Print this page
OS-1566 filesystem limits for ZFS datasets


 460         }
 461         rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
 462 
 463         return (zfs_dozonecheck_impl(dataset, zoned, cr));
 464 }
 465 
 466 static int
 467 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
 468 {
 469         int error;
 470         dsl_dataset_t *ds;
 471 
 472         error = dsl_dataset_hold(name, FTAG, &ds);
 473         if (error != 0)
 474                 return (error);
 475 
 476         error = zfs_dozonecheck_ds(name, ds, cr);
 477         if (error == 0) {
 478                 error = secpolicy_zfs(cr);
 479                 if (error)
 480                         error = dsl_deleg_access_impl(ds, perm, cr);
 481         }
 482 
 483         dsl_dataset_rele(ds, FTAG);
 484         return (error);
 485 }
 486 
 487 static int
 488 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
 489     const char *perm, cred_t *cr)
 490 {
 491         int error;
 492 
 493         error = zfs_dozonecheck_ds(name, ds, cr);
 494         if (error == 0) {
 495                 error = secpolicy_zfs(cr);
 496                 if (error)
 497                         error = dsl_deleg_access_impl(ds, perm, cr);
 498         }
 499         return (error);
 500 }
 501 
 502 /*
 503  * Policy for setting the security label property.
 504  *
 505  * Returns 0 for success, non-zero for access and other errors.
 506  */
 507 static int
 508 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
 509 {
 510         char            ds_hexsl[MAXNAMELEN];
 511         bslabel_t       ds_sl, new_sl;
 512         boolean_t       new_default = FALSE;
 513         uint64_t        zoned;
 514         int             needed_priv = -1;
 515         int             error;
 516 
 517         /* First get the existing dataset label. */


 599 static int
 600 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
 601     cred_t *cr)
 602 {
 603         char *strval;
 604 
 605         /*
 606          * Check permissions for special properties.
 607          */
 608         switch (prop) {
 609         case ZFS_PROP_DEDUP:
 610         case ZFS_PROP_ZONED:
 611                 /*
 612                  * Disallow setting these properties from within a local zone.
 613                  */
 614                 if (!INGLOBALZONE(curproc))
 615                         return (EPERM);
 616                 break;
 617 
 618         case ZFS_PROP_QUOTA:


 619                 if (!INGLOBALZONE(curproc)) {
 620                         uint64_t zoned;
 621                         char setpoint[MAXNAMELEN];
 622                         /*
 623                          * Unprivileged users are allowed to modify the
 624                          * quota on things *under* (ie. contained by)
 625                          * the thing they own.
 626                          */
 627                         if (dsl_prop_get_integer(dsname, "zoned", &zoned,
 628                             setpoint))
 629                                 return (EPERM);
 630                         if (!zoned || strlen(dsname) <= strlen(setpoint))
 631                                 return (EPERM);
 632                 }
 633                 break;
 634 
 635         case ZFS_PROP_MLSLABEL:
 636                 if (!is_system_labeled())
 637                         return (EPERM);
 638 
 639                 if (nvpair_value_string(propval, &strval) == 0) {
 640                         int err;
 641 
 642                         err = zfs_set_slabel_policy(dsname, strval, CRED());
 643                         if (err != 0)
 644                                 return (err);


2366 
2367         if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2368                 nvlist_t *attrs;
2369                 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2370                 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2371                     &pair) == 0);
2372         }
2373 
2374         if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2375                 return (-1);
2376 
2377         VERIFY(0 == nvpair_value_uint64(pair, &intval));
2378 
2379         switch (prop) {
2380         case ZFS_PROP_QUOTA:
2381                 err = dsl_dir_set_quota(dsname, source, intval);
2382                 break;
2383         case ZFS_PROP_REFQUOTA:
2384                 err = dsl_dataset_set_quota(dsname, source, intval);
2385                 break;








2386         case ZFS_PROP_RESERVATION:
2387                 err = dsl_dir_set_reservation(dsname, source, intval);
2388                 break;
2389         case ZFS_PROP_REFRESERVATION:
2390                 err = dsl_dataset_set_reservation(dsname, source, intval);
2391                 break;
2392         case ZFS_PROP_VOLSIZE:
2393                 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2394                     intval);
2395                 break;
2396         case ZFS_PROP_VERSION:
2397         {
2398                 zfsvfs_t *zfsvfs;
2399 
2400                 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2401                         break;
2402 
2403                 err = zfs_set_version(zfsvfs, intval);
2404                 zfsvfs_rele(zfsvfs, FTAG);
2405 




 460         }
 461         rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
 462 
 463         return (zfs_dozonecheck_impl(dataset, zoned, cr));
 464 }
 465 
 466 static int
 467 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
 468 {
 469         int error;
 470         dsl_dataset_t *ds;
 471 
 472         error = dsl_dataset_hold(name, FTAG, &ds);
 473         if (error != 0)
 474                 return (error);
 475 
 476         error = zfs_dozonecheck_ds(name, ds, cr);
 477         if (error == 0) {
 478                 error = secpolicy_zfs(cr);
 479                 if (error)
 480                         error = dsl_deleg_access_impl(ds, perm, cr, B_TRUE);
 481         }
 482 
 483         dsl_dataset_rele(ds, FTAG);
 484         return (error);
 485 }
 486 
 487 static int
 488 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
 489     const char *perm, cred_t *cr)
 490 {
 491         int error;
 492 
 493         error = zfs_dozonecheck_ds(name, ds, cr);
 494         if (error == 0) {
 495                 error = secpolicy_zfs(cr);
 496                 if (error)
 497                         error = dsl_deleg_access_impl(ds, perm, cr, B_TRUE);
 498         }
 499         return (error);
 500 }
 501 
 502 /*
 503  * Policy for setting the security label property.
 504  *
 505  * Returns 0 for success, non-zero for access and other errors.
 506  */
 507 static int
 508 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
 509 {
 510         char            ds_hexsl[MAXNAMELEN];
 511         bslabel_t       ds_sl, new_sl;
 512         boolean_t       new_default = FALSE;
 513         uint64_t        zoned;
 514         int             needed_priv = -1;
 515         int             error;
 516 
 517         /* First get the existing dataset label. */


 599 static int
 600 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
 601     cred_t *cr)
 602 {
 603         char *strval;
 604 
 605         /*
 606          * Check permissions for special properties.
 607          */
 608         switch (prop) {
 609         case ZFS_PROP_DEDUP:
 610         case ZFS_PROP_ZONED:
 611                 /*
 612                  * Disallow setting these properties from within a local zone.
 613                  */
 614                 if (!INGLOBALZONE(curproc))
 615                         return (EPERM);
 616                 break;
 617 
 618         case ZFS_PROP_QUOTA:
 619         case ZFS_PROP_FILESYSTEM_LIMIT:
 620         case ZFS_PROP_SNAPSHOT_LIMIT:
 621                 if (!INGLOBALZONE(curproc)) {
 622                         uint64_t zoned;
 623                         char setpoint[MAXNAMELEN];
 624                         /*
 625                          * Unprivileged users are allowed to modify the
 626                          * limit on things *under* (ie. contained by)
 627                          * the thing they own.
 628                          */
 629                         if (dsl_prop_get_integer(dsname, "zoned", &zoned,
 630                             setpoint))
 631                                 return (EPERM);
 632                         if (!zoned || strlen(dsname) <= strlen(setpoint))
 633                                 return (EPERM);
 634                 }
 635                 break;
 636 
 637         case ZFS_PROP_MLSLABEL:
 638                 if (!is_system_labeled())
 639                         return (EPERM);
 640 
 641                 if (nvpair_value_string(propval, &strval) == 0) {
 642                         int err;
 643 
 644                         err = zfs_set_slabel_policy(dsname, strval, CRED());
 645                         if (err != 0)
 646                                 return (err);


2368 
2369         if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2370                 nvlist_t *attrs;
2371                 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2372                 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2373                     &pair) == 0);
2374         }
2375 
2376         if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2377                 return (-1);
2378 
2379         VERIFY(0 == nvpair_value_uint64(pair, &intval));
2380 
2381         switch (prop) {
2382         case ZFS_PROP_QUOTA:
2383                 err = dsl_dir_set_quota(dsname, source, intval);
2384                 break;
2385         case ZFS_PROP_REFQUOTA:
2386                 err = dsl_dataset_set_quota(dsname, source, intval);
2387                 break;
2388         case ZFS_PROP_FILESYSTEM_LIMIT:
2389                 err = dsl_dir_validate_fs_ss_limit(dsname, intval,
2390                     ZFS_PROP_FILESYSTEM_LIMIT);
2391                 break;
2392         case ZFS_PROP_SNAPSHOT_LIMIT:
2393                 err = dsl_dir_validate_fs_ss_limit(dsname, intval,
2394                     ZFS_PROP_SNAPSHOT_LIMIT);
2395                 break;
2396         case ZFS_PROP_RESERVATION:
2397                 err = dsl_dir_set_reservation(dsname, source, intval);
2398                 break;
2399         case ZFS_PROP_REFRESERVATION:
2400                 err = dsl_dataset_set_reservation(dsname, source, intval);
2401                 break;
2402         case ZFS_PROP_VOLSIZE:
2403                 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2404                     intval);
2405                 break;
2406         case ZFS_PROP_VERSION:
2407         {
2408                 zfsvfs_t *zfsvfs;
2409 
2410                 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2411                         break;
2412 
2413                 err = zfs_set_version(zfsvfs, intval);
2414                 zfsvfs_rele(zfsvfs, FTAG);
2415