HomeFreeBSD

Fix regression in POSIX mode behavior

Description

Fix regression in POSIX mode behavior

Commit 235a85657 introduced a regression in evaluation of POSIX modes
that require group DENY entries in the internal ZFS ACL. An example
of such a POSX mode is 007. When write_implies_delete_child is set,
then ACE_WRITE_DATA is added to wanted_dirperms in prior to calling
zfs_zaccess_common(). This occurs is zfs_zaccess_delete().

Unfortunately, when zfs_zaccess_aces_check hits this particular DENY
ACE, zfs_groupmember() is checked to determine whether access should be
denied, and since zfs_groupmember() always returns B_TRUE on Linux and
so this check is failed, resulting ultimately in EPERM being returned.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Closes #11760

Details

Provenance
andrewAuthored on Mar 20 2021, 5:50 AM
GitHub <noreply@github.com>Committed on Mar 20 2021, 5:50 AM
Parents
rGc23850759fbd: ZTS: New test for kernel panic induced by redacted send
Branches
Unknown
Tags
Unknown