c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-05-25 03:37:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

FreeBSD: remove support for FreeBSD < 13.0-RELEASE (#16372)

Browse Source 
This includes the last 12.x release (now EOL) and 13.0 development
versions (<1300139).

Sponsored-by: https://despairlabs.com/sponsor/

Signed-off-by: Rob Norris <robn@despairlabs.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
This commit is contained in:
Rob Norris
2024-08-06 09:56:45 +10:00
committed by GitHub
parent e9f51ebd94
commit 6c82951d11
27 changed files with 86 additions and 857 deletions
Download Patch File Download Diff File Expand all files Collapse all files
module/os/freebsd/spl/spl_policy.c
+26 -26
View File
@@ -41,42 +41,42 @@ int
secpolicy_nfs(cred_t *cr)
{
return (spl_priv_check_cred(cr, PRIV_NFS_DAEMON));
return (priv_check_cred(cr, PRIV_NFS_DAEMON));
}
int
secpolicy_zfs(cred_t *cr)
{
return (spl_priv_check_cred(cr, PRIV_VFS_MOUNT));
return (priv_check_cred(cr, PRIV_VFS_MOUNT));
}
int
secpolicy_zfs_proc(cred_t *cr, proc_t *proc)
{
return (spl_priv_check_cred(cr, PRIV_VFS_MOUNT));
return (priv_check_cred(cr, PRIV_VFS_MOUNT));
}
int
secpolicy_sys_config(cred_t *cr, int checkonly __unused)
{
return (spl_priv_check_cred(cr, PRIV_ZFS_POOL_CONFIG));
return (priv_check_cred(cr, PRIV_ZFS_POOL_CONFIG));
}
int
secpolicy_zinject(cred_t *cr)
{
return (spl_priv_check_cred(cr, PRIV_ZFS_INJECT));
return (priv_check_cred(cr, PRIV_ZFS_INJECT));
}
int
secpolicy_fs_unmount(cred_t *cr, struct mount *vfsp __unused)
{
return (spl_priv_check_cred(cr, PRIV_VFS_UNMOUNT));
return (priv_check_cred(cr, PRIV_VFS_UNMOUNT));
}
int
@@ -104,7 +104,7 @@ secpolicy_basic_link(vnode_t *vp, cred_t *cr)
return (0);
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
return (spl_priv_check_cred(cr, PRIV_VFS_LINK));
return (priv_check_cred(cr, PRIV_VFS_LINK));
}
int
@@ -120,7 +120,7 @@ secpolicy_vnode_remove(vnode_t *vp, cred_t *cr)
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
return (spl_priv_check_cred(cr, PRIV_VFS_ADMIN));
return (priv_check_cred(cr, PRIV_VFS_ADMIN));
}
int
@@ -130,18 +130,18 @@ secpolicy_vnode_access(cred_t *cr, vnode_t *vp, uid_t owner, accmode_t accmode)
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
if ((accmode & VREAD) && spl_priv_check_cred(cr, PRIV_VFS_READ) != 0)
if ((accmode & VREAD) && priv_check_cred(cr, PRIV_VFS_READ) != 0)
return (EACCES);
if ((accmode & VWRITE) &&
spl_priv_check_cred(cr, PRIV_VFS_WRITE) != 0) {
priv_check_cred(cr, PRIV_VFS_WRITE) != 0) {
return (EACCES);
}
if (accmode & VEXEC) {
if (vp->v_type == VDIR) {
if (spl_priv_check_cred(cr, PRIV_VFS_LOOKUP) != 0)
if (priv_check_cred(cr, PRIV_VFS_LOOKUP) != 0)
return (EACCES);
} else {
if (spl_priv_check_cred(cr, PRIV_VFS_EXEC) != 0)
if (priv_check_cred(cr, PRIV_VFS_EXEC) != 0)
return (EACCES);
}
}
@@ -198,7 +198,7 @@ secpolicy_vnode_any_access(cred_t *cr, vnode_t *vp, uid_t owner)
continue;
break;
}
if (spl_priv_check_cred(cr, priv) == 0)
if (priv_check_cred(cr, priv) == 0)
return (0);
}
return (EPERM);
@@ -212,7 +212,7 @@ secpolicy_vnode_setdac(vnode_t *vp, cred_t *cr, uid_t owner)
return (0);
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
return (spl_priv_check_cred(cr, PRIV_VFS_ADMIN));
return (priv_check_cred(cr, PRIV_VFS_ADMIN));
}
int
@@ -262,7 +262,7 @@ secpolicy_vnode_setattr(cred_t *cr, vnode_t *vp, struct vattr *vap,
((mask & AT_GID) && vap->va_gid != ovap->va_gid &&
!groupmember(vap->va_gid, cr))) {
if (secpolicy_fs_owner(vp->v_mount, cr) != 0) {
error = spl_priv_check_cred(cr, PRIV_VFS_CHOWN);
error = priv_check_cred(cr, PRIV_VFS_CHOWN);
if (error)
return (error);
}
@@ -306,7 +306,7 @@ secpolicy_vnode_setids_setgids(vnode_t *vp, cred_t *cr, gid_t gid)
return (0);
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
return (spl_priv_check_cred(cr, PRIV_VFS_SETGID));
return (priv_check_cred(cr, PRIV_VFS_SETGID));
}
int
@@ -316,7 +316,7 @@ secpolicy_vnode_setid_retain(znode_t *zp, cred_t *cr,
if (secpolicy_fs_owner(ZTOV(zp)->v_mount, cr) == 0)
return (0);
return (spl_priv_check_cred(cr, PRIV_VFS_RETAINSUGID));
return (priv_check_cred(cr, PRIV_VFS_RETAINSUGID));
}
void
@@ -327,7 +327,7 @@ secpolicy_setid_clear(struct vattr *vap, vnode_t *vp, cred_t *cr)
return;
if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0) {
if (spl_priv_check_cred(cr, PRIV_VFS_RETAINSUGID)) {
if (priv_check_cred(cr, PRIV_VFS_RETAINSUGID)) {
vap->va_mask |= AT_MODE;
vap->va_mode &= ~(S_ISUID|S_ISGID);
}
@@ -349,7 +349,7 @@ secpolicy_setid_setsticky_clear(vnode_t *vp, struct vattr *vap,
* is not a member of. Both of these are allowed in jail(8).
*/
if (vp->v_type != VDIR && (vap->va_mode & S_ISTXT)) {
if (spl_priv_check_cred(cr, PRIV_VFS_STICKYFILE))
if (priv_check_cred(cr, PRIV_VFS_STICKYFILE))
return (EFTYPE);
}
/*
@@ -365,7 +365,7 @@ secpolicy_setid_setsticky_clear(vnode_t *vp, struct vattr *vap,
* Deny setting setuid if we are not the file owner.
*/
if ((vap->va_mode & S_ISUID) && ovap->va_uid != cr->cr_uid) {
error = spl_priv_check_cred(cr, PRIV_VFS_ADMIN);
error = priv_check_cred(cr, PRIV_VFS_ADMIN);
if (error)
return (error);
}
@@ -376,7 +376,7 @@ int
secpolicy_fs_mount(cred_t *cr, vnode_t *mvp, struct mount *vfsp)
{
return (spl_priv_check_cred(cr, PRIV_VFS_MOUNT));
return (priv_check_cred(cr, PRIV_VFS_MOUNT));
}
int
@@ -389,7 +389,7 @@ secpolicy_vnode_owner(vnode_t *vp, cred_t *cr, uid_t owner)
return (0);
/* XXX: vfs_suser()? */
return (spl_priv_check_cred(cr, PRIV_VFS_MOUNT_OWNER));
return (priv_check_cred(cr, PRIV_VFS_MOUNT_OWNER));
}
int
@@ -398,14 +398,14 @@ secpolicy_vnode_chown(vnode_t *vp, cred_t *cr, uid_t owner)
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
return (spl_priv_check_cred(cr, PRIV_VFS_CHOWN));
return (priv_check_cred(cr, PRIV_VFS_CHOWN));
}
void
secpolicy_fs_mount_clearopts(cred_t *cr, struct mount *vfsp)
{
if (spl_priv_check_cred(cr, PRIV_VFS_MOUNT_NONUSER) != 0) {
if (priv_check_cred(cr, PRIV_VFS_MOUNT_NONUSER) != 0) {
MNT_ILOCK(vfsp);
vfsp->vfs_flag |= VFS_NOSETUID | MNT_USER;
vfs_clearmntopt(vfsp, MNTOPT_SETUID);
@@ -424,12 +424,12 @@ secpolicy_xvattr(vnode_t *vp, xvattr_t *xvap, uid_t owner, cred_t *cr,
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
return (spl_priv_check_cred(cr, PRIV_VFS_SYSFLAGS));
return (priv_check_cred(cr, PRIV_VFS_SYSFLAGS));
}
int
secpolicy_smb(cred_t *cr)
{
return (spl_priv_check_cred(cr, PRIV_NETSMB));
return (priv_check_cred(cr, PRIV_NETSMB));
}