c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-03-22 08:51:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

ZFS allow send:encrypted

Browse Source 
A new `zfs allow` permissions that ONLY allows sending replication
streams in raw (encrypted) mode, so encrypted data will not be
decrypted as part of the replication process.

Sponsored-by: Klara, Inc.
Sponsored-by: Karakun AG
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com>
Co-authored-by: JT Pennington <jt.pennington@klarasystems.com>
Signed-off-by: Allan Jude <allan@klarasystems.com>
Closes #17543
This commit is contained in:
Allan Jude 2025-07-15 19:28:02 +00:00 committed by Brian Behlendorf
parent 654f2dcb42
commit 7b1cc9eb61
6 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/zfs/zfs_main.c
View File

@ -5303,6 +5303,7 @@ zfs_do_receive(int argc, char **argv)
#define ZFS_DELEG_PERM_MOUNT "mount" #define ZFS_DELEG_PERM_MOUNT "mount"
#define ZFS_DELEG_PERM_SHARE "share" #define ZFS_DELEG_PERM_SHARE "share"
#define ZFS_DELEG_PERM_SEND "send" #define ZFS_DELEG_PERM_SEND "send"
#define ZFS_DELEG_PERM_SEND_RAW "send:raw"
#define ZFS_DELEG_PERM_RECEIVE "receive" #define ZFS_DELEG_PERM_RECEIVE "receive"
#define ZFS_DELEG_PERM_RECEIVE_APPEND "receive:append" #define ZFS_DELEG_PERM_RECEIVE_APPEND "receive:append"
#define ZFS_DELEG_PERM_ALLOW "allow" #define ZFS_DELEG_PERM_ALLOW "allow"
@ -5345,6 +5346,7 @@ static zfs_deleg_perm_tab_t zfs_deleg_perm_tbl[] = {
{ ZFS_DELEG_PERM_RENAME, ZFS_DELEG_NOTE_RENAME }, { ZFS_DELEG_PERM_RENAME, ZFS_DELEG_NOTE_RENAME },
{ ZFS_DELEG_PERM_ROLLBACK, ZFS_DELEG_NOTE_ROLLBACK }, { ZFS_DELEG_PERM_ROLLBACK, ZFS_DELEG_NOTE_ROLLBACK },
{ ZFS_DELEG_PERM_SEND, ZFS_DELEG_NOTE_SEND }, { ZFS_DELEG_PERM_SEND, ZFS_DELEG_NOTE_SEND },
{ ZFS_DELEG_PERM_SEND_RAW, ZFS_DELEG_NOTE_SEND_RAW },
{ ZFS_DELEG_PERM_SHARE, ZFS_DELEG_NOTE_SHARE }, { ZFS_DELEG_PERM_SHARE, ZFS_DELEG_NOTE_SHARE },
{ ZFS_DELEG_PERM_SNAPSHOT, ZFS_DELEG_NOTE_SNAPSHOT }, { ZFS_DELEG_PERM_SNAPSHOT, ZFS_DELEG_NOTE_SNAPSHOT },
{ ZFS_DELEG_PERM_BOOKMARK, ZFS_DELEG_NOTE_BOOKMARK }, { ZFS_DELEG_PERM_BOOKMARK, ZFS_DELEG_NOTE_BOOKMARK },
@ -5929,6 +5931,10 @@ deleg_perm_comment(zfs_deleg_note_t note)
case ZFS_DELEG_NOTE_SEND: case ZFS_DELEG_NOTE_SEND:
str = gettext(""); str = gettext("");
break; break;
case ZFS_DELEG_NOTE_SEND_RAW:
str = gettext("Allow sending ONLY encrypted (raw) replication"
"\n\t\t\t\tstreams");
break;
case ZFS_DELEG_NOTE_SHARE: case ZFS_DELEG_NOTE_SHARE:
str = gettext("Allows sharing file systems over NFS or SMB" str = gettext("Allows sharing file systems over NFS or SMB"
"\n\t\t\t\tprotocols"); "\n\t\t\t\tprotocols");

1
include/sys/dsl_deleg.h
View File

@ -46,6 +46,7 @@ extern "C" {
#define ZFS_DELEG_PERM_MOUNT "mount" #define ZFS_DELEG_PERM_MOUNT "mount"
#define ZFS_DELEG_PERM_SHARE "share" #define ZFS_DELEG_PERM_SHARE "share"
#define ZFS_DELEG_PERM_SEND "send" #define ZFS_DELEG_PERM_SEND "send"
#define ZFS_DELEG_PERM_SEND_RAW "send:raw"
#define ZFS_DELEG_PERM_RECEIVE "receive" #define ZFS_DELEG_PERM_RECEIVE "receive"
#define ZFS_DELEG_PERM_RECEIVE_APPEND "receive:append" #define ZFS_DELEG_PERM_RECEIVE_APPEND "receive:append"
#define ZFS_DELEG_PERM_ALLOW "allow" #define ZFS_DELEG_PERM_ALLOW "allow"

1
include/zfs_deleg.h
View File

@ -55,6 +55,7 @@ typedef enum {
ZFS_DELEG_NOTE_PROMOTE, ZFS_DELEG_NOTE_PROMOTE,
ZFS_DELEG_NOTE_RENAME, ZFS_DELEG_NOTE_RENAME,
ZFS_DELEG_NOTE_SEND, ZFS_DELEG_NOTE_SEND,
ZFS_DELEG_NOTE_SEND_RAW,
ZFS_DELEG_NOTE_RECEIVE, ZFS_DELEG_NOTE_RECEIVE,
ZFS_DELEG_NOTE_ALLOW, ZFS_DELEG_NOTE_ALLOW,
ZFS_DELEG_NOTE_USERPROP, ZFS_DELEG_NOTE_USERPROP,

5
man/man8/zfs-allow.8
View File

@ -30,7 +30,7 @@
.\" Copyright 2018 Nexenta Systems, Inc. .\" Copyright 2018 Nexenta Systems, Inc.
.\" Copyright 2019 Joyent, Inc. .\" Copyright 2019 Joyent, Inc.
.\" .\"
.Dd March 13, 2025 .Dd September 8, 2025
.Dt ZFS-ALLOW 8 .Dt ZFS-ALLOW 8
.Os .Os
. .
@ -212,7 +212,8 @@ receive subcommand Must also have the \fBmount\fR and \fBcreate\fR ability, requ
release subcommand Allows releasing a user hold which might destroy the snapshot release subcommand Allows releasing a user hold which might destroy the snapshot
rename subcommand Must also have the \fBmount\fR and \fBcreate\fR ability in the new parent rename subcommand Must also have the \fBmount\fR and \fBcreate\fR ability in the new parent
rollback subcommand Must also have the \fBmount\fR ability rollback subcommand Must also have the \fBmount\fR ability
send subcommand send subcommand Allows sending a replication stream of a dataset.
send:raw subcommand Only allows sending raw replication streams, preventing encrypted datasets being sent in decrypted form.
share subcommand Allows sharing file systems over NFS or SMB protocols share subcommand Allows sharing file systems over NFS or SMB protocols
snapshot subcommand Must also have the \fBmount\fR ability snapshot subcommand Must also have the \fBmount\fR ability

1
module/zcommon/zfs_deleg.c
View File

@ -59,6 +59,7 @@ const zfs_deleg_perm_tab_t zfs_deleg_perm_tab[] = {
{ZFS_DELEG_PERM_SNAPSHOT}, {ZFS_DELEG_PERM_SNAPSHOT},
{ZFS_DELEG_PERM_SHARE}, {ZFS_DELEG_PERM_SHARE},
{ZFS_DELEG_PERM_SEND}, {ZFS_DELEG_PERM_SEND},
{ZFS_DELEG_PERM_SEND_RAW},
{ZFS_DELEG_PERM_USERPROP}, {ZFS_DELEG_PERM_USERPROP},
{ZFS_DELEG_PERM_USERQUOTA}, {ZFS_DELEG_PERM_USERQUOTA},
{ZFS_DELEG_PERM_GROUPQUOTA}, {ZFS_DELEG_PERM_GROUPQUOTA},

17
module/zfs/zfs_ioctl.c
View File

@ -683,6 +683,7 @@ zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
dsl_dataset_t *ds; dsl_dataset_t *ds;
const char *cp; const char *cp;
int error; int error;
boolean_t rawok = (zc->zc_flags & 0x8);
/* /*
* Generate the current snapshot name from the given objsetid, then * Generate the current snapshot name from the given objsetid, then
@ -705,6 +706,10 @@ zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
ZFS_DELEG_PERM_SEND, cr); ZFS_DELEG_PERM_SEND, cr);
if (error != 0 && rawok == B_TRUE) {
error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
ZFS_DELEG_PERM_SEND_RAW, cr);
}
dsl_dataset_rele(ds, FTAG); dsl_dataset_rele(ds, FTAG);
dsl_pool_rele(dp, FTAG); dsl_pool_rele(dp, FTAG);
@ -714,9 +719,17 @@ zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
static int static int
zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
{ {
boolean_t rawok = nvlist_exists(innvl, "rawok");
int error;
(void) innvl; (void) innvl;
return (zfs_secpolicy_write_perms(zc->zc_name, error = zfs_secpolicy_write_perms(zc->zc_name,
ZFS_DELEG_PERM_SEND, cr)); ZFS_DELEG_PERM_SEND, cr);
if (error != 0 && rawok == B_TRUE) {
error = zfs_secpolicy_write_perms(zc->zc_name,
ZFS_DELEG_PERM_SEND_RAW, cr);
}
return (error);
} }
static int static int