svn commit: r197861 - in head/sys/cddl: compat/opensolaris/kern compat/opensolaris/sys contrib/opensolaris/uts/common/fs/zfs

Thu Oct 8 16:05:17 UTC 2009

Author: pjd
Date: Thu Oct  8 16:05:17 2009
New Revision: 197861
URL: http://svn.freebsd.org/changeset/base/197861

Log:
  Allow file system owner to modify system flags if securelevel permits.
  
  MFC after:	3 days

Modified:
  head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c
  head/sys/cddl/compat/opensolaris/sys/policy.h
  head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c

Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c
==============================================================================

--- head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c	Thu Oct  8 16:03:19 2009	(r197860)
+++ head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c	Thu Oct  8 16:05:17 2009	(r197861)
@@ -358,8 +358,11 @@ secpolicy_fs_mount_clearopts(cred_t *cr,
  * Check privileges for setting xvattr attributes
  */
 int
-secpolicy_xvattr(xvattr_t *xvap, uid_t owner, cred_t *cr, vtype_t vtype)
+secpolicy_xvattr(struct vnode *vp, xvattr_t *xvap, uid_t owner, cred_t *cr,
+    vtype_t vtype)
 {
 
+	if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
+		return (0);
 	return (priv_check_cred(cr, PRIV_VFS_SYSFLAGS, 0));
 }

Modified: head/sys/cddl/compat/opensolaris/sys/policy.h
==============================================================================
--- head/sys/cddl/compat/opensolaris/sys/policy.h	Thu Oct  8 16:03:19 2009	(r197860)
+++ head/sys/cddl/compat/opensolaris/sys/policy.h	Thu Oct  8 16:05:17 2009	(r197861)
@@ -70,7 +70,8 @@ int	secpolicy_setid_setsticky_clear(stru
 int	secpolicy_fs_owner(struct mount *vfsp, struct ucred *cred);
 int	secpolicy_fs_mount(cred_t *cr, vnode_t *mvp, struct mount *vfsp);
 void	secpolicy_fs_mount_clearopts(cred_t *cr, struct mount *vfsp);
-int	secpolicy_xvattr(xvattr_t *xvap, uid_t owner, cred_t *cr, vtype_t vtype);
+int	secpolicy_xvattr(struct vnode *vp, xvattr_t *xvap, uid_t owner,
+	    cred_t *cr, vtype_t vtype);
 
 #endif	/* _KERNEL */
 

Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
==============================================================================
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c	Thu Oct  8 16:03:19 2009	(r197860)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c	Thu Oct  8 16:05:17 2009	(r197861)
@@ -1306,7 +1306,7 @@ zfs_create(vnode_t *dvp, char *name, vat
 	}
 
 	if (vap->va_mask & AT_XVATTR) {
-		if ((error = secpolicy_xvattr((xvattr_t *)vap,
+		if ((error = secpolicy_xvattr(dvp, (xvattr_t *)vap,
 		    crgetuid(cr), cr, vap->va_type)) != 0) {
 			ZFS_EXIT(zfsvfs);
 			return (error);
@@ -1758,7 +1758,7 @@ zfs_mkdir(vnode_t *dvp, char *dirname, v
 		zf |= ZCILOOK;
 
 	if (vap->va_mask & AT_XVATTR)
-		if ((error = secpolicy_xvattr((xvattr_t *)vap,
+		if ((error = secpolicy_xvattr(dvp, (xvattr_t *)vap,
 		    crgetuid(cr), cr, vap->va_type)) != 0) {
 			ZFS_EXIT(zfsvfs);
 			return (error);
@@ -4206,12 +4206,6 @@ zfs_freebsd_setattr(ap)
 		if ((fflags & ~(SF_IMMUTABLE|SF_APPEND|SF_NOUNLINK|UF_NODUMP)) != 0)
 			return (EOPNOTSUPP);
 		/*
-		 * Callers may only modify the file flags on objects they
-		 * have VADMIN rights for.
-		 */
-		if ((error = VOP_ACCESS(vp, VADMIN, cred, curthread)) != 0)
-			return (error);
-		/*
 		 * Unprivileged processes are not permitted to unset system
 		 * flags, or modify flags if any system flags are set.
 		 * Privileged non-jail processes may not modify system flags
@@ -4221,14 +4215,21 @@ zfs_freebsd_setattr(ap)
 		 * is non-zero; otherwise, they behave like unprivileged
 		 * processes.
 		 */
-		if (priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0) == 0) {
+		if (secpolicy_fs_owner(vp->v_mount, cred) == 0 ||
+		    priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0) == 0) {
 			if (zflags &
 			    (ZFS_IMMUTABLE | ZFS_APPENDONLY | ZFS_NOUNLINK)) {
 				error = securelevel_gt(cred, 0);
-				if (error)
+				if (error != 0)
 					return (error);
 			}
 		} else {
+			/*
+			 * Callers may only modify the file flags on objects they
+			 * have VADMIN rights for.
+			 */
+			if ((error = VOP_ACCESS(vp, VADMIN, cred, curthread)) != 0)
+				return (error);
 			if (zflags &
 			    (ZFS_IMMUTABLE | ZFS_APPENDONLY | ZFS_NOUNLINK)) {
 				return (EPERM);
