c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-05-23 02:44:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix send:raw permission for send -w -I

Browse Source 
When performing an incremental raw send with intermediates (-w -I),
the standard 'send' permission was incorrectly required instead of
allowing 'send:raw'. This was due to a strict boolean comparison on
the 'rawok' flag in zfs_secpolicy_send() with non-boolean value.

This change normalizes the 'rawok' variable to be strictly 0/1 and
updates the test suite to properly verify delegated raw send behavior.

Introduced-by: https://github.com/openzfs/zfs/pull/17543
Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Marc Sladek <marc@sladek.dev>
Closes #18198
Closes #18193
This commit is contained in:
Marc Sladek
2026-02-11 19:30:26 +01:00
committed by GitHub
parent 3463d40779
commit cc184fe98b
2 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/zfs-tests/tests/functional/cli_user/zfs_send_delegation_user/zfs_send_usertest.ksh
+8 -3
View File
@@ -103,13 +103,18 @@ log_must zfs unallow -u $OTHER1 send $TESTPOOL/$TESTFS1
# test new sendraw abilities (send should fail, sendraw should pass)
log_mustnot user_run $OTHER1 sh -c "'zfs send $TESTPOOL/$TESTFS1@snap1 | zfs receive -u $TESTPOOL/$TESTFS2/zfsrecv2_user_datastream.$$'"
verify nothing went through
# verify nothing went through
if [ -s $TESTPOOL/$TESTFS2/zfsrecv2_user_datastream.$$ ]
then
log_fail "A zfs recieve was completed in $TESTPOOL/$TESTFS2/zfsrecv2_user_datastream !"
fi
log_must user_run $OTHER1 sh -c "'zfs send -w $TESTPOOL/$TESTFS1@snap1 | zfs receive -u $TESTPOOL/$TESTFS2/zfsrecv2raw_user_datastream.$$'"
# test incremental send with intermediates (should pass)
log_must zfs allow $OTHER1 hold $TESTPOOL/$TESTFS1
log_must zfs snapshot $TESTPOOL/$TESTFS1@snap2
log_must user_run $OTHER1 sh -c "'zfs send -w -I $TESTPOOL/$TESTFS1@snap1 $TESTPOOL/$TESTFS1@snap2 > /dev/null'"
# disable raw delegation
log_must zfs unallow -u $OTHER1 send:raw $TESTPOOL/$TESTFS1
log_must zfs allow $OTHER1 send $TESTPOOL/$TESTFS1
@@ -123,13 +128,13 @@ log_must zfs unallow -u $OTHER1 send $TESTPOOL/$TESTFS1
# verify original send abilities (should fail)
log_mustnot user_run $OTHER1 sh -c "'zfs send $TESTPOOL/$TESTFS1@snap1 | zfs receive -u $TESTPOOL/$TESTFS2/zfsrecv4_user_datastream.$$'"
verify nothing went through
# verify nothing went through
if [ -s $TESTPOOL/$TESTFS2/zfsrecv4_user_datastream.$$ ]
then
log_fail "A zfs recieve was completed in $TESTPOOL/$TESTFS2/zfsrecv4_user_datastream !"
fi
log_mustnot user_run $OTHER1 sh -c "'zfs send -w $TESTPOOL/$TESTFS1@snap1 | zfs receive -u $TESTPOOL/$TESTFS2/zfsrecv4raw_user_datastream.$$'"
verify nothing went through
# verify nothing went through
if [ -s $TESTPOOL/$TESTFS2/zfsrecv4raw_user_datastream.$$ ]
then
log_fail "A zfs recieve was completed in $TESTPOOL/$TESTFS2/zfsrecv4raw_user_datastream !"