sh'
|
||||
return cmd
|
||||
|
||||
if not os.path.isfile(cmd):
|
||||
|
@ -207,10 +211,11 @@ class Cmd(object):
|
|||
except OSError, e:
|
||||
fail('%s' % e)
|
||||
|
||||
try:
|
||||
self.result.starttime = time()
|
||||
proc = Popen(privcmd, stdout=PIPE, stderr=PIPE)
|
||||
t = Timer(int(self.timeout), self.kill_cmd, [proc])
|
||||
|
||||
try:
|
||||
t.start()
|
||||
self.result.stdout, self.result.stderr = self.collect_output(proc)
|
||||
except KeyboardInterrupt:
|
||||
|
|
|
@ -1876,6 +1876,14 @@ function add_user #<group_name> <user_name> <basedir>
|
|||
|
||||
log_must $USERADD -g $gname -d $basedir/$uname -m $uname
|
||||
|
||||
# Add new users to the same group and the command line utils.
|
||||
# This allows them to be run out of the original users home
|
||||
# directory as long as it permissioned to be group readable.
|
||||
if is_linux; then
|
||||
cmd_group=$(stat --format="%G" $ZFS)
|
||||
log_must $USERMOD -a -G $cmd_group $uname
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
|
@ -1919,15 +1927,11 @@ function add_group #<group_name>
|
|||
# Assign 100 as the base gid, a larger value is selected for
|
||||
# Linux because for many distributions 1000 and under are reserved.
|
||||
if is_linux; then
|
||||
typeset -i gid=1500
|
||||
|
||||
while true; do
|
||||
$GROUPADD -g $gid $group > /dev/null 2>&1
|
||||
$GROUPADD $group > /dev/null 2>&1
|
||||
typeset -i ret=$?
|
||||
case $ret in
|
||||
0) return 0 ;;
|
||||
# The gid is not unique
|
||||
9) ((gid += 1)) ;;
|
||||
*) return 1 ;;
|
||||
esac
|
||||
done
|
||||
|
@ -2592,6 +2596,7 @@ function user_run
|
|||
typeset user=$1
|
||||
shift
|
||||
|
||||
log_note "user:$user $@"
|
||||
eval \$SU \$user -c \"$@\" > /tmp/out 2>/tmp/err
|
||||
return $?
|
||||
}
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
if poolexists $TESTPOOL.virt
|
||||
then
|
||||
|
|
|
@ -28,33 +28,59 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
# these are the set of setable ZFS properties
|
||||
PROP_NAMES="\
|
||||
if is_linux; then
|
||||
# these are the set of setable ZFS properties
|
||||
PROP_NAMES="\
|
||||
aclinherit acltype atime \
|
||||
checksum compression devices \
|
||||
exec mountpoint quota readonly \
|
||||
recordsize reservation setuid \
|
||||
snapdir"
|
||||
|
||||
# these are a set of values we apply, for use when testing the
|
||||
# zfs get/set subcommands - ordered as per the list above so we
|
||||
# can iterate over both sets in an array
|
||||
PROP_VALS="\
|
||||
secure posixacl on \
|
||||
fletcher2 on on \
|
||||
on legacy none on \
|
||||
128k none on \
|
||||
visible"
|
||||
|
||||
# these are an alternate set of property values
|
||||
PROP_ALTVALS="\
|
||||
noallow noacl off \
|
||||
fletcher4 lzjb off \
|
||||
off /tmp/zfstest 100m off \
|
||||
512 10m off \
|
||||
hidden"
|
||||
else
|
||||
# these are the set of setable ZFS properties
|
||||
PROP_NAMES="\
|
||||
aclinherit aclmode atime \
|
||||
checksum compression devices \
|
||||
exec mountpoint quota readonly \
|
||||
recordsize reservation setuid sharenfs \
|
||||
snapdir"
|
||||
|
||||
# these are a set of values we apply, for use when testing the
|
||||
# zfs get/set subcommands - ordered as per the list above so we
|
||||
# can iterate over both sets in an array
|
||||
PROP_VALS="\
|
||||
# these are a set of values we apply, for use when testing the
|
||||
# zfs get/set subcommands - ordered as per the list above so we
|
||||
# can iterate over both sets in an array
|
||||
PROP_VALS="\
|
||||
secure discard on \
|
||||
fletcher2 on on \
|
||||
on legacy none on \
|
||||
128k none on on \
|
||||
visible"
|
||||
|
||||
# these are an alternate set of property values
|
||||
PROP_ALTVALS="\
|
||||
noallow groupmask off \
|
||||
# these are an alternate set of property values
|
||||
PROP_ALTVALS="\
|
||||
noallow noacl off \
|
||||
fletcher4 lzjb off \
|
||||
off /tmp/zfstest 100m off \
|
||||
512 10m off off \
|
||||
hidden"
|
||||
|
||||
|
||||
fi
|
||||
|
||||
# additional properties to worry about: canmount copies xattr zoned version
|
||||
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
# This setup script is moderately complex, as it creates scenarios for all
|
||||
# of the tests included in this directory. Usually we'd want each test case
|
||||
|
@ -95,7 +95,7 @@ done
|
|||
log_must $ZFS create $TESTPOOL/$TESTFS/renameme
|
||||
|
||||
|
||||
if is_global_zone
|
||||
if is_global_zone && !is_linux
|
||||
then
|
||||
# create a filesystem we can share
|
||||
log_must $ZFS create $TESTPOOL/$TESTFS/unshared
|
||||
|
@ -153,7 +153,7 @@ then
|
|||
done
|
||||
|
||||
# copy a v1 pool from cli_root
|
||||
$CP $STF_SUITE/tests/functional/cli_root/zpool_upgrade/blockfiles/zfs-pool-v1.dat.bz2 \
|
||||
$CP $STF_SUITE/tests/functional/cli_root/zpool_upgrade/zfs-pool-v1.dat.bz2 \
|
||||
/$TESTDIR
|
||||
log_must $BUNZIP2 /$TESTDIR/zfs-pool-v1.dat.bz2
|
||||
log_must $ZPOOL import -d /$TESTDIR v1-pool
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
@ -50,13 +50,21 @@ ADD_DISK="${ADD_DISK##* }"
|
|||
[[ -z $ADD_DISK ]] && \
|
||||
log_fail "No spare disks available."
|
||||
|
||||
set -A args "add" "add -f" "add -n" \
|
||||
# Under Linux dry-run commands have no legitimate reason to fail.
|
||||
if is_linux; then
|
||||
set -A args "add" "add -f" "add -n" \
|
||||
"add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \
|
||||
"add -fn $TESTPOOL" "add -nf $TESTPOOL" \
|
||||
"add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK"
|
||||
else
|
||||
set -A args "add" "add -f" "add -n" \
|
||||
"add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \
|
||||
"add -fn $TESTPOOL" "add -nf $TESTPOOL" \
|
||||
"add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK" \
|
||||
"add -n $TESTPOOL $ADD_DISK" \
|
||||
"add -fn $TESTPOOL $ADD_DISK" \
|
||||
"add -nf $TESTPOOL $ADD_DISK" \
|
||||
"add -nf $TESTPOOL $ADD_DISK"
|
||||
fi
|
||||
|
||||
log_assert "zpool add [-fn] pool_name vdev"
|
||||
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
@ -50,13 +50,21 @@ ADD_DISK="${ADD_DISK##* }"
|
|||
[[ -z $ADD_DISK ]] && \
|
||||
log_fail "No spare disks available."
|
||||
|
||||
set -A args "create" "create -f" "create -n" \
|
||||
# Under Linux dry-run commands have no legitimate reason to fail.
|
||||
if is_linux; then
|
||||
set -A args "create" "create -f" "create -n" \
|
||||
"create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \
|
||||
"create -fn $TESTPOOL" "create -nf $TESTPOOL" \
|
||||
"create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK"
|
||||
else
|
||||
set -A args "create" "create -f" "create -n" \
|
||||
"create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \
|
||||
"create -fn $TESTPOOL" "create -nf $TESTPOOL" \
|
||||
"create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK" \
|
||||
"create -n $TESTPOOL $ADD_DISK" \
|
||||
"create -fn $TESTPOOL $ADD_DISK" \
|
||||
"create -nf $TESTPOOL $ADD_DISK"
|
||||
fi
|
||||
|
||||
log_assert "zpool create [-fn] pool_name vdev"
|
||||
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
|
|
|
@ -29,14 +29,17 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
cleanup_user_group
|
||||
|
||||
# restore the state of svc:/network/nis/client:default
|
||||
if [[ -e $NISSTAFILE ]]; then
|
||||
if ! is_linux; then
|
||||
# restore the state of svc:/network/nis/client:default
|
||||
if [[ -e $NISSTAFILE ]]; then
|
||||
log_must $SVCADM enable svc:/network/nis/client:default
|
||||
log_must $RM -f $NISSTAFILE
|
||||
fi
|
||||
fi
|
||||
|
||||
default_cleanup
|
||||
|
|
|
@ -40,9 +40,22 @@ export OTHER2=other2
|
|||
|
||||
export EVERYONE="$STAFF1 $STAFF2 $OTHER1 $OTHER2"
|
||||
|
||||
export LOCAL_SET="snapshot"
|
||||
export LOCAL_DESC_SET="readonly,checksum"
|
||||
export DESC_SET="compression"
|
||||
#
|
||||
# 'readonly' is disabled for Linux because it requires remounting the
|
||||
# filesystem which is restricted to root for older versions of mount(8).
|
||||
#
|
||||
if is_linux; then
|
||||
LOCAL_SET="snapshot"
|
||||
LOCAL_DESC_SET="checksum"
|
||||
DESC_SET="compression"
|
||||
else
|
||||
LOCAL_SET="snapshot"
|
||||
LOCAL_DESC_SET="readonly,checksum"
|
||||
DESC_SET="compression"
|
||||
fi
|
||||
export LOCAL_SET
|
||||
export LOCAL_DESC_SET
|
||||
export DESC_SET
|
||||
|
||||
export TESTVOL=testvol.delegate
|
||||
export VOLSIZE=150m
|
||||
|
|
|
@ -63,6 +63,7 @@ function restore_root_datasets
|
|||
log_must $ZFS destroy -Rf $ROOT_TESTVOL
|
||||
fi
|
||||
log_must $ZFS create -V $VOLSIZE $ROOT_TESTVOL
|
||||
block_device_wait
|
||||
fi
|
||||
|
||||
return 0
|
||||
|
@ -101,6 +102,7 @@ function verify_perm
|
|||
ret=$?
|
||||
fi
|
||||
|
||||
log_note "Check $type $user $perm $dtst"
|
||||
if ((ret != 0)) ; then
|
||||
log_note "Fail: $user should have $perm " \
|
||||
"on $dtst"
|
||||
|
@ -376,7 +378,7 @@ function verify_send
|
|||
typeset dtst=$3
|
||||
|
||||
typeset oldval
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset snap=$dtst@snap.$stamp
|
||||
|
||||
typeset -i ret=1
|
||||
|
@ -405,7 +407,7 @@ function verify_fs_receive
|
|||
typeset fs=$3
|
||||
|
||||
typeset dtst
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset newfs=$fs/newfs.$stamp
|
||||
typeset newvol=$fs/newvol.$stamp
|
||||
typeset bak_user=/tmp/bak.$user.$stamp
|
||||
|
@ -415,6 +417,7 @@ function verify_fs_receive
|
|||
typeset datasets="$newfs"
|
||||
if is_global_zone ; then
|
||||
log_must $ZFS create -V $VOLSIZE $newvol
|
||||
block_device_wait
|
||||
datasets="$newfs $newvol"
|
||||
fi
|
||||
|
||||
|
@ -476,7 +479,7 @@ function verify_userprop
|
|||
typeset perm=$2
|
||||
typeset dtst=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
|
||||
user_run $user $ZFS set "$user:ts=$stamp" $dtst
|
||||
if [[ $stamp != $(get_prop "$user:ts" $dtst) ]]; then
|
||||
|
@ -560,7 +563,7 @@ function verify_fs_create
|
|||
typeset perm=$2
|
||||
typeset fs=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset newfs=$fs/nfs.$stamp
|
||||
typeset newvol=$fs/nvol.$stamp
|
||||
|
||||
|
@ -581,6 +584,7 @@ function verify_fs_create
|
|||
if is_global_zone ; then
|
||||
# mount permission is required for sparse volume
|
||||
user_run $user $ZFS create -V 150m -s $newvol
|
||||
block_device_wait
|
||||
if datasetexists $newvol ; then
|
||||
return 1
|
||||
fi
|
||||
|
@ -591,17 +595,22 @@ function verify_fs_create
|
|||
if ! datasetexists $newvol ; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
block_device_wait
|
||||
log_must $ZFS destroy $newvol
|
||||
block_device_wait
|
||||
|
||||
# mount and reserveration permission are
|
||||
# required for normal volume
|
||||
user_run $user $ZFS create -V 150m $newvol
|
||||
block_device_wait
|
||||
if datasetexists $newvol ; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
log_must $ZFS allow $user mount $fs
|
||||
user_run $user $ZFS create -V 150m $newvol
|
||||
block_device_wait
|
||||
log_must $ZFS unallow $user mount $fs
|
||||
if datasetexists $newvol ; then
|
||||
return 1
|
||||
|
@ -609,6 +618,7 @@ function verify_fs_create
|
|||
|
||||
log_must $ZFS allow $user reservation $fs
|
||||
user_run $user $ZFS create -V 150m $newvol
|
||||
block_device_wait
|
||||
log_must $ZFS unallow $user reservation $fs
|
||||
if datasetexists $newvol ; then
|
||||
return 1
|
||||
|
@ -616,6 +626,7 @@ function verify_fs_create
|
|||
|
||||
log_must $ZFS allow $user refreservation $fs
|
||||
user_run $user $ZFS create -V 150m $newvol
|
||||
block_device_wait
|
||||
log_must $ZFS unallow $user refreservation $fs
|
||||
if datasetexists $newvol ; then
|
||||
return 1
|
||||
|
@ -631,7 +642,10 @@ function verify_fs_create
|
|||
if ! datasetexists $newvol ; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
block_device_wait
|
||||
log_must $ZFS destroy $newvol
|
||||
block_device_wait
|
||||
fi
|
||||
|
||||
return 0
|
||||
|
@ -677,7 +691,7 @@ function verify_fs_snapshot
|
|||
typeset perm=$2
|
||||
typeset fs=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset snap=$fs@snap.$stamp
|
||||
typeset mntpt=$(get_prop mountpoint $fs)
|
||||
|
||||
|
@ -718,7 +732,7 @@ function verify_fs_rollback
|
|||
typeset fs=$3
|
||||
|
||||
typeset oldval
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset snap=$fs@snap.$stamp
|
||||
typeset mntpt=$(get_prop mountpoint $fs)
|
||||
|
||||
|
@ -751,7 +765,7 @@ function verify_fs_clone
|
|||
typeset perm=$2
|
||||
typeset fs=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset basefs=${fs%/*}
|
||||
typeset snap=$fs@snap.$stamp
|
||||
typeset clone=$basefs/cfs.$stamp
|
||||
|
@ -796,7 +810,7 @@ function verify_fs_rename
|
|||
typeset perm=$2
|
||||
typeset fs=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset basefs=${fs%/*}
|
||||
typeset snap=$fs@snap.$stamp
|
||||
typeset renamefs=$basefs/nfs.$stamp
|
||||
|
@ -879,7 +893,7 @@ function verify_fs_mount
|
|||
typeset perm=$2
|
||||
typeset fs=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset mntpt=$(get_prop mountpoint $fs)
|
||||
typeset newmntpt=/tmp/mnt.$stamp
|
||||
|
||||
|
@ -947,7 +961,7 @@ function verify_fs_mountpoint
|
|||
typeset perm=$2
|
||||
typeset fs=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset mntpt=$(get_prop mountpoint $fs)
|
||||
typeset newmntpt=/tmp/mnt.$stamp
|
||||
|
||||
|
@ -986,7 +1000,7 @@ function verify_fs_promote
|
|||
typeset perm=$2
|
||||
typeset fs=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset basefs=${fs%/*}
|
||||
typeset snap=$fs@snap.$stamp
|
||||
typeset clone=$basefs/cfs.$stamp
|
||||
|
@ -1042,7 +1056,7 @@ function verify_fs_canmount
|
|||
typeset fs=$3
|
||||
|
||||
typeset oldval
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
|
||||
if ! ismounted $fs ; then
|
||||
set -A modes "on" "off"
|
||||
|
@ -1338,7 +1352,7 @@ function verify_vol_snapshot
|
|||
typeset perm=$2
|
||||
typeset vol=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset basevol=${vol%/*}
|
||||
typeset snap=$vol@snap.$stamp
|
||||
|
||||
|
@ -1363,7 +1377,7 @@ function verify_vol_rollback
|
|||
typeset perm=$2
|
||||
typeset vol=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset basevol=${vol%/*}
|
||||
typeset snap=$vol@snap.$stamp
|
||||
|
||||
|
@ -1398,7 +1412,7 @@ function verify_vol_clone
|
|||
typeset perm=$2
|
||||
typeset vol=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset basevol=${vol%/*}
|
||||
typeset snap=$vol@snap.$stamp
|
||||
typeset clone=$basevol/cvol.$stamp
|
||||
|
@ -1444,7 +1458,7 @@ function verify_vol_rename
|
|||
typeset perm=$2
|
||||
typeset vol=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset basevol=${vol%/*}
|
||||
typeset snap=$vol@snap.$stamp
|
||||
typeset clone=$basevol/cvol.$stamp
|
||||
|
@ -1491,7 +1505,7 @@ function verify_vol_promote
|
|||
typeset perm=$2
|
||||
typeset vol=$3
|
||||
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
|
||||
typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
|
||||
typeset basevol=${vol%/*}
|
||||
typeset snap=$vol@snap.$stamp
|
||||
typeset clone=$basevol/cvol.$stamp
|
||||
|
|
|
@ -29,15 +29,18 @@
|
|||
# Copyright (c) 2013 by Delphix. All rights reserved.
|
||||
#
|
||||
|
||||
. $STF_SUITE/include/libtest.shlib
|
||||
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
|
||||
|
||||
# check svc:/network/nis/client:default state
|
||||
# disable it if the state is ON
|
||||
# and the state will be restored during cleanup.ksh
|
||||
log_must $RM -f $NISSTAFILE
|
||||
if [[ "ON" == $($SVCS -H -o sta svc:/network/nis/client:default) ]]; then
|
||||
if ! is_linux; then
|
||||
# check svc:/network/nis/client:default state
|
||||
# disable it if the state is ON
|
||||
# and the state will be restored during cleanup.ksh
|
||||
log_must $RM -f $NISSTAFILE
|
||||
if [[ "ON" == $($SVCS -H -o sta svc:/network/nis/client:default) ]]; then
|
||||
log_must $SVCADM disable -t svc:/network/nis/client:default
|
||||
log_must $TOUCH $NISSTAFILE
|
||||
fi
|
||||
fi
|
||||
|
||||
cleanup_user_group
|
||||
|
|
|
@ -67,7 +67,7 @@ typeset perms="snapshot,reservation,compression,checksum,send,userprop"
|
|||
log_note "Create a user called 'everyone'."
|
||||
if ! $ID everyone > /dev/null 2>&1; then
|
||||
user_added="TRUE"
|
||||
log_must $USERADD everyone
|
||||
log_must add_user $STAFF_GROUP everyone
|
||||
fi
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow everyone $perms $dtst
|
||||
|
@ -75,7 +75,7 @@ for dtst in $DATASETS ; do
|
|||
done
|
||||
log_must restore_root_datasets
|
||||
if [[ $user_added == "TRUE" ]]; then
|
||||
log_must $USERDEL everyone
|
||||
log_must del_user everyone
|
||||
fi
|
||||
|
||||
log_note "Created a group called 'everyone'."
|
||||
|
|
|
@ -61,7 +61,7 @@ log_onexit cleanup
|
|||
eval set -A dataset $DATASETS
|
||||
typeset perms="snapshot,reservation,compression,checksum,send,userprop"
|
||||
|
||||
log_must $USERADD $STAFF_GROUP
|
||||
log_must add_user $STAFF_GROUP $STAFF_GROUP
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow $STAFF_GROUP $perms $dtst
|
||||
log_must verify_perm $dtst $perms $STAFF_GROUP
|
||||
|
|
|
@ -48,10 +48,46 @@ log_assert "Verify privileged user has correct permissions once which was "\
|
|||
"delegated to him in datasets"
|
||||
log_onexit restore_root_datasets
|
||||
|
||||
if is_linux; then
|
||||
#
|
||||
# Results in Results in
|
||||
# Permission Filesystem Volume
|
||||
#
|
||||
# Removed for Linux:
|
||||
# - mount - mount(8) does not permit non-superuser mounts
|
||||
# - mountpoint - mount(8) does not permit non-superuser mounts
|
||||
# - canmount - mount(8) does not permit non-superuser mounts
|
||||
# - rename - mount(8) does not permit non-superuser mounts
|
||||
# - zoned - zones are not supported
|
||||
# - destroy - umount(8) does not permit non-superuser umounts
|
||||
# - sharenfs - sharing requires superuser priviliges
|
||||
# - share - sharing requires superuser priviliges
|
||||
# - readonly - mount(8) does not permit non-superuser remounts
|
||||
#
|
||||
set -A perms create true false \
|
||||
snapshot true true \
|
||||
send true true \
|
||||
allow true true \
|
||||
quota true false \
|
||||
reservation true true \
|
||||
recordsize true false \
|
||||
checksum true true \
|
||||
compression true true \
|
||||
atime true false \
|
||||
devices true false \
|
||||
exec true false \
|
||||
volsize false true \
|
||||
setuid true false \
|
||||
snapdir true false \
|
||||
userprop true true \
|
||||
aclinherit true false \
|
||||
rollback true true \
|
||||
clone true true \
|
||||
promote true true \
|
||||
xattr true false \
|
||||
receive true false
|
||||
else
|
||||
|
||||
set -A perms create true false \
|
||||
snapshot true true \
|
||||
mount true false \
|
||||
|
@ -82,11 +118,13 @@ set -A perms create true false \
|
|||
xattr true false \
|
||||
receive true false \
|
||||
destroy true true
|
||||
|
||||
if is_global_zone; then
|
||||
typeset -i n=${#perms[@]}
|
||||
perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false"
|
||||
perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false"
|
||||
fi
|
||||
fi
|
||||
|
||||
for dtst in $DATASETS; do
|
||||
typeset -i k=1
|
||||
|
|
|
@ -55,11 +55,19 @@ log_assert "Verify privileged user can not use permissions properly when " \
|
|||
log_onexit cleanup
|
||||
|
||||
|
||||
if is_linux; then
|
||||
set -A perms create snapshot mount send allow quota reservation \
|
||||
recordsize mountpoint checksum compression canmount atime \
|
||||
devices exec volsize setuid readonly snapdir userprop \
|
||||
rollback clone rename promote \
|
||||
zoned xattr receive destroy
|
||||
else
|
||||
set -A perms create snapshot mount send allow quota reservation \
|
||||
recordsize mountpoint checksum compression canmount atime \
|
||||
devices exec volsize setuid readonly snapdir userprop \
|
||||
aclmode aclinherit rollback clone rename promote \
|
||||
zoned xattr receive destroy sharenfs share
|
||||
fi
|
||||
|
||||
log_must $ZPOOL set delegation=off $TESTPOOL
|
||||
|
||||
|
|
|
@ -60,6 +60,13 @@ set -A badopts "everyone -e" "everyone -u $STAFF1" "everyone everyone" \
|
|||
|
||||
log_must setup_unallow_testenv
|
||||
|
||||
#
|
||||
# The GNU getopt(3) implementation will reorder these arguments such the
|
||||
# the parser can handle them and the test doesn't fail. POSIXLY_CORRECT
|
||||
# is set to disable the reordering so the original test cases will fail.
|
||||
#
|
||||
export POSIXLY_CORRECT=1
|
||||
|
||||
for dtst in $DATASETS ; do
|
||||
log_must $ZFS allow -c create $dtst
|
||||
|
||||
|
@ -72,4 +79,6 @@ for dtst in $DATASETS ; do
|
|||
# Causes test failure: neg_test user_run $STAFF1 $ZFS unallow $dtst
|
||||
done
|
||||
|
||||
unset POSIXLY_CORRECT
|
||||
|
||||
log_pass "zfs unallow can handle invalid arguments passed."
|
||||
|
|
|
@ -7,6 +7,6 @@ ENV{ID_FS_TYPE}=="zfs_member", RUN+="/sbin/modprobe zfs"
|
|||
KERNEL=="null", SYMLINK+="root"
|
||||
SYMLINK=="null", SYMLINK+="root"
|
||||
|
||||
SUBSYSTEM=="misc", KERNEL=="zfs", RUN+="@sbindir@/zpool list"
|
||||
SUBSYSTEM=="misc", KERNEL=="zfs", MODE="0666"
|
||||
|
||||
LABEL="zfs_end"
|
||||
|
|
Loading…
Reference in New Issue