granicus.if.org Git - zfs/commit

]> granicus.if.org Git - zfs/commit

author	Tomohiro Kusumi <kusumi.tomohiro@gmail.com>
	Fri, 26 Jul 2019 20:52:30 +0000 (05:52 +0900)
committer	Brian Behlendorf <behlendorf1@llnl.gov>
	Fri, 26 Jul 2019 20:52:30 +0000 (13:52 -0700)
commit	9fb6abe5addfa2f2d9f382422d50b37764c3569c
tree	1391b830b22d20ae339d3653f4ce2708236b2495	tree \| snapshot
parent	4b5c9d9f976375ca4f075a533d2b6f0c9a14cf4a	commit \| diff

Implement secpolicy_vnode_setid_retain()

Don't unconditionally return 0 (i.e. retain SUID/SGID).
Test CAP_FSETID capability.

https://github.com/pjd/pjdfstest/blob/master/tests/chmod/12.t
which expects SUID/SGID to be dropped on write(2) by non-owner fails
without this. Most filesystems make this decision within VFS by using
a generic file write for fops.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Tomohiro Kusumi <kusumi.tomohiro@gmail.com>
Closes #9035
Closes #9043

13 files changed:

configure.ac		diff \| blob \| history
module/zfs/policy.c		diff \| blob \| history
tests/runfiles/linux.run		diff \| blob \| history
tests/zfs-tests/tests/functional/Makefile.am		diff \| blob \| history
tests/zfs-tests/tests/functional/suid/.gitignore	[new file with mode: 0644]	blob
tests/zfs-tests/tests/functional/suid/Makefile.am	[new file with mode: 0644]	blob
tests/zfs-tests/tests/functional/suid/cleanup.ksh	[new file with mode: 0755]	blob
tests/zfs-tests/tests/functional/suid/setup.ksh	[new file with mode: 0755]	blob
tests/zfs-tests/tests/functional/suid/suid_write_to_file.c	[new file with mode: 0644]	blob
tests/zfs-tests/tests/functional/suid/suid_write_to_none.ksh	[new file with mode: 0755]	blob
tests/zfs-tests/tests/functional/suid/suid_write_to_sgid.ksh	[new file with mode: 0755]	blob
tests/zfs-tests/tests/functional/suid/suid_write_to_suid.ksh	[new file with mode: 0755]	blob
tests/zfs-tests/tests/functional/suid/suid_write_to_suid_sgid.ksh	[new file with mode: 0755]	blob

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom