Extend dataset zfs_ioc_set_prop() secpolicy
When zc->zc_cookie is set this indicates to zfs_ioc_set_prop() that these are received properties and ZPROP_HAS_RECVD will be set on the dataset. This is only done as part of a `zfs receive` so additionally apply the zfs_secpolicy_recv() policy. Individual property checks continue to be handled by zfs_check_settable(). Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Closes #18617
This commit is contained in:
+18
-1
@@ -1088,6 +1088,23 @@ zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
|||||||
ZFS_DELEG_PERM_CREATE, cr));
|
ZFS_DELEG_PERM_CREATE, cr));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Policy for dataset set property operations. Individual properties checked by
|
||||||
|
* zfs_check_settable(), additionally require zfs_secpolicy_recv() when setting
|
||||||
|
* properties as part of a receive.
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
zfs_secpolicy_setprops(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
|
||||||
|
{
|
||||||
|
boolean_t received = zc->zc_cookie;
|
||||||
|
int error;
|
||||||
|
|
||||||
|
if (received && (error = zfs_secpolicy_recv(zc, innvl, cr)))
|
||||||
|
return (error);
|
||||||
|
|
||||||
|
return (zfs_secpolicy_read(zc, innvl, cr));
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
|
zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
|
||||||
{
|
{
|
||||||
@@ -8056,7 +8073,7 @@ zfs_ioctl_init(void)
|
|||||||
zfs_ioc_send, zfs_secpolicy_send);
|
zfs_ioc_send, zfs_secpolicy_send);
|
||||||
|
|
||||||
zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
|
zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
|
||||||
zfs_secpolicy_none);
|
zfs_secpolicy_setprops);
|
||||||
zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
|
zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
|
||||||
zfs_secpolicy_destroy);
|
zfs_secpolicy_destroy);
|
||||||
zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
|
zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
|
||||||
|
|||||||
Reference in New Issue
Block a user