Print this page
OS-1566 filesystem limits for ZFS datasets

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/fs/zfs/zfs_ioctl.c
          +++ new/usr/src/uts/common/fs/zfs/zfs_ioctl.c
↓ open down ↓ 469 lines elided ↑ open up ↑
 470  470          dsl_dataset_t *ds;
 471  471  
 472  472          error = dsl_dataset_hold(name, FTAG, &ds);
 473  473          if (error != 0)
 474  474                  return (error);
 475  475  
 476  476          error = zfs_dozonecheck_ds(name, ds, cr);
 477  477          if (error == 0) {
 478  478                  error = secpolicy_zfs(cr);
 479  479                  if (error)
 480      -                        error = dsl_deleg_access_impl(ds, perm, cr);
      480 +                        error = dsl_deleg_access_impl(ds, perm, cr, B_TRUE);
 481  481          }
 482  482  
 483  483          dsl_dataset_rele(ds, FTAG);
 484  484          return (error);
 485  485  }
 486  486  
 487  487  static int
 488  488  zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
 489  489      const char *perm, cred_t *cr)
 490  490  {
 491  491          int error;
 492  492  
 493  493          error = zfs_dozonecheck_ds(name, ds, cr);
 494  494          if (error == 0) {
 495  495                  error = secpolicy_zfs(cr);
 496  496                  if (error)
 497      -                        error = dsl_deleg_access_impl(ds, perm, cr);
      497 +                        error = dsl_deleg_access_impl(ds, perm, cr, B_TRUE);
 498  498          }
 499  499          return (error);
 500  500  }
 501  501  
 502  502  /*
 503  503   * Policy for setting the security label property.
 504  504   *
 505  505   * Returns 0 for success, non-zero for access and other errors.
 506  506   */
 507  507  static int
↓ open down ↓ 101 lines elided ↑ open up ↑
 609  609          case ZFS_PROP_DEDUP:
 610  610          case ZFS_PROP_ZONED:
 611  611                  /*
 612  612                   * Disallow setting these properties from within a local zone.
 613  613                   */
 614  614                  if (!INGLOBALZONE(curproc))
 615  615                          return (EPERM);
 616  616                  break;
 617  617  
 618  618          case ZFS_PROP_QUOTA:
      619 +        case ZFS_PROP_FILESYSTEM_LIMIT:
      620 +        case ZFS_PROP_SNAPSHOT_LIMIT:
 619  621                  if (!INGLOBALZONE(curproc)) {
 620  622                          uint64_t zoned;
 621  623                          char setpoint[MAXNAMELEN];
 622  624                          /*
 623  625                           * Unprivileged users are allowed to modify the
 624      -                         * quota on things *under* (ie. contained by)
      626 +                         * limit on things *under* (ie. contained by)
 625  627                           * the thing they own.
 626  628                           */
 627  629                          if (dsl_prop_get_integer(dsname, "zoned", &zoned,
 628  630                              setpoint))
 629  631                                  return (EPERM);
 630  632                          if (!zoned || strlen(dsname) <= strlen(setpoint))
 631  633                                  return (EPERM);
 632  634                  }
 633  635                  break;
 634  636  
↓ open down ↓ 1741 lines elided ↑ open up ↑
2376 2378  
2377 2379          VERIFY(0 == nvpair_value_uint64(pair, &intval));
2378 2380  
2379 2381          switch (prop) {
2380 2382          case ZFS_PROP_QUOTA:
2381 2383                  err = dsl_dir_set_quota(dsname, source, intval);
2382 2384                  break;
2383 2385          case ZFS_PROP_REFQUOTA:
2384 2386                  err = dsl_dataset_set_quota(dsname, source, intval);
2385 2387                  break;
     2388 +        case ZFS_PROP_FILESYSTEM_LIMIT:
     2389 +                err = dsl_dir_validate_fs_ss_limit(dsname, intval,
     2390 +                    ZFS_PROP_FILESYSTEM_LIMIT);
     2391 +                break;
     2392 +        case ZFS_PROP_SNAPSHOT_LIMIT:
     2393 +                err = dsl_dir_validate_fs_ss_limit(dsname, intval,
     2394 +                    ZFS_PROP_SNAPSHOT_LIMIT);
     2395 +                break;
2386 2396          case ZFS_PROP_RESERVATION:
2387 2397                  err = dsl_dir_set_reservation(dsname, source, intval);
2388 2398                  break;
2389 2399          case ZFS_PROP_REFRESERVATION:
2390 2400                  err = dsl_dataset_set_reservation(dsname, source, intval);
2391 2401                  break;
2392 2402          case ZFS_PROP_VOLSIZE:
2393 2403                  err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2394 2404                      intval);
2395 2405                  break;
↓ open down ↓ 3555 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX