Diffusion FreeBSD src repository 9fb6abe5addf

Implement secpolicy_vnode_setid_retain()
9fb6abe5addf
Actions

Description

Implement secpolicy_vnode_setid_retain()

Don't unconditionally return 0 (i.e. retain SUID/SGID).
Test CAP_FSETID capability.

https://github.com/pjd/pjdfstest/blob/master/tests/chmod/12.t
which expects SUID/SGID to be dropped on write(2) by non-owner fails
without this. Most filesystems make this decision within VFS by using
a generic file write for fops.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Tomohiro Kusumi <kusumi.tomohiro@gmail.com>
Closes #9035
Closes #9043

Details

Provenance

kusumi.tomohiro_gmail.com	Authored on Jul 26 2019, 8:52 PM
Brian Behlendorf <behlendorf1@llnl.gov>	Committed on Jul 26 2019, 8:52 PM

Parents

rG4b5c9d9f9763: zed crashes when devid not present

Branches

Unknown

Tags

Unknown

Event Timeline

Brian Behlendorf <behlendorf1@llnl.gov> committed rG9fb6abe5addf: Implement secpolicy_vnode_setid_retain() (authored by Tomohiro Kusumi <kusumi.tomohiro@gmail.com>).Jul 26 2019, 8:52 PM

Changes (14)

Path

Size

configure.ac

module/

zfs/

policy.c

tests/

runfiles/

linux.run

zfs-tests/

tests/

functional/

	suid/
	cli_root/


	zfs_property/

cleanup.ksh

setup.ksh

	suid_write_to_suid_sgid.ksh/
	zfs_sysfs/


	zfs_get_unsupported.ksh

	suid/
	cli_user/

	suid_write_to_none.ksh/
	misc/


	zpool_clear_001_neg.ksh

	suid_write_to_sgid.ksh/
	misc/


	zpool_clear_001_neg.ksh

	suid_write_to_suid.ksh/
	misc/


	zpool_clear_001_neg.ksh

rG9fb6abe5addf

View Options

configure.ac

View Options

module/zfs/policy.c

View Options

tests/runfiles/linux.run

View Options

tests/zfs-tests/tests/functional/Makefile.am

View Options

tests/zfs-tests/tests/functional/suid/.gitignore

View Options

tests/zfs-tests/tests/functional/suid/Makefile.am

View Options

tests/zfs-tests/tests/functional/suid/cleanup.ksh

View Options

tests/zfs-tests/tests/functional/suid/setup.ksh

View Options

tests/zfs-tests/tests/functional/suid/suid_write_to_file.c

View Options

tests/zfs-tests/tests/functional/suid/suid_write_to_none.ksh

View Options

tests/zfs-tests/tests/functional/suid/suid_write_to_sgid.ksh

View Options

tests/zfs-tests/tests/functional/suid/suid_write_to_suid.ksh

View Options

tests/zfs-tests/tests/functional/suid/suid_write_to_suid_sgid.ksh

Implement secpolicy_vnode_setid_retain()9fb6abe5addfActions

Description

Details

Event Timeline

Changes (14)

rG9fb6abe5addf

configure.ac

module/zfs/policy.c

tests/runfiles/linux.run

tests/zfs-tests/tests/functional/Makefile.am

tests/zfs-tests/tests/functional/suid/.gitignore

tests/zfs-tests/tests/functional/suid/Makefile.am

tests/zfs-tests/tests/functional/suid/cleanup.ksh

tests/zfs-tests/tests/functional/suid/setup.ksh

tests/zfs-tests/tests/functional/suid/suid_write_to_file.c

tests/zfs-tests/tests/functional/suid/suid_write_to_none.ksh

tests/zfs-tests/tests/functional/suid/suid_write_to_sgid.ksh

tests/zfs-tests/tests/functional/suid/suid_write_to_suid.ksh

tests/zfs-tests/tests/functional/suid/suid_write_to_suid_sgid.ksh

Implement secpolicy_vnode_setid_retain()
9fb6abe5addf
Actions