*/
if (zfs_prop_valid_for_type(ZFS_PROP_CANMOUNT, type, B_FALSE) &&
zfs_prop_get_int(zhp, ZFS_PROP_CANMOUNT) == ZFS_CANMOUNT_ON) {
- if (zfs_mount(zhp, NULL, 0) != 0) {
+ if (geteuid() != 0) {
+ (void) fprintf(stderr, gettext("filesystem "
+ "successfully created, but it may only be "
+ "mounted by root\n"));
+ ret = 1;
+ } else if (zfs_mount(zhp, NULL, 0) != 0) {
(void) fprintf(stderr, gettext("filesystem "
"successfully created, but not mounted\n"));
ret = 1;
#include <string.h>
#include <strings.h>
#include <unistd.h>
-#include <priv.h>
#include <pwd.h>
#include <zone.h>
#include <zfs_prop.h>
(void) fprintf(stderr, gettext("too many arguments\n"));
usage(B_FALSE);
}
+ }
- /*
- * Check for the SYS_CONFIG privilege. We do this explicitly
- * here because otherwise any attempt to discover pools will
- * silently fail.
- */
- if (argc == 0 && !priv_ineffect(PRIV_SYS_CONFIG)) {
- (void) fprintf(stderr, gettext("cannot "
- "discover pools: permission denied\n"));
- if (searchdirs != NULL)
- free(searchdirs);
+ /*
+ * Check for the effective uid. We do this explicitly here because
+ * otherwise any attempt to discover pools will silently fail.
+ */
+ if (argc == 0 && geteuid() != 0) {
+ (void) fprintf(stderr, gettext("cannot "
+ "discover pools: permission denied\n"));
+ if (searchdirs != NULL)
+ free(searchdirs);
- nvlist_free(policy);
- return (1);
- }
+ nvlist_free(policy);
+ return (1);
}
/*
$(top_srcdir)/include/sys/nvpair.h \
$(top_srcdir)/include/sys/nvpair_impl.h \
$(top_srcdir)/include/sys/pathname.h \
+ $(top_srcdir)/include/sys/policy.h \
$(top_srcdir)/include/sys/range_tree.h \
$(top_srcdir)/include/sys/refcount.h \
$(top_srcdir)/include/sys/rrwlock.h \
--- /dev/null
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2015, Joyent, Inc. All rights reserved.
+ * Copyright (c) 2016, Lawrence Livermore National Security, LLC.
+ */
+
+#ifndef _SYS_POLICY_H
+#define _SYS_POLICY_H
+
+#ifdef _KERNEL
+
+#include <sys/cred.h>
+#include <sys/types.h>
+#include <sys/xvattr.h>
+#include <sys/zpl.h>
+
+int secpolicy_nfs(const cred_t *);
+int secpolicy_sys_config(const cred_t *, boolean_t);
+int secpolicy_vnode_access2(const cred_t *, struct inode *,
+ uid_t, mode_t, mode_t);
+int secpolicy_vnode_any_access(const cred_t *, struct inode *, uid_t);
+int secpolicy_vnode_chown(const cred_t *, uid_t);
+int secpolicy_vnode_create_gid(const cred_t *);
+int secpolicy_vnode_remove(const cred_t *);
+int secpolicy_vnode_setdac(const cred_t *, uid_t);
+int secpolicy_vnode_setid_retain(const cred_t *, boolean_t);
+int secpolicy_vnode_setids_setgids(const cred_t *, gid_t);
+int secpolicy_zinject(const cred_t *);
+int secpolicy_zfs(const cred_t *);
+void secpolicy_setid_clear(vattr_t *, cred_t *);
+int secpolicy_setid_setsticky_clear(struct inode *, vattr_t *,
+ const vattr_t *, cred_t *);
+int secpolicy_xvattr(xvattr_t *, uid_t, cred_t *, vtype_t);
+int secpolicy_vnode_setattr(cred_t *, struct inode *, struct vattr *,
+ const struct vattr *, int, int (void *, int, cred_t *), void *);
+int secpolicy_basic_link(const cred_t *);
+
+#endif /* _KERNEL */
+#endif /* _SYS_POLICY_H */
extern int zfs_secpolicy_rename_perms(const char *from, const char *to,
cred_t *cr);
extern int zfs_secpolicy_destroy_perms(const char *name, cred_t *cr);
+extern int secpolicy_zfs(const cred_t *cr);
extern zoneid_t getzoneid(void);
/* SID stuff */
$(top_srcdir)/lib/libspl/include/limits.h \
$(top_srcdir)/lib/libspl/include/locale.h \
$(top_srcdir)/lib/libspl/include/note.h \
- $(top_srcdir)/lib/libspl/include/priv.h \
$(top_srcdir)/lib/libspl/include/statcommon.h \
$(top_srcdir)/lib/libspl/include/stdio.h \
$(top_srcdir)/lib/libspl/include/stdlib.h \
+++ /dev/null
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-/*
- * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
- */
-
-#ifndef _LIBSPL_PRIV_H
-#define _LIBSPL_PRIV_H
-
-#include <sys/types.h>
-
-/* Couldn't find this definition in OpenGrok */
-#define PRIV_SYS_CONFIG "sys_config"
-
-/*
- * priv_op_t indicates a privilege operation type
- */
-typedef enum priv_op {
- PRIV_ON,
- PRIV_OFF,
- PRIV_SET
-} priv_op_t;
-
-static inline boolean_t priv_ineffect(const char *priv) { return B_TRUE; }
-
-#endif
#include <fcntl.h>
#include <sys/mntent.h>
#include <sys/mount.h>
-#include <priv.h>
#include <pwd.h>
#include <grp.h>
#include <stddef.h>
return (0);
}
+int
+secpolicy_zfs(const cred_t *cr)
+{
+ return (0);
+}
+
ksiddomain_t *
ksid_lookupdomain(const char *dom)
{
.sp .6
.RS 4n
Displays permissions that have been delegated on the specified filesystem or volume. See the other forms of \fBzfs allow\fR for more information.
+.sp
+Delegations are supported under Linux with the exception of \fBmount\fR,
+\fBunmount\fR, \fBmountpoint\fR, \fBcanmount\fR, \fBrename\fR, and \fBshare\fR.
+These permissions cannot be delegated because the Linux \fBmount(8)\fR command
+restricts modifications of the global namespace to the root user.
.RE
.sp
.LP
\fBExample 17 \fRDelegating ZFS Administration Permissions on a ZFS Dataset
.sp
-.LP
-This is not currently supported on Linux.
-.sp
The following example shows how to set permissions so that user \fBcindys\fR can create, destroy, mount, and take snapshots on \fBtank/cindys\fR. The permissions on \fBtank/cindys\fR are also displayed.
.sp
$(MODULE)-objs += metaslab.o
$(MODULE)-objs += multilist.o
$(MODULE)-objs += pathname.o
+$(MODULE)-objs += policy.o
$(MODULE)-objs += range_tree.o
$(MODULE)-objs += refcount.o
$(MODULE)-objs += rrwlock.o
#include <sys/zfs_onexit.h>
#include <sys/dsl_destroy.h>
#include <sys/vdev.h>
+#include <sys/policy.h>
/*
* Needed to close a window in dnode_move() that allows the objset to be freed
#include <sys/zfeature.h>
#include <sys/bqueue.h>
#include <sys/zvol.h>
+#include <sys/policy.h>
/* Set this tunable to TRUE to replace corrupt data with 0x2f5baddb10c */
int zfs_send_corrupt_data = B_FALSE;
#include <sys/dsl_destroy.h>
#include <sys/dsl_userhold.h>
#include <sys/dsl_bookmark.h>
+#include <sys/policy.h>
/*
* The SPA supports block sizes up to 16MB. However, very large blocks
--- /dev/null
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2013, Joyent, Inc. All rights reserved.
+ * Copyright (C) 2016 Lawrence Livermore National Security, LLC.
+ *
+ * For Linux the vast majority of this enforcement is already handled via
+ * the standard Linux VFS permission checks. However certain administrative
+ * commands which bypass the standard mechanisms may need to make use of
+ * this functionality.
+ */
+
+#include <sys/policy.h>
+#include <linux/security.h>
+#include <linux/vfs_compat.h>
+
+/*
+ * The passed credentials cannot be directly verified because Linux only
+ * provides and interface to check the *current* proces credentials. In
+ * order to handle this the capable() test is only run when the passed
+ * credentials match the current process credentials or the kcred. In
+ * all other cases this function must fail and return the passed err.
+ */
+static int
+priv_policy(const cred_t *cr, int capability, boolean_t all, int err)
+{
+ ASSERT3S(all, ==, B_FALSE);
+
+ if (cr != CRED() && (cr != kcred))
+ return (err);
+
+ if (!capable(capability))
+ return (err);
+
+ return (0);
+}
+
+/*
+ * Checks for operations that are either client-only or are used by
+ * both clients and servers.
+ */
+int
+secpolicy_nfs(const cred_t *cr)
+{
+ return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EPERM));
+}
+
+/*
+ * Catch all system configuration.
+ */
+int
+secpolicy_sys_config(const cred_t *cr, boolean_t checkonly)
+{
+ return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EPERM));
+}
+
+/*
+ * Like secpolicy_vnode_access() but we get the actual wanted mode and the
+ * current mode of the file, not the missing bits.
+ *
+ * Enforced in the Linux VFS.
+ */
+int
+secpolicy_vnode_access2(const cred_t *cr, struct inode *ip, uid_t owner,
+ mode_t curmode, mode_t wantmode)
+{
+ return (0);
+}
+
+/*
+ * This is a special routine for ZFS; it is used to determine whether
+ * any of the privileges in effect allow any form of access to the
+ * file. There's no reason to audit this or any reason to record
+ * this. More work is needed to do the "KPLD" stuff.
+ */
+int
+secpolicy_vnode_any_access(const cred_t *cr, struct inode *ip, uid_t owner)
+{
+ if (crgetuid(cr) == owner)
+ return (0);
+
+ if (zpl_inode_owner_or_capable(ip))
+ return (0);
+
+ if (priv_policy(cr, CAP_DAC_OVERRIDE, B_FALSE, EPERM) == 0)
+ return (0);
+
+ if (priv_policy(cr, CAP_DAC_READ_SEARCH, B_FALSE, EPERM) == 0)
+ return (0);
+
+ return (EPERM);
+}
+
+/*
+ * Determine if subject can chown owner of a file.
+ */
+int
+secpolicy_vnode_chown(const cred_t *cr, uid_t owner)
+{
+ if (crgetuid(cr) == owner)
+ return (0);
+
+ return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM));
+}
+
+/*
+ * Determine if subject can change group ownership of a file.
+ */
+int
+secpolicy_vnode_create_gid(const cred_t *cr)
+{
+ return (priv_policy(cr, CAP_SETGID, B_FALSE, EPERM));
+}
+
+/*
+ * Policy determines whether we can remove an entry from a directory,
+ * regardless of permission bits.
+ */
+int
+secpolicy_vnode_remove(const cred_t *cr)
+{
+ return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM));
+}
+
+/*
+ * Determine that subject can modify the mode of a file. allzone privilege
+ * needed when modifying root owned object.
+ */
+int
+secpolicy_vnode_setdac(const cred_t *cr, uid_t owner)
+{
+ if (crgetuid(cr) == owner)
+ return (0);
+
+ return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM));
+}
+
+/*
+ * Are we allowed to retain the set-uid/set-gid bits when
+ * changing ownership or when writing to a file?
+ * "issuid" should be true when set-uid; only in that case
+ * root ownership is checked (setgid is assumed).
+ *
+ * Enforced in the Linux VFS.
+ */
+int
+secpolicy_vnode_setid_retain(const cred_t *cr, boolean_t issuidroot)
+{
+ return (0);
+}
+
+/*
+ * Determine that subject can set the file setgid flag.
+ */
+int
+secpolicy_vnode_setids_setgids(const cred_t *cr, gid_t gid)
+{
+ if (!groupmember(gid, cr))
+ return (priv_policy(cr, CAP_FSETID, B_FALSE, EPERM));
+
+ return (0);
+}
+
+/*
+ * Determine if the subject can inject faults in the ZFS fault injection
+ * framework. Requires all privileges.
+ */
+int
+secpolicy_zinject(const cred_t *cr)
+{
+ return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EACCES));
+}
+
+/*
+ * Determine if the subject has permission to manipulate ZFS datasets
+ * (not pools). Equivalent to the SYS_MOUNT privilege.
+ */
+int
+secpolicy_zfs(const cred_t *cr)
+{
+ return (priv_policy(cr, CAP_SYS_ADMIN, B_FALSE, EACCES));
+}
+
+void
+secpolicy_setid_clear(vattr_t *vap, cred_t *cr)
+{
+ if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0 &&
+ secpolicy_vnode_setid_retain(cr,
+ (vap->va_mode & S_ISUID) != 0 &&
+ (vap->va_mask & AT_UID) != 0 && vap->va_uid == 0) != 0) {
+ vap->va_mask |= AT_MODE;
+ vap->va_mode &= ~(S_ISUID|S_ISGID);
+ }
+}
+
+/*
+ * Determine that subject can set the file setid flags.
+ */
+static int
+secpolicy_vnode_setid_modify(const cred_t *cr, uid_t owner)
+{
+ if (crgetuid(cr) == owner)
+ return (0);
+
+ return (priv_policy(cr, CAP_FSETID, B_FALSE, EPERM));
+}
+
+/*
+ * Determine that subject can make a file a "sticky".
+ *
+ * Enforced in the Linux VFS.
+ */
+static int
+secpolicy_vnode_stky_modify(const cred_t *cr)
+{
+ return (0);
+}
+
+int
+secpolicy_setid_setsticky_clear(struct inode *ip, vattr_t *vap,
+ const vattr_t *ovap, cred_t *cr)
+{
+ int error;
+
+ if ((vap->va_mode & S_ISUID) != 0 &&
+ (error = secpolicy_vnode_setid_modify(cr,
+ ovap->va_uid)) != 0) {
+ return (error);
+ }
+
+ /*
+ * Check privilege if attempting to set the
+ * sticky bit on a non-directory.
+ */
+ if (!S_ISDIR(ip->i_mode) && (vap->va_mode & S_ISVTX) != 0 &&
+ secpolicy_vnode_stky_modify(cr) != 0) {
+ vap->va_mode &= ~S_ISVTX;
+ }
+
+ /*
+ * Check for privilege if attempting to set the
+ * group-id bit.
+ */
+ if ((vap->va_mode & S_ISGID) != 0 &&
+ secpolicy_vnode_setids_setgids(cr, ovap->va_gid) != 0) {
+ vap->va_mode &= ~S_ISGID;
+ }
+
+ return (0);
+}
+
+/*
+ * Check privileges for setting xvattr attributes
+ */
+int
+secpolicy_xvattr(xvattr_t *xvap, uid_t owner, cred_t *cr, vtype_t vtype)
+{
+ return (secpolicy_vnode_chown(cr, owner));
+}
+
+/*
+ * Check privileges for setattr attributes.
+ *
+ * Enforced in the Linux VFS.
+ */
+int
+secpolicy_vnode_setattr(cred_t *cr, struct inode *ip, struct vattr *vap,
+ const struct vattr *ovap, int flags,
+ int unlocked_access(void *, int, cred_t *), void *node)
+{
+ return (0);
+}
+
+/*
+ * Check privileges for links.
+ *
+ * Enforced in the Linux VFS.
+ */
+int
+secpolicy_basic_link(const cred_t *cr)
+{
+ return (0);
+}
int error;
zfs_sb_t *zsb = ZTOZSB(dzp);
zfs_acl_t *paclp;
-#ifdef HAVE_KSID
gid_t gid;
-#endif /* HAVE_KSID */
boolean_t need_chmod = B_TRUE;
boolean_t inherited = B_FALSE;
acl_ids->z_fuid = vap->va_uid;
acl_ids->z_fgid = vap->va_gid;
-#ifdef HAVE_KSID
/*
* Determine uid and gid.
*/
}
}
}
-#endif /* HAVE_KSID */
/*
* If we're creating a directory, and the parent directory has the
* Control Directory Tunables (.zfs)
*/
int zfs_expire_snapshot = ZFSCTL_EXPIRE_SNAPSHOT;
-int zfs_admin_snapshot = 0;
+int zfs_admin_snapshot = 1;
/*
* Dedicated task queue for unmounting snapshots.
zp->z_is_stale = B_FALSE;
ip->i_generation = 0;
ip->i_ino = id;
- ip->i_mode = (S_IFDIR | S_IRUGO | S_IXUGO);
+ ip->i_mode = (S_IFDIR | S_IRWXUGO);
ip->i_uid = SUID_TO_KUID(0);
ip->i_gid = SGID_TO_KGID(0);
ip->i_blkbits = SPA_MINBLOCKSHIFT;
}
}
-#ifdef HAVE_KSID
/*
* Create a file system FUID, based on information in the users cred
*
zfs_fuid_create_cred(zfs_sb_t *zsb, zfs_fuid_type_t type,
cred_t *cr, zfs_fuid_info_t **fuidp)
{
+#ifdef HAVE_KSID
uint64_t idx;
ksid_t *ksid;
uint32_t rid;
zfs_fuid_node_add(fuidp, kdomain, rid, idx, id, type);
return (FUID_ENCODE(idx, rid));
-}
+#else
+ VERIFY(type == ZFS_OWNER || type == ZFS_GROUP);
+
+ return ((uint64_t)((type == ZFS_OWNER) ? crgetuid(cr) : crgetgid(cr)));
#endif /* HAVE_KSID */
+}
/*
* Create a file system FUID for an ACL ace
#include <sys/zfeature.h>
#include <linux/miscdevice.h>
+#include <linux/slab.h>
#include "zfs_namecheck.h"
#include "zfs_prop.h"
#include "zfs_deleg.h"
#include "zfs_comutil.h"
+/*
+ * Limit maximum nvlist size. We don't want users passing in insane values
+ * for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
+ */
+#define MAX_NVLIST_SRC_SIZE KMALLOC_MAX_SIZE
+
kmutex_t zfsdev_state_lock;
zfsdev_state_t *zfsdev_state_list;
if (error == 0) {
error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
nvprops, outnvl);
- if (error != 0)
- (void) dsl_destroy_head(fsname);
+ if (error != 0) {
+ spa_t *spa;
+ int error2;
+
+ /*
+ * Volumes will return EBUSY and cannot be destroyed
+ * until all asynchronous minor handling has completed.
+ * Wait for the spa_zvol_taskq to drain then retry.
+ */
+ error2 = dsl_destroy_head(fsname);
+ while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
+ error2 = spa_open(fsname, &spa, FTAG);
+ if (error2 == 0) {
+ taskq_wait(spa->spa_zvol_taskq);
+ spa_close(spa, FTAG);
+ }
+ error2 = dsl_destroy_head(fsname);
+ }
+ }
}
return (error);
}
}
zc->zc_iflags = flag & FKIOCTL;
- if (zc->zc_nvlist_src_size != 0) {
+ if (zc->zc_nvlist_src_size > MAX_NVLIST_SRC_SIZE) {
+ /*
+ * Make sure the user doesn't pass in an insane value for
+ * zc_nvlist_src_size. We have to check, since we will end
+ * up allocating that much memory inside of get_nvlist(). This
+ * prevents a nefarious user from allocating tons of kernel
+ * memory.
+ *
+ * Also, we return EINVAL instead of ENOMEM here. The reason
+ * being that returning ENOMEM from an ioctl() has a special
+ * connotation; that the user's size value is too small and
+ * needs to be expanded to hold the nvlist. See
+ * zcmd_expand_dst_nvlist() for details.
+ */
+ error = SET_ERROR(EINVAL); /* User's size too big */
+
+ } else if (zc->zc_nvlist_src_size != 0) {
error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
zc->zc_iflags, &innvl);
if (error != 0)
}
init() {
- # Disable the udev rule 90-zfs.rules to prevent the zfs module
- # stack from being loaded due to the detection of a zfs device.
- # This is important because the test scripts require full control
- # over when and how the modules are loaded/unloaded. A trap is
- # set to ensure the udev rule is correctly replaced on exit.
- local RULE=${udevruledir}/90-zfs.rules
- if test -e ${RULE}; then
- trap "mv ${RULE}.disabled ${RULE}" INT TERM EXIT
- mv ${RULE} ${RULE}.disabled
- fi
-
# Create a random directory tree of files and sub-directories to
# to act as a copy source for the various regression tests.
SRC_DIR=`mktemp -d -p /var/tmp/ zfs.src.XXXXXXXX`
# Initialize the test suite
init
+# Disable the udev rule 90-zfs.rules to prevent the zfs module
+# stack from being loaded due to the detection of a zfs device.
+# This is important because this test scripts require full control
+# over when and how the modules are loaded/unloaded. A trap is
+# set to ensure the udev rule is correctly replaced on exit.
+RULE=${udevruledir}/90-zfs.rules
+if test -e ${RULE}; then
+ trap "mv ${RULE}.disabled ${RULE}" INT TERM EXIT
+ mv ${RULE} ${RULE}.disabled
+fi
+
# Perform pre-cleanup is requested
if [ ${CLEANUP} ]; then
${ZFS_SH} -u
post = cleanup
outputdir = /var/tmp/test_results
-# DISABLED:
-# posix_001_pos - needs investigation
+# DISABLED: update to use ZFS_ACL_* variables and user_run helper.
+# posix_001_pos
+# posix_002_pos
[tests/functional/acl/posix]
-tests = ['posix_002_pos', 'posix_003_pos']
+tests = ['posix_003_pos']
[tests/functional/atime]
tests = ['atime_001_pos', 'atime_002_neg', 'atime_003_pos']
# 'zpool_upgrade_006_neg', 'zpool_upgrade_007_pos', 'zpool_upgrade_008_pos',
# 'zpool_upgrade_009_neg']
-# DISABLED: nested pools
-#[tests/functional/cli_user/misc]
-#tests = ['zdb_001_neg', 'zfs_001_neg', 'zfs_allow_001_neg',
-# 'zfs_clone_001_neg', 'zfs_create_001_neg', 'zfs_destroy_001_neg',
-# 'zfs_get_001_neg', 'zfs_inherit_001_neg', 'zfs_mount_001_neg',
-# 'zfs_promote_001_neg', 'zfs_receive_001_neg', 'zfs_rename_001_neg',
-# 'zfs_rollback_001_neg', 'zfs_send_001_neg', 'zfs_set_001_neg',
-# 'zfs_share_001_neg', 'zfs_snapshot_001_neg', 'zfs_unallow_001_neg',
-# 'zfs_unmount_001_neg', 'zfs_unshare_001_neg', 'zfs_upgrade_001_neg',
-# 'zpool_001_neg', 'zpool_add_001_neg', 'zpool_attach_001_neg',
-# 'zpool_clear_001_neg', 'zpool_create_001_neg', 'zpool_destroy_001_neg',
-# 'zpool_detach_001_neg', 'zpool_export_001_neg', 'zpool_get_001_neg',
-# 'zpool_history_001_neg', 'zpool_import_001_neg', 'zpool_import_002_neg',
-# 'zpool_offline_001_neg', 'zpool_online_001_neg', 'zpool_remove_001_neg',
-# 'zpool_replace_001_neg', 'zpool_scrub_001_neg', 'zpool_set_001_neg',
-# 'zpool_status_001_neg', 'zpool_upgrade_001_neg']
-#user = zfs-tests
+# DISABLED:
+# zfs_share_001_neg - requires additional dependencies
+# zfs_unshare_001_neg - requires additional dependencies
+[tests/functional/cli_user/misc]
+tests = ['zdb_001_neg', 'zfs_001_neg', 'zfs_allow_001_neg',
+ 'zfs_clone_001_neg', 'zfs_create_001_neg', 'zfs_destroy_001_neg',
+ 'zfs_get_001_neg', 'zfs_inherit_001_neg', 'zfs_mount_001_neg',
+ 'zfs_promote_001_neg', 'zfs_receive_001_neg', 'zfs_rename_001_neg',
+ 'zfs_rollback_001_neg', 'zfs_send_001_neg', 'zfs_set_001_neg',
+ 'zfs_snapshot_001_neg', 'zfs_unallow_001_neg',
+ 'zfs_unmount_001_neg', 'zfs_upgrade_001_neg',
+ 'zpool_001_neg', 'zpool_add_001_neg', 'zpool_attach_001_neg',
+ 'zpool_clear_001_neg', 'zpool_create_001_neg', 'zpool_destroy_001_neg',
+ 'zpool_detach_001_neg', 'zpool_export_001_neg', 'zpool_get_001_neg',
+ 'zpool_history_001_neg', 'zpool_import_001_neg', 'zpool_import_002_neg',
+ 'zpool_offline_001_neg', 'zpool_online_001_neg', 'zpool_remove_001_neg',
+ 'zpool_replace_001_neg', 'zpool_scrub_001_neg', 'zpool_set_001_neg',
+ 'zpool_status_001_neg', 'zpool_upgrade_001_neg']
+user =
[tests/functional/cli_user/zfs_list]
tests = ['zfs_list_001_pos', 'zfs_list_002_pos', 'zfs_list_003_pos',
'zfs_list_004_neg', 'zfs_list_007_pos', 'zfs_list_008_neg']
+user =
[tests/functional/cli_user/zpool_iostat]
tests = ['zpool_iostat_001_neg', 'zpool_iostat_002_pos',
'zpool_iostat_003_neg', 'zpool_iostat_004_pos']
+user =
[tests/functional/cli_user/zpool_list]
tests = ['zpool_list_001_pos', 'zpool_list_002_neg']
+user =
[tests/functional/compression]
tests = ['compress_001_pos', 'compress_002_pos', 'compress_003_pos',
[tests/functional/ctime]
tests = ['ctime_001_pos' ]
-# DISABLED: Linux does not yet support delegations.
-#[tests/functional/delegate]
-#tests = ['zfs_allow_001_pos', 'zfs_allow_002_pos',
-# 'zfs_allow_004_pos', 'zfs_allow_005_pos', 'zfs_allow_006_pos',
-# 'zfs_allow_007_pos', 'zfs_allow_008_pos', 'zfs_allow_009_neg',
-# 'zfs_allow_010_pos', 'zfs_allow_011_neg', 'zfs_allow_012_neg',
-# 'zfs_unallow_001_pos', 'zfs_unallow_002_pos', 'zfs_unallow_003_pos',
-# 'zfs_unallow_004_pos', 'zfs_unallow_005_pos', 'zfs_unallow_006_pos',
-# 'zfs_unallow_007_neg', 'zfs_unallow_008_neg']
+[tests/functional/delegate]
+tests = ['zfs_allow_001_pos', 'zfs_allow_002_pos',
+ 'zfs_allow_004_pos', 'zfs_allow_005_pos', 'zfs_allow_006_pos',
+ 'zfs_allow_007_pos', 'zfs_allow_008_pos', 'zfs_allow_009_neg',
+ 'zfs_allow_010_pos', 'zfs_allow_011_neg', 'zfs_allow_012_neg',
+ 'zfs_unallow_001_pos', 'zfs_unallow_002_pos', 'zfs_unallow_003_pos',
+ 'zfs_unallow_004_pos', 'zfs_unallow_005_pos', 'zfs_unallow_006_pos',
+ 'zfs_unallow_007_neg', 'zfs_unallow_008_neg']
# DISABLED:
# devices_001_pos - needs investigation
me = getpwuid(os.getuid())
if not user or user is me:
+ if os.path.isfile(cmd+'.ksh') and os.access(cmd+'.ksh', os.X_OK):
+ cmd += '.ksh'
+ if os.path.isfile(cmd+'.sh') and os.access(cmd+'.sh', os.X_OK):
+ cmd += '.sh'
return cmd
if not os.path.isfile(cmd):
except OSError, e:
fail('%s' % e)
+ self.result.starttime = time()
+ proc = Popen(privcmd, stdout=PIPE, stderr=PIPE)
+ t = Timer(int(self.timeout), self.kill_cmd, [proc])
+
try:
- self.result.starttime = time()
- proc = Popen(privcmd, stdout=PIPE, stderr=PIPE)
- t = Timer(int(self.timeout), self.kill_cmd, [proc])
t.start()
self.result.stdout, self.result.stderr = self.collect_output(proc)
except KeyboardInterrupt:
log_must $USERADD -g $gname -d $basedir/$uname -m $uname
+ # Add new users to the same group and the command line utils.
+ # This allows them to be run out of the original users home
+ # directory as long as it permissioned to be group readable.
+ if is_linux; then
+ cmd_group=$(stat --format="%G" $ZFS)
+ log_must $USERMOD -a -G $cmd_group $uname
+ fi
+
return 0
}
# Assign 100 as the base gid, a larger value is selected for
# Linux because for many distributions 1000 and under are reserved.
if is_linux; then
- typeset -i gid=1500
-
while true; do
- $GROUPADD -g $gid $group > /dev/null 2>&1
+ $GROUPADD $group > /dev/null 2>&1
typeset -i ret=$?
case $ret in
0) return 0 ;;
- # The gid is not unique
- 9) ((gid += 1)) ;;
*) return 1 ;;
esac
done
typeset user=$1
shift
+ log_note "user:$user $@"
eval \$SU \$user -c \"$@\" > /tmp/out 2>/tmp/err
return $?
}
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
if poolexists $TESTPOOL.virt
then
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-# these are the set of setable ZFS properties
-PROP_NAMES="\
- aclinherit aclmode atime \
- checksum compression devices \
- exec mountpoint quota readonly \
- recordsize reservation setuid sharenfs \
- snapdir"
+if is_linux; then
+ # these are the set of setable ZFS properties
+ PROP_NAMES="\
+ aclinherit acltype atime \
+ checksum compression devices \
+ exec mountpoint quota readonly \
+ recordsize reservation setuid \
+ snapdir"
-# these are a set of values we apply, for use when testing the
-# zfs get/set subcommands - ordered as per the list above so we
-# can iterate over both sets in an array
-PROP_VALS="\
- secure discard on \
- fletcher2 on on \
- on legacy none on \
- 128k none on on \
- visible"
+ # these are a set of values we apply, for use when testing the
+ # zfs get/set subcommands - ordered as per the list above so we
+ # can iterate over both sets in an array
+ PROP_VALS="\
+ secure posixacl on \
+ fletcher2 on on \
+ on legacy none on \
+ 128k none on \
+ visible"
-# these are an alternate set of property values
-PROP_ALTVALS="\
- noallow groupmask off \
- fletcher4 lzjb off \
- off /tmp/zfstest 100m off \
- 512 10m off off \
- hidden"
+ # these are an alternate set of property values
+ PROP_ALTVALS="\
+ noallow noacl off \
+ fletcher4 lzjb off \
+ off /tmp/zfstest 100m off \
+ 512 10m off \
+ hidden"
+else
+ # these are the set of setable ZFS properties
+ PROP_NAMES="\
+ aclinherit aclmode atime \
+ checksum compression devices \
+ exec mountpoint quota readonly \
+ recordsize reservation setuid sharenfs \
+ snapdir"
+ # these are a set of values we apply, for use when testing the
+ # zfs get/set subcommands - ordered as per the list above so we
+ # can iterate over both sets in an array
+ PROP_VALS="\
+ secure discard on \
+ fletcher2 on on \
+ on legacy none on \
+ 128k none on on \
+ visible"
+ # these are an alternate set of property values
+ PROP_ALTVALS="\
+ noallow noacl off \
+ fletcher4 lzjb off \
+ off /tmp/zfstest 100m off \
+ 512 10m off off \
+ hidden"
+fi
# additional properties to worry about: canmount copies xattr zoned version
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
# This setup script is moderately complex, as it creates scenarios for all
# of the tests included in this directory. Usually we'd want each test case
log_must $ZFS create $TESTPOOL/$TESTFS/renameme
-if is_global_zone
+if is_global_zone && !is_linux
then
# create a filesystem we can share
log_must $ZFS create $TESTPOOL/$TESTFS/unshared
done
# copy a v1 pool from cli_root
- $CP $STF_SUITE/tests/functional/cli_root/zpool_upgrade/blockfiles/zfs-pool-v1.dat.bz2 \
+ $CP $STF_SUITE/tests/functional/cli_root/zpool_upgrade/zfs-pool-v1.dat.bz2 \
/$TESTDIR
log_must $BUNZIP2 /$TESTDIR/zfs-pool-v1.dat.bz2
log_must $ZPOOL import -d /$TESTDIR v1-pool
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
[[ -z $ADD_DISK ]] && \
log_fail "No spare disks available."
-set -A args "add" "add -f" "add -n" \
- "add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \
- "add -fn $TESTPOOL" "add -nf $TESTPOOL" \
- "add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK" \
- "add -n $TESTPOOL $ADD_DISK" \
- "add -fn $TESTPOOL $ADD_DISK" \
- "add -nf $TESTPOOL $ADD_DISK" \
+# Under Linux dry-run commands have no legitimate reason to fail.
+if is_linux; then
+ set -A args "add" "add -f" "add -n" \
+ "add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \
+ "add -fn $TESTPOOL" "add -nf $TESTPOOL" \
+ "add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK"
+else
+ set -A args "add" "add -f" "add -n" \
+ "add $TESTPOOL" "add -f $TESTPOOL" "add -n $TESTPOOL" \
+ "add -fn $TESTPOOL" "add -nf $TESTPOOL" \
+ "add $TESTPOOL $ADD_DISK" "add -f $TESTPOOL $ADD_DISK" \
+ "add -n $TESTPOOL $ADD_DISK" \
+ "add -fn $TESTPOOL $ADD_DISK" \
+ "add -nf $TESTPOOL $ADD_DISK"
+fi
log_assert "zpool add [-fn] pool_name vdev"
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
[[ -z $ADD_DISK ]] && \
log_fail "No spare disks available."
-set -A args "create" "create -f" "create -n" \
- "create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \
- "create -fn $TESTPOOL" "create -nf $TESTPOOL" \
- "create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK" \
- "create -n $TESTPOOL $ADD_DISK" \
- "create -fn $TESTPOOL $ADD_DISK" \
- "create -nf $TESTPOOL $ADD_DISK"
+# Under Linux dry-run commands have no legitimate reason to fail.
+if is_linux; then
+ set -A args "create" "create -f" "create -n" \
+ "create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \
+ "create -fn $TESTPOOL" "create -nf $TESTPOOL" \
+ "create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK"
+else
+ set -A args "create" "create -f" "create -n" \
+ "create $TESTPOOL" "create -f $TESTPOOL" "create -n $TESTPOOL" \
+ "create -fn $TESTPOOL" "create -nf $TESTPOOL" \
+ "create $TESTPOOL $ADD_DISK" "create -f $TESTPOOL $ADD_DISK" \
+ "create -n $TESTPOOL $ADD_DISK" \
+ "create -fn $TESTPOOL $ADD_DISK" \
+ "create -nf $TESTPOOL $ADD_DISK"
+fi
log_assert "zpool create [-fn] pool_name vdev"
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
-. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/cli_user/misc/misc.cfg
#
# DESCRIPTION:
# Copyright (c) 2013 by Delphix. All rights reserved.
#
+. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
cleanup_user_group
-# restore the state of svc:/network/nis/client:default
-if [[ -e $NISSTAFILE ]]; then
- log_must $SVCADM enable svc:/network/nis/client:default
- log_must $RM -f $NISSTAFILE
+if ! is_linux; then
+ # restore the state of svc:/network/nis/client:default
+ if [[ -e $NISSTAFILE ]]; then
+ log_must $SVCADM enable svc:/network/nis/client:default
+ log_must $RM -f $NISSTAFILE
+ fi
fi
default_cleanup
export EVERYONE="$STAFF1 $STAFF2 $OTHER1 $OTHER2"
-export LOCAL_SET="snapshot"
-export LOCAL_DESC_SET="readonly,checksum"
-export DESC_SET="compression"
+#
+# 'readonly' is disabled for Linux because it requires remounting the
+# filesystem which is restricted to root for older versions of mount(8).
+#
+if is_linux; then
+ LOCAL_SET="snapshot"
+ LOCAL_DESC_SET="checksum"
+ DESC_SET="compression"
+else
+ LOCAL_SET="snapshot"
+ LOCAL_DESC_SET="readonly,checksum"
+ DESC_SET="compression"
+fi
+export LOCAL_SET
+export LOCAL_DESC_SET
+export DESC_SET
export TESTVOL=testvol.delegate
export VOLSIZE=150m
log_must $ZFS destroy -Rf $ROOT_TESTVOL
fi
log_must $ZFS create -V $VOLSIZE $ROOT_TESTVOL
+ block_device_wait
fi
return 0
ret=$?
fi
+ log_note "Check $type $user $perm $dtst"
if ((ret != 0)) ; then
log_note "Fail: $user should have $perm " \
"on $dtst"
typeset dtst=$3
typeset oldval
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset snap=$dtst@snap.$stamp
typeset -i ret=1
typeset fs=$3
typeset dtst
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset newfs=$fs/newfs.$stamp
typeset newvol=$fs/newvol.$stamp
typeset bak_user=/tmp/bak.$user.$stamp
typeset datasets="$newfs"
if is_global_zone ; then
log_must $ZFS create -V $VOLSIZE $newvol
+ block_device_wait
datasets="$newfs $newvol"
fi
typeset perm=$2
typeset dtst=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
user_run $user $ZFS set "$user:ts=$stamp" $dtst
if [[ $stamp != $(get_prop "$user:ts" $dtst) ]]; then
typeset perm=$2
typeset fs=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset newfs=$fs/nfs.$stamp
typeset newvol=$fs/nvol.$stamp
if is_global_zone ; then
# mount permission is required for sparse volume
user_run $user $ZFS create -V 150m -s $newvol
+ block_device_wait
if datasetexists $newvol ; then
return 1
fi
if ! datasetexists $newvol ; then
return 1
fi
+
+ block_device_wait
log_must $ZFS destroy $newvol
+ block_device_wait
# mount and reserveration permission are
# required for normal volume
user_run $user $ZFS create -V 150m $newvol
+ block_device_wait
if datasetexists $newvol ; then
return 1
fi
log_must $ZFS allow $user mount $fs
user_run $user $ZFS create -V 150m $newvol
+ block_device_wait
log_must $ZFS unallow $user mount $fs
if datasetexists $newvol ; then
return 1
log_must $ZFS allow $user reservation $fs
user_run $user $ZFS create -V 150m $newvol
+ block_device_wait
log_must $ZFS unallow $user reservation $fs
if datasetexists $newvol ; then
return 1
log_must $ZFS allow $user refreservation $fs
user_run $user $ZFS create -V 150m $newvol
+ block_device_wait
log_must $ZFS unallow $user refreservation $fs
if datasetexists $newvol ; then
return 1
if ! datasetexists $newvol ; then
return 1
fi
+
+ block_device_wait
log_must $ZFS destroy $newvol
+ block_device_wait
fi
return 0
typeset perm=$2
typeset fs=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset snap=$fs@snap.$stamp
typeset mntpt=$(get_prop mountpoint $fs)
typeset fs=$3
typeset oldval
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset snap=$fs@snap.$stamp
typeset mntpt=$(get_prop mountpoint $fs)
typeset perm=$2
typeset fs=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basefs=${fs%/*}
typeset snap=$fs@snap.$stamp
typeset clone=$basefs/cfs.$stamp
typeset perm=$2
typeset fs=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basefs=${fs%/*}
typeset snap=$fs@snap.$stamp
typeset renamefs=$basefs/nfs.$stamp
typeset perm=$2
typeset fs=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset mntpt=$(get_prop mountpoint $fs)
typeset newmntpt=/tmp/mnt.$stamp
typeset perm=$2
typeset fs=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset mntpt=$(get_prop mountpoint $fs)
typeset newmntpt=/tmp/mnt.$stamp
typeset perm=$2
typeset fs=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basefs=${fs%/*}
typeset snap=$fs@snap.$stamp
typeset clone=$basefs/cfs.$stamp
typeset fs=$3
typeset oldval
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
if ! ismounted $fs ; then
set -A modes "on" "off"
typeset perm=$2
typeset vol=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basevol=${vol%/*}
typeset snap=$vol@snap.$stamp
typeset perm=$2
typeset vol=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basevol=${vol%/*}
typeset snap=$vol@snap.$stamp
typeset perm=$2
typeset vol=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basevol=${vol%/*}
typeset snap=$vol@snap.$stamp
typeset clone=$basevol/cvol.$stamp
typeset perm=$2
typeset vol=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basevol=${vol%/*}
typeset snap=$vol@snap.$stamp
typeset clone=$basevol/cvol.$stamp
typeset perm=$2
typeset vol=$3
- typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
+ typeset stamp=${perm}.${user}.$($DATE +'%F-%T-%N')
typeset basevol=${vol%/*}
typeset snap=$vol@snap.$stamp
typeset clone=$basevol/cvol.$stamp
# Copyright (c) 2013 by Delphix. All rights reserved.
#
+. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
-# check svc:/network/nis/client:default state
-# disable it if the state is ON
-# and the state will be restored during cleanup.ksh
-log_must $RM -f $NISSTAFILE
-if [[ "ON" == $($SVCS -H -o sta svc:/network/nis/client:default) ]]; then
- log_must $SVCADM disable -t svc:/network/nis/client:default
- log_must $TOUCH $NISSTAFILE
+if ! is_linux; then
+ # check svc:/network/nis/client:default state
+ # disable it if the state is ON
+ # and the state will be restored during cleanup.ksh
+ log_must $RM -f $NISSTAFILE
+ if [[ "ON" == $($SVCS -H -o sta svc:/network/nis/client:default) ]]; then
+ log_must $SVCADM disable -t svc:/network/nis/client:default
+ log_must $TOUCH $NISSTAFILE
+ fi
fi
cleanup_user_group
log_note "Create a user called 'everyone'."
if ! $ID everyone > /dev/null 2>&1; then
user_added="TRUE"
- log_must $USERADD everyone
+ log_must add_user $STAFF_GROUP everyone
fi
for dtst in $DATASETS ; do
log_must $ZFS allow everyone $perms $dtst
done
log_must restore_root_datasets
if [[ $user_added == "TRUE" ]]; then
- log_must $USERDEL everyone
+ log_must del_user everyone
fi
log_note "Created a group called 'everyone'."
eval set -A dataset $DATASETS
typeset perms="snapshot,reservation,compression,checksum,send,userprop"
-log_must $USERADD $STAFF_GROUP
+log_must add_user $STAFF_GROUP $STAFF_GROUP
for dtst in $DATASETS ; do
log_must $ZFS allow $STAFF_GROUP $perms $dtst
log_must verify_perm $dtst $perms $STAFF_GROUP
"delegated to him in datasets"
log_onexit restore_root_datasets
+if is_linux; then
#
# Results in Results in
# Permission Filesystem Volume
#
+# Removed for Linux:
+# - mount - mount(8) does not permit non-superuser mounts
+# - mountpoint - mount(8) does not permit non-superuser mounts
+# - canmount - mount(8) does not permit non-superuser mounts
+# - rename - mount(8) does not permit non-superuser mounts
+# - zoned - zones are not supported
+# - destroy - umount(8) does not permit non-superuser umounts
+# - sharenfs - sharing requires superuser priviliges
+# - share - sharing requires superuser priviliges
+# - readonly - mount(8) does not permit non-superuser remounts
+#
+set -A perms create true false \
+ snapshot true true \
+ send true true \
+ allow true true \
+ quota true false \
+ reservation true true \
+ recordsize true false \
+ checksum true true \
+ compression true true \
+ atime true false \
+ devices true false \
+ exec true false \
+ volsize false true \
+ setuid true false \
+ snapdir true false \
+ userprop true true \
+ aclinherit true false \
+ rollback true true \
+ clone true true \
+ promote true true \
+ xattr true false \
+ receive true false
+else
+
set -A perms create true false \
snapshot true true \
mount true false \
xattr true false \
receive true false \
destroy true true
+
if is_global_zone; then
typeset -i n=${#perms[@]}
perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false"
perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false"
fi
+fi
for dtst in $DATASETS; do
typeset -i k=1
log_onexit cleanup
+if is_linux; then
+set -A perms create snapshot mount send allow quota reservation \
+ recordsize mountpoint checksum compression canmount atime \
+ devices exec volsize setuid readonly snapdir userprop \
+ rollback clone rename promote \
+ zoned xattr receive destroy
+else
set -A perms create snapshot mount send allow quota reservation \
recordsize mountpoint checksum compression canmount atime \
devices exec volsize setuid readonly snapdir userprop \
aclmode aclinherit rollback clone rename promote \
zoned xattr receive destroy sharenfs share
+fi
log_must $ZPOOL set delegation=off $TESTPOOL
log_must setup_unallow_testenv
+#
+# The GNU getopt(3) implementation will reorder these arguments such the
+# the parser can handle them and the test doesn't fail. POSIXLY_CORRECT
+# is set to disable the reordering so the original test cases will fail.
+#
+export POSIXLY_CORRECT=1
+
for dtst in $DATASETS ; do
log_must $ZFS allow -c create $dtst
# Causes test failure: neg_test user_run $STAFF1 $ZFS unallow $dtst
done
+unset POSIXLY_CORRECT
+
log_pass "zfs unallow can handle invalid arguments passed."
KERNEL=="null", SYMLINK+="root"
SYMLINK=="null", SYMLINK+="root"
-SUBSYSTEM=="misc", KERNEL=="zfs", RUN+="@sbindir@/zpool list"
+SUBSYSTEM=="misc", KERNEL=="zfs", MODE="0666"
LABEL="zfs_end"