460 }
461 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
462
463 return (zfs_dozonecheck_impl(dataset, zoned, cr));
464 }
465
466 static int
467 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
468 {
469 int error;
470 dsl_dataset_t *ds;
471
472 error = dsl_dataset_hold(name, FTAG, &ds);
473 if (error != 0)
474 return (error);
475
476 error = zfs_dozonecheck_ds(name, ds, cr);
477 if (error == 0) {
478 error = secpolicy_zfs(cr);
479 if (error)
480 error = dsl_deleg_access_impl(ds, perm, cr);
481 }
482
483 dsl_dataset_rele(ds, FTAG);
484 return (error);
485 }
486
487 static int
488 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
489 const char *perm, cred_t *cr)
490 {
491 int error;
492
493 error = zfs_dozonecheck_ds(name, ds, cr);
494 if (error == 0) {
495 error = secpolicy_zfs(cr);
496 if (error)
497 error = dsl_deleg_access_impl(ds, perm, cr);
498 }
499 return (error);
500 }
501
502 /*
503 * Policy for setting the security label property.
504 *
505 * Returns 0 for success, non-zero for access and other errors.
506 */
507 static int
508 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
509 {
510 char ds_hexsl[MAXNAMELEN];
511 bslabel_t ds_sl, new_sl;
512 boolean_t new_default = FALSE;
513 uint64_t zoned;
514 int needed_priv = -1;
515 int error;
516
517 /* First get the existing dataset label. */
599 static int
600 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
601 cred_t *cr)
602 {
603 char *strval;
604
605 /*
606 * Check permissions for special properties.
607 */
608 switch (prop) {
609 case ZFS_PROP_DEDUP:
610 case ZFS_PROP_ZONED:
611 /*
612 * Disallow setting these properties from within a local zone.
613 */
614 if (!INGLOBALZONE(curproc))
615 return (EPERM);
616 break;
617
618 case ZFS_PROP_QUOTA:
619 if (!INGLOBALZONE(curproc)) {
620 uint64_t zoned;
621 char setpoint[MAXNAMELEN];
622 /*
623 * Unprivileged users are allowed to modify the
624 * quota on things *under* (ie. contained by)
625 * the thing they own.
626 */
627 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
628 setpoint))
629 return (EPERM);
630 if (!zoned || strlen(dsname) <= strlen(setpoint))
631 return (EPERM);
632 }
633 break;
634
635 case ZFS_PROP_MLSLABEL:
636 if (!is_system_labeled())
637 return (EPERM);
638
639 if (nvpair_value_string(propval, &strval) == 0) {
640 int err;
641
642 err = zfs_set_slabel_policy(dsname, strval, CRED());
643 if (err != 0)
644 return (err);
2366
2367 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2368 nvlist_t *attrs;
2369 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2370 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2371 &pair) == 0);
2372 }
2373
2374 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2375 return (-1);
2376
2377 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2378
2379 switch (prop) {
2380 case ZFS_PROP_QUOTA:
2381 err = dsl_dir_set_quota(dsname, source, intval);
2382 break;
2383 case ZFS_PROP_REFQUOTA:
2384 err = dsl_dataset_set_quota(dsname, source, intval);
2385 break;
2386 case ZFS_PROP_RESERVATION:
2387 err = dsl_dir_set_reservation(dsname, source, intval);
2388 break;
2389 case ZFS_PROP_REFRESERVATION:
2390 err = dsl_dataset_set_reservation(dsname, source, intval);
2391 break;
2392 case ZFS_PROP_VOLSIZE:
2393 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2394 intval);
2395 break;
2396 case ZFS_PROP_VERSION:
2397 {
2398 zfsvfs_t *zfsvfs;
2399
2400 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2401 break;
2402
2403 err = zfs_set_version(zfsvfs, intval);
2404 zfsvfs_rele(zfsvfs, FTAG);
2405
|
460 }
461 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
462
463 return (zfs_dozonecheck_impl(dataset, zoned, cr));
464 }
465
466 static int
467 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
468 {
469 int error;
470 dsl_dataset_t *ds;
471
472 error = dsl_dataset_hold(name, FTAG, &ds);
473 if (error != 0)
474 return (error);
475
476 error = zfs_dozonecheck_ds(name, ds, cr);
477 if (error == 0) {
478 error = secpolicy_zfs(cr);
479 if (error)
480 error = dsl_deleg_access_impl(ds, perm, cr, B_TRUE);
481 }
482
483 dsl_dataset_rele(ds, FTAG);
484 return (error);
485 }
486
487 static int
488 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
489 const char *perm, cred_t *cr)
490 {
491 int error;
492
493 error = zfs_dozonecheck_ds(name, ds, cr);
494 if (error == 0) {
495 error = secpolicy_zfs(cr);
496 if (error)
497 error = dsl_deleg_access_impl(ds, perm, cr, B_TRUE);
498 }
499 return (error);
500 }
501
502 /*
503 * Policy for setting the security label property.
504 *
505 * Returns 0 for success, non-zero for access and other errors.
506 */
507 static int
508 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
509 {
510 char ds_hexsl[MAXNAMELEN];
511 bslabel_t ds_sl, new_sl;
512 boolean_t new_default = FALSE;
513 uint64_t zoned;
514 int needed_priv = -1;
515 int error;
516
517 /* First get the existing dataset label. */
599 static int
600 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
601 cred_t *cr)
602 {
603 char *strval;
604
605 /*
606 * Check permissions for special properties.
607 */
608 switch (prop) {
609 case ZFS_PROP_DEDUP:
610 case ZFS_PROP_ZONED:
611 /*
612 * Disallow setting these properties from within a local zone.
613 */
614 if (!INGLOBALZONE(curproc))
615 return (EPERM);
616 break;
617
618 case ZFS_PROP_QUOTA:
619 case ZFS_PROP_FILESYSTEM_LIMIT:
620 case ZFS_PROP_SNAPSHOT_LIMIT:
621 if (!INGLOBALZONE(curproc)) {
622 uint64_t zoned;
623 char setpoint[MAXNAMELEN];
624 /*
625 * Unprivileged users are allowed to modify the
626 * limit on things *under* (ie. contained by)
627 * the thing they own.
628 */
629 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
630 setpoint))
631 return (EPERM);
632 if (!zoned || strlen(dsname) <= strlen(setpoint))
633 return (EPERM);
634 }
635 break;
636
637 case ZFS_PROP_MLSLABEL:
638 if (!is_system_labeled())
639 return (EPERM);
640
641 if (nvpair_value_string(propval, &strval) == 0) {
642 int err;
643
644 err = zfs_set_slabel_policy(dsname, strval, CRED());
645 if (err != 0)
646 return (err);
2368
2369 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2370 nvlist_t *attrs;
2371 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2372 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2373 &pair) == 0);
2374 }
2375
2376 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2377 return (-1);
2378
2379 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2380
2381 switch (prop) {
2382 case ZFS_PROP_QUOTA:
2383 err = dsl_dir_set_quota(dsname, source, intval);
2384 break;
2385 case ZFS_PROP_REFQUOTA:
2386 err = dsl_dataset_set_quota(dsname, source, intval);
2387 break;
2388 case ZFS_PROP_FILESYSTEM_LIMIT:
2389 err = dsl_dir_validate_fs_ss_limit(dsname, intval,
2390 ZFS_PROP_FILESYSTEM_LIMIT);
2391 break;
2392 case ZFS_PROP_SNAPSHOT_LIMIT:
2393 err = dsl_dir_validate_fs_ss_limit(dsname, intval,
2394 ZFS_PROP_SNAPSHOT_LIMIT);
2395 break;
2396 case ZFS_PROP_RESERVATION:
2397 err = dsl_dir_set_reservation(dsname, source, intval);
2398 break;
2399 case ZFS_PROP_REFRESERVATION:
2400 err = dsl_dataset_set_reservation(dsname, source, intval);
2401 break;
2402 case ZFS_PROP_VOLSIZE:
2403 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2404 intval);
2405 break;
2406 case ZFS_PROP_VERSION:
2407 {
2408 zfsvfs_t *zfsvfs;
2409
2410 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2411 break;
2412
2413 err = zfs_set_version(zfsvfs, intval);
2414 zfsvfs_rele(zfsvfs, FTAG);
2415
|