diff options
| author | pjd <pjd@FreeBSD.org> | 2009-10-12 20:36:55 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2009-10-12 20:36:55 +0000 |
| commit | a5cc4c4f58ab5302a04c808075867eaf75e48b23 (patch) | |
| tree | ff80a230811311bb96708649286070eb295d7f20 /sys/cddl/compat | |
| parent | 9bce578b0a2ab3f2a08aa77bdb16d4b6ed69bf46 (diff) | |
| download | FreeBSD-src-a5cc4c4f58ab5302a04c808075867eaf75e48b23.zip FreeBSD-src-a5cc4c4f58ab5302a04c808075867eaf75e48b23.tar.gz | |
MFC r197831,r197842,r197843,r197860,r197861:
r197831:
Fix situation where Mac OS X NFS client creates a file and when it tries
to set ownership and mode in the same setattr operation, the mode was
overwritten by secpolicy_vnode_setattr().
PR: kern/118320
Submitted by: Mark Thompson <info-gentoo@mark.thompson.bz>
r197842:
Fix white-spaces.
r197843:
On FreeBSD it is enough to report provider removal when orphan event is
received, we don't have to do it on every ENXIO error in I/O path.
Solaris has no GEOM so they have to handle it in a less clean way.
r197860:
File system owner is when uid matches and jail matches.
r197861:
Allow file system owner to modify system flags if securelevel permits.
Approved by: re (kib)
Diffstat (limited to 'sys/cddl/compat')
| -rw-r--r-- | sys/cddl/compat/opensolaris/kern/opensolaris_policy.c | 10 | ||||
| -rw-r--r-- | sys/cddl/compat/opensolaris/sys/policy.h | 3 |
2 files changed, 8 insertions, 5 deletions
diff --git a/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c b/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c index cedf335..865fba3 100644 --- a/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c +++ b/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c @@ -78,12 +78,11 @@ secpolicy_fs_owner(struct mount *mp, struct ucred *cred) if (zfs_super_owner) { if (cred->cr_uid == mp->mnt_cred->cr_uid && - (!jailed(cred) || - cred->cr_prison == mp->mnt_cred->cr_prison)) { + cred->cr_prison == mp->mnt_cred->cr_prison) { return (0); } } - return (priv_check_cred(cred, PRIV_VFS_MOUNT_OWNER, 0)); + return (EPERM); } /* @@ -359,8 +358,11 @@ secpolicy_fs_mount_clearopts(cred_t *cr, struct mount *vfsp) * Check privileges for setting xvattr attributes */ int -secpolicy_xvattr(xvattr_t *xvap, uid_t owner, cred_t *cr, vtype_t vtype) +secpolicy_xvattr(struct vnode *vp, xvattr_t *xvap, uid_t owner, cred_t *cr, + vtype_t vtype) { + if (secpolicy_fs_owner(vp->v_mount, cr) == 0) + return (0); return (priv_check_cred(cr, PRIV_VFS_SYSFLAGS, 0)); } diff --git a/sys/cddl/compat/opensolaris/sys/policy.h b/sys/cddl/compat/opensolaris/sys/policy.h index 08db5ca..6731d7c 100644 --- a/sys/cddl/compat/opensolaris/sys/policy.h +++ b/sys/cddl/compat/opensolaris/sys/policy.h @@ -70,7 +70,8 @@ int secpolicy_setid_setsticky_clear(struct vnode *vp, struct vattr *vap, int secpolicy_fs_owner(struct mount *vfsp, struct ucred *cred); int secpolicy_fs_mount(cred_t *cr, vnode_t *mvp, struct mount *vfsp); void secpolicy_fs_mount_clearopts(cred_t *cr, struct mount *vfsp); -int secpolicy_xvattr(xvattr_t *xvap, uid_t owner, cred_t *cr, vtype_t vtype); +int secpolicy_xvattr(struct vnode *vp, xvattr_t *xvap, uid_t owner, + cred_t *cr, vtype_t vtype); #endif /* _KERNEL */ |
