c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-05-22 02:27:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Linux 4.10 compat: has_capability()

Browse Source 
Stock kernels older than 4.10 do not export the has_capability()
function which is required by commit e59a377.  To avoid breaking
the build on older kernels revert to the safe legacy behavior and
return EACCES when privileges cannot be checked.

Reviewed-by: Ryan Moeller <ryan@ixsystems.com>
Reviewed-by: Matt Ahrens <matt@delphix.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #10565
Closes #10573
This commit is contained in:
Brian Behlendorf
2020-07-19 09:56:21 -07:00
committed by GitHub
parent 8fbf432ae2
commit e862b7ecfc
5 changed files with 64 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
module/os/linux/zfs/policy.c
+9
View File
@@ -249,13 +249,22 @@ secpolicy_zfs(const cred_t *cr)
* Equivalent to secpolicy_zfs(), but works even if the cred_t is not that of
* the current process. Takes both cred_t and proc_t so that this can work
* easily on all platforms.
*
* The has_capability() function was first exported in the 4.10 Linux kernel
* then backported to some LTS kernels. Prior to this change there was no
* mechanism to perform this check therefore EACCES is returned when the
* functionality is not present in the kernel.
*/
int
secpolicy_zfs_proc(const cred_t *cr, proc_t *proc)
{
#if defined(HAVE_HAS_CAPABILITY)
if (!has_capability(proc, CAP_SYS_ADMIN))
return (EACCES);
return (0);
#else
return (EACCES);
#endif
}
void