Temporarily use root credentials to mount snapshots in .zfs

When mounting a snapshot in the .zfs/snapshots control directory,
temporarily assume roots credentials to perform the VFS_MOUNT().

This allows regular users and users inside jails to access these
snapshots.

The regular usermount code is not helpful here, since it requires
that the user performing the mount own the mountpoint, which won't
be the case for .zfs/snapshot/<snapname>

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tony Nguyen <tony.nguyen@delphix.com>
Signed-off-by: Allan Jude <allan@klarasystems.com>
Sponsored-By: Modirum MDPay
Sponsored-By: Klara Inc.
Closes #11312
This commit is contained in:
Allan Jude 2021-09-14 19:10:00 -04:00 committed by GitHub
parent 6954c22f35
commit 4a1195ca50
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -125,7 +125,7 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const char *fstype, char *fspath,
struct vfsconf *vfsp; struct vfsconf *vfsp;
struct mount *mp; struct mount *mp;
vnode_t *vp, *mvp; vnode_t *vp, *mvp;
struct ucred *cr; struct ucred *pcr, *tcr;
int error; int error;
ASSERT_VOP_ELOCKED(*vpp, "mount_snapshot"); ASSERT_VOP_ELOCKED(*vpp, "mount_snapshot");
@ -194,14 +194,18 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const char *fstype, char *fspath,
* mount(8) and df(1) output. * mount(8) and df(1) output.
*/ */
mp->mnt_flag |= MNT_IGNORE; mp->mnt_flag |= MNT_IGNORE;
/* /*
* XXX: This is evil, but we can't mount a snapshot as a regular user. * XXX: This is evil, but we can't mount a snapshot as a regular user.
* XXX: Is is safe when snapshot is mounted from within a jail? * XXX: Is is safe when snapshot is mounted from within a jail?
*/ */
cr = td->td_ucred; tcr = td->td_ucred;
pcr = td->td_proc->p_ucred;
td->td_ucred = kcred; td->td_ucred = kcred;
td->td_proc->p_ucred = kcred;
error = VFS_MOUNT(mp); error = VFS_MOUNT(mp);
td->td_ucred = cr; td->td_ucred = tcr;
td->td_proc->p_ucred = pcr;
if (error != 0) { if (error != 0) {
/* /*