Date: Thu, 8 Oct 2009 16:05:17 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r197861 - in head/sys/cddl: compat/opensolaris/kern compat/opensolaris/sys contrib/opensolaris/uts/common/fs/zfs Message-ID: <200910081605.n98G5HJY027001@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pjd Date: Thu Oct 8 16:05:17 2009 New Revision: 197861 URL: http://svn.freebsd.org/changeset/base/197861 Log: Allow file system owner to modify system flags if securelevel permits. MFC after: 3 days Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c head/sys/cddl/compat/opensolaris/sys/policy.h head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c ============================================================================== --- head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c Thu Oct 8 16:03:19 2009 (r197860) +++ head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c Thu Oct 8 16:05:17 2009 (r197861) @@ -358,8 +358,11 @@ secpolicy_fs_mount_clearopts(cred_t *cr, * Check privileges for setting xvattr attributes */ int -secpolicy_xvattr(xvattr_t *xvap, uid_t owner, cred_t *cr, vtype_t vtype) +secpolicy_xvattr(struct vnode *vp, xvattr_t *xvap, uid_t owner, cred_t *cr, + vtype_t vtype) { + if (secpolicy_fs_owner(vp->v_mount, cr) == 0) + return (0); return (priv_check_cred(cr, PRIV_VFS_SYSFLAGS, 0)); } Modified: head/sys/cddl/compat/opensolaris/sys/policy.h ============================================================================== --- head/sys/cddl/compat/opensolaris/sys/policy.h Thu Oct 8 16:03:19 2009 (r197860) +++ head/sys/cddl/compat/opensolaris/sys/policy.h Thu Oct 8 16:05:17 2009 (r197861) @@ -70,7 +70,8 @@ int secpolicy_setid_setsticky_clear(stru int secpolicy_fs_owner(struct mount *vfsp, struct ucred *cred); int secpolicy_fs_mount(cred_t *cr, vnode_t *mvp, struct mount *vfsp); void secpolicy_fs_mount_clearopts(cred_t *cr, struct mount *vfsp); -int secpolicy_xvattr(xvattr_t *xvap, uid_t owner, cred_t *cr, vtype_t vtype); +int secpolicy_xvattr(struct vnode *vp, xvattr_t *xvap, uid_t owner, + cred_t *cr, vtype_t vtype); #endif /* _KERNEL */ Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c ============================================================================== --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Thu Oct 8 16:03:19 2009 (r197860) +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Thu Oct 8 16:05:17 2009 (r197861) @@ -1306,7 +1306,7 @@ zfs_create(vnode_t *dvp, char *name, vat } if (vap->va_mask & AT_XVATTR) { - if ((error = secpolicy_xvattr((xvattr_t *)vap, + if ((error = secpolicy_xvattr(dvp, (xvattr_t *)vap, crgetuid(cr), cr, vap->va_type)) != 0) { ZFS_EXIT(zfsvfs); return (error); @@ -1758,7 +1758,7 @@ zfs_mkdir(vnode_t *dvp, char *dirname, v zf |= ZCILOOK; if (vap->va_mask & AT_XVATTR) - if ((error = secpolicy_xvattr((xvattr_t *)vap, + if ((error = secpolicy_xvattr(dvp, (xvattr_t *)vap, crgetuid(cr), cr, vap->va_type)) != 0) { ZFS_EXIT(zfsvfs); return (error); @@ -4206,12 +4206,6 @@ zfs_freebsd_setattr(ap) if ((fflags & ~(SF_IMMUTABLE|SF_APPEND|SF_NOUNLINK|UF_NODUMP)) != 0) return (EOPNOTSUPP); /* - * Callers may only modify the file flags on objects they - * have VADMIN rights for. - */ - if ((error = VOP_ACCESS(vp, VADMIN, cred, curthread)) != 0) - return (error); - /* * Unprivileged processes are not permitted to unset system * flags, or modify flags if any system flags are set. * Privileged non-jail processes may not modify system flags @@ -4221,14 +4215,21 @@ zfs_freebsd_setattr(ap) * is non-zero; otherwise, they behave like unprivileged * processes. */ - if (priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0) == 0) { + if (secpolicy_fs_owner(vp->v_mount, cred) == 0 || + priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0) == 0) { if (zflags & (ZFS_IMMUTABLE | ZFS_APPENDONLY | ZFS_NOUNLINK)) { error = securelevel_gt(cred, 0); - if (error) + if (error != 0) return (error); } } else { + /* + * Callers may only modify the file flags on objects they + * have VADMIN rights for. + */ + if ((error = VOP_ACCESS(vp, VADMIN, cred, curthread)) != 0) + return (error); if (zflags & (ZFS_IMMUTABLE | ZFS_APPENDONLY | ZFS_NOUNLINK)) { return (EPERM);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910081605.n98G5HJY027001>