-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zfs_ioc_snapshot: check user-prop permissions on snapshotted datasets #9180
Conversation
I think that ideally the permission should be checked on newly created snapshots, but I am not sure how to arrange that. Maybe the check should be pushed down to |
Do you mean we should only check for permission to set the user property if the snapshot is actually created (as opposed to failing to be created with an error)? I don't think that's needed, especially since the snapshot creation is all-or-nothing: if one snapshot can't be created, the whole ioctl fails and no snapshots are created. In any case, the PR looks good to me. At least aside from the build error:
|
Matt, thank you for the comment. I will fix the error ASAP. |
Codecov Report
@@ Coverage Diff @@
## master #9180 +/- ##
==========================================
+ Coverage 79.19% 79.27% +0.07%
==========================================
Files 400 400
Lines 122002 122006 +4
==========================================
+ Hits 96625 96723 +98
+ Misses 25377 25283 -94
Continue to review full report at Codecov.
|
@avg-I Delegated permissions work on a per-filesystem level. Snapshots can't have their own permissions, they can only inherit from their containing filesystem. So the scenerio you outlined would be possible if there were separate permissions for "set user property on this filesystem" and "set user property on any snapshot of this filesystem", but there could not be a permission of "set user property on this snapshot (but not other snapshots of this filesystem)". At least not with the current architecture. So checking on the filesystem would still be sufficient. |
Matt, thank you for the explanation. |
I think that the latest test failures are not related to this change.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks right to me. It seems you get particularly unlucky with the CI and ran in to several known issue. I think it would be worthwhile to rebase this on today's master branch and send it through again. The CentOS 6 and Fedora 30 failures at least have been resolved.
Previously, the permissions were checked on the pool which was obviously incorrect. After this change, zfs_check_userprops() only validates the properties without any permission checks. The permissions are checked individually for each snapshotted dataset. Signed-off-by: Andriy Gapon <avg@FreeBSD.org>
a14f896
to
864514e
Compare
The CI failures observed are all for known existing issue. I've resubmitted the failing runs for good measure. |
Previously, the permissions were checked on the pool which was obviously incorrect. After this change, zfs_check_userprops() only validates the properties without any permission checks. The permissions are checked individually for each snapshotted dataset. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Matt Ahrens <mahrens@delphix.com> Signed-off-by: Andriy Gapon <avg@FreeBSD.org> Closes openzfs#9179 Closes openzfs#9180
Previously, the permissions were checked on the pool which was obviously incorrect. After this change, zfs_check_userprops() only validates the properties without any permission checks. The permissions are checked individually for each snapshotted dataset. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Matt Ahrens <mahrens@delphix.com> Signed-off-by: Andriy Gapon <avg@FreeBSD.org> Closes openzfs#9179 Closes openzfs#9180
Previously, the permissions were checked on the pool which was obviously incorrect. After this change, zfs_check_userprops() only validates the properties without any permission checks. The permissions are checked individually for each snapshotted dataset. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Matt Ahrens <mahrens@delphix.com> Signed-off-by: Andriy Gapon <avg@FreeBSD.org> Closes openzfs#9179 Closes openzfs#9180
Previously, the permissions were checked on the pool which was obviously incorrect. After this change, zfs_check_userprops() only validates the properties without any permission checks. The permissions are checked individually for each snapshotted dataset. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Matt Ahrens <mahrens@delphix.com> Signed-off-by: Andriy Gapon <avg@FreeBSD.org> Closes openzfs#9179 Closes openzfs#9180
Previously, the permissions were checked on the pool which was obviously incorrect. After this change, zfs_check_userprops() only validates the properties without any permission checks. The permissions are checked individually for each snapshotted dataset. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Matt Ahrens <mahrens@delphix.com> Signed-off-by: Andriy Gapon <avg@FreeBSD.org> Closes openzfs#9179 Closes openzfs#9180
Previously, the permissions were checked on the pool which was obviously incorrect. After this change, zfs_check_userprops() only validates the properties without any permission checks. The permissions are checked individually for each snapshotted dataset. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Matt Ahrens <mahrens@delphix.com> Signed-off-by: Andriy Gapon <avg@FreeBSD.org> Closes openzfs#9179 Closes openzfs#9180
Previously, the permissions were checked on the pool which was obviously incorrect. After this change, zfs_check_userprops() only validates the properties without any permission checks. The permissions are checked individually for each snapshotted dataset. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Matt Ahrens <mahrens@delphix.com> Signed-off-by: Andriy Gapon <avg@FreeBSD.org> Closes #9179 Closes #9180
Previously, the permissions were checked on the pool which was obviously
incorrect.
After this change, zfs_check_userprops() only validates the properties
without any permission checks. The permissions are checked individually
for each snapshotted dataset.
This is a bug fix for #9179.
Signed-off-by: Andriy Gapon avg@FreeBSD.org