mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2026-05-22 10:37:35 +03:00
Implement secpolicy_vnode_setid_retain()
Don't unconditionally return 0 (i.e. retain SUID/SGID). Test CAP_FSETID capability. https://github.com/pjd/pjdfstest/blob/master/tests/chmod/12.t which expects SUID/SGID to be dropped on write(2) by non-owner fails without this. Most filesystems make this decision within VFS by using a generic file write for fops. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tomohiro Kusumi <kusumi.tomohiro@gmail.com> Closes #9035 Closes #9043
This commit is contained in:
Tomohiro Kusumi
committed by
Tony Hutter
Tony Hutter
parent
1f5979d23f
commit
6c68594675
+1
-1
@@ -209,7 +209,7 @@ secpolicy_vnode_setdac(const cred_t *cr, uid_t owner)
|
||||
int
|
||||
secpolicy_vnode_setid_retain(const cred_t *cr, boolean_t issuidroot)
|
||||
{
|
||||
return (0);
|
||||
return (priv_policy_user(cr, CAP_FSETID, B_FALSE, EPERM));
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user