Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

require rollback permission when force receive #16991

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

require rollback permission when force receive #16991

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions man/man4/zfs.4
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2188,6 +2188,9 @@ If there is an error during healing, the healing receive is not
terminated instead it moves on to the next record.
.El
.
.It Sy zfs_recv_force_needs_perm Ns = Ns Sy 0 Pq int
When not zero, force receive (zfs recv -F) requires rollback permission.
.
.It Sy zfs_override_estimate_recordsize Ns = Ns Sy 0 Ns | Ns 1 Pq uint
Setting this variable overrides the default logic for estimating block
sizes when doing a
Expand Down
2 changes: 1 addition & 1 deletion man/man8/zfs-allow.8
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@ load-key subcommand Allows loading and unloading of encryption key (see \fBzfs l
change-key subcommand Allows changing an encryption key via \fBzfs change-key\fR.
mount subcommand Allows mounting/umounting ZFS datasets
promote subcommand Must also have the \fBmount\fR and \fBpromote\fR ability in the origin file system
receive subcommand Must also have the \fBmount\fR and \fBcreate\fR ability
receive subcommand Must also have the \fBmount\fR and \fBcreate\fR ability; must also have the \fBrollback\fR ability if \fBzfs receive -F\fR (force receive) is used and \fBzfs_recv_force_needs_perm\fR is set to 1.
release subcommand Allows releasing a user hold which might destroy the snapshot
rename subcommand Must also have the \fBmount\fR and \fBcreate\fR ability in the new parent
rollback subcommand Must also have the \fBmount\fR ability
Expand Down
14 changes: 14 additions & 0 deletions module/zfs/zfs_ioctl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,11 @@
*/
static uint64_t zfs_history_output_max = 1024 * 1024;

/*
* zfs_recv_force_needs_perm: if true, force receive (-F) requires rollback permission

Check failure on line 242 in module/zfs/zfs_ioctl.c

View workflow job for this annotation

GitHub Actions / checkstyle 

line > 80 characters
*/
static int zfs_recv_force_needs_perm = 0;

uint_t zfs_allow_log_key;

/* DATA_TYPE_ANY is used when zkey_type can vary. */
Expand Down Expand Up @@ -908,6 +913,12 @@
ZFS_DELEG_PERM_MOUNT, cr)) != 0)
return (error);

/* Forced receive can rollback or destroy snapshots */
if (zfs_recv_force_needs_perm && zc->zc_guid &&
(error = zfs_secpolicy_write_perms(zc->zc_name,
ZFS_DELEG_PERM_ROLLBACK, cr)) != 0)
return (error);

return (zfs_secpolicy_write_perms(zc->zc_name,
ZFS_DELEG_PERM_CREATE, cr));
}
Expand Down Expand Up @@ -8177,3 +8188,6 @@

ZFS_MODULE_PARAM(zfs, zfs_, history_output_max, U64, ZMOD_RW,
"Maximum size in bytes of ZFS ioctl output that will be logged");

ZFS_MODULE_PARAM(zfs, zfs_, recv_force_needs_perm, INT, ZMOD_RW,
"Force receive (-F) requires rollback permission");
Loading