c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2024-12-28 20:09:35 +03:00
Code Issues Packages Projects Releases Wiki Activity
d34d4f97a8
mirror_zfs/module/os/linux/zfs
History
Brian Behlendorf d34d4f97a8
snapdir: add 'disabled' value to make .zfs inaccessible 
In some environments, just making the .zfs control dir hidden from sight
might not be enough. In particular, the following scenarios might
warrant not allowing access at all:
- old snapshots with wrong permissions/ownership
- old snapshots with exploitable setuid/setgid binaries
- old snapshots with sensitive contents

Introducing a new 'disabled' value that not only hides the control dir,
but prevents access to its contents by returning ENOENT solves all of
the above.

The new property value takes advantage of 'iuv' semantics ("ignore
unknown value") to automatically fall back to the old default value when
a pool is accessed by an older version of ZFS that doesn't yet know
about 'disabled' semantics.

I think that technically the zfs_dirlook change is enough to prevent
access, but preventing lookups and dir entries in an already opened .zfs
handle might also be a good idea to prevent races when modifying the
property at runtime.

Add zfs_snapshot_no_setuid parameter to control whether automatically
mounted snapshots have the setuid mount option set or not.

this could be considered a partial fix for one of the scenarios
mentioned in desired.

Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Co-authored-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Closes #3963
Closes #16587
2024-10-02 09:12:02 -07:00
..
abd_os.c linux/abd_os: remove kernel version check for compound page support 2024-09-19 15:45:05 -07:00
arc_os.c arc_os: split userspace and Linux kernel code 2024-09-19 15:48:54 -07:00
mmp_os.c Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
policy.c config: remove HAVE_HAS_CAPABILITY 2024-09-18 11:23:51 -07:00
qat_compress.c Intel QAT 1.7 compatibility 2023-09-07 14:38:17 -07:00
qat_crypt.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
qat.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
spa_misc_os.c Selectable block allocators 2023-09-01 18:00:30 -07:00
trace.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_disk.c config: remove HAVE_BIO_SET_DEV 2024-09-18 11:23:51 -07:00
vdev_file.c zfs_file: rename zfs_file_fallocate to zfs_file_deallocate 2024-09-18 11:35:04 -07:00
vdev_label_os.c RAID-Z expansion feature 2023-11-08 10:19:41 -08:00
zfs_acl.c Fix an uninitialized data access (#16511) 2024-09-10 09:08:45 -07:00
zfs_ctldir.c snapdir: add 'disabled' value to make .zfs inaccessible 2024-10-02 09:12:02 -07:00
zfs_debug.c zfs_debug: specific variant for userspace 2024-09-19 15:49:50 -07:00
zfs_dir.c snapdir: add 'disabled' value to make .zfs inaccessible 2024-10-02 09:12:02 -07:00
zfs_file_os.c zfs_file: rename zfs_file_fallocate to zfs_file_deallocate 2024-09-18 11:35:04 -07:00
zfs_ioctl_os.c linux: log a scary warning when used with an experimental kernel 2024-09-23 10:44:54 -07:00
zfs_racct.c Adding Direct IO Support 2024-09-14 13:47:59 -07:00
zfs_sysfs.c Introduce kmem_scnprintf() 2022-10-29 13:05:11 -07:00
zfs_uio.c config: remove HAVE_GET_USER_PAGES_* 2024-09-18 11:23:51 -07:00
zfs_vfsops.c snapdir: add 'disabled' value to make .zfs inaccessible 2024-10-02 09:12:02 -07:00
zfs_vnops_os.c Support for longnames for files/directories (Linux part) 2024-10-01 13:40:27 -07:00
zfs_znode_os.c Linux 6.12: PG_error flag was removed 2024-10-01 13:54:05 -07:00
zio_crypt.c ZIL: Assert record sizes in different places 2023-11-28 13:35:14 -08:00
zpl_ctldir.c snapdir: add 'disabled' value to make .zfs inaccessible 2024-10-02 09:12:02 -07:00
zpl_export.c Support for longnames for files/directories (Linux part) 2024-10-01 13:40:27 -07:00
zpl_file_range.c config: remove HAVE_VFS_COPY_FILE_RANGE 2024-09-18 11:23:50 -07:00
zpl_file.c Avoid BUG in migrate_folio_extra 2024-09-26 08:57:09 -07:00
zpl_inode.c Support for longnames for files/directories (Linux part) 2024-10-01 13:40:27 -07:00
zpl_super.c config: remove HAVE_INODE_SET_IVERSION 2024-09-18 11:23:50 -07:00
zpl_xattr.c Allocate zap_attribute_t from kmem instead of stack 2024-10-01 13:39:08 -07:00
zvol_os.c cityhash: replace invocations with specialized versions when possible 2024-09-19 15:19:17 -07:00