FreeBSD Bugzilla – Attachment 246517 Details for
Bug 275200
NFS mounts cannot access ZFS snapshots in /<dataset>/.zfs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Set mnt_exjail for an automounted ZFS snapshot
zfssnap.patch (text/plain), 3.77 KB, created by
Rick Macklem
on 2023-11-23 15:38:19 UTC
(
hide
)
Description:
Set mnt_exjail for an automounted ZFS snapshot
Filename:
MIME Type:
Creator:
Rick Macklem
Created:
2023-11-23 15:38:19 UTC
Size:
3.77 KB
patch
obsolete
>--- sys/contrib/openzfs/include/os/freebsd/spl/sys/vfs.h.zfssnap 2023-11-18 17:32:00.449618000 -0800 >+++ sys/contrib/openzfs/include/os/freebsd/spl/sys/vfs.h 2023-11-23 07:29:59.695688000 -0800 >@@ -101,7 +101,7 @@ void vfs_setmntopt(vfs_t *vfsp, const char *name, cons > void vfs_clearmntopt(vfs_t *vfsp, const char *name); > int vfs_optionisset(const vfs_t *vfsp, const char *opt, char **argp); > int mount_snapshot(kthread_t *td, vnode_t **vpp, const char *fstype, >- char *fspath, char *fspec, int fsflags); >+ char *fspath, char *fspec, int fsflags, vfs_t *parent_vfsp); > > typedef uint64_t vfs_feature_t; > >--- sys/contrib/openzfs/module/os/freebsd/spl/spl_vfs.c.zfssnap 2023-11-18 16:44:35.292655000 -0800 >+++ sys/contrib/openzfs/module/os/freebsd/spl/spl_vfs.c 2023-11-22 14:30:52.620044000 -0800 >@@ -120,7 +120,7 @@ vfs_optionisset(const vfs_t *vfsp, const char *opt, ch > > int > mount_snapshot(kthread_t *td, vnode_t **vpp, const char *fstype, char *fspath, >- char *fspec, int fsflags) >+ char *fspec, int fsflags, vfs_t *parent_vfsp) > { > struct vfsconf *vfsp; > struct mount *mp; >@@ -219,6 +219,13 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const cha > vfs_freeopts(mp->mnt_opt); > mp->mnt_opt = mp->mnt_optnew; > (void) VFS_STATFS(mp, &mp->mnt_stat); >+ >+#ifdef VFS_SUPPORTS_EXJAIL_CLONE >+ /* >+ * Clone the mnt_exjail credentials of the parent, as required. >+ */ >+ vfs_exjail_clone(parent_vfsp, mp); >+#endif > > /* > * Prevent external consumers of mount options from reading >--- sys/contrib/openzfs/module/os/freebsd/zfs/zfs_ctldir.c.zfssnap 2023-11-18 18:01:53.661683000 -0800 >+++ sys/contrib/openzfs/module/os/freebsd/zfs/zfs_ctldir.c 2023-11-18 18:02:48.509356000 -0800 >@@ -1026,7 +1026,8 @@ zfsctl_snapdir_lookup(struct vop_lookup_args *ap) > "%s/" ZFS_CTLDIR_NAME "/snapshot/%s", > dvp->v_vfsp->mnt_stat.f_mntonname, name); > >- err = mount_snapshot(curthread, vpp, "zfs", mountpoint, fullname, 0); >+ err = mount_snapshot(curthread, vpp, "zfs", mountpoint, fullname, 0, >+ dvp->v_vfsp); > kmem_free(mountpoint, mountpoint_len); > if (err == 0) { > /* >--- sys/kern/vfs_mount.c.zfssnap 2023-11-18 17:37:22.976544000 -0800 >+++ sys/kern/vfs_mount.c 2023-11-21 14:02:01.116307000 -0800 >@@ -3141,3 +3141,38 @@ resume_all_fs(void) > } > mtx_unlock(&mountlist_mtx); > } >+ >+/* >+ * Clone the mnt_exjail field to a new mount point. >+ */ >+void >+vfs_exjail_clone(struct mount *inmp, struct mount *outmp) >+{ >+ struct ucred *cr; >+ struct prison *pr; >+ >+ MNT_ILOCK(inmp); >+ cr = inmp->mnt_exjail; >+ if (cr != NULL) { >+ crhold(cr); >+ MNT_IUNLOCK(inmp); >+ pr = cr->cr_prison; >+ sx_slock(&allprison_lock); >+ if (!prison_isalive(pr)) { >+ sx_sunlock(&allprison_lock); >+ crfree(cr); >+ return; >+ } >+ MNT_ILOCK(outmp); >+ if (outmp->mnt_exjail == NULL) { >+ outmp->mnt_exjail = cr; >+ atomic_add_int(&pr->pr_exportcnt, 1); >+ cr = NULL; >+ } >+ MNT_IUNLOCK(outmp); >+ sx_sunlock(&allprison_lock); >+ if (cr != NULL) >+ crfree(cr); >+ } else >+ MNT_IUNLOCK(inmp); >+} >--- sys/sys/mount.h.zfssnap 2023-11-18 16:40:28.228859000 -0800 >+++ sys/sys/mount.h 2023-11-22 14:04:09.920495000 -0800 >@@ -981,6 +981,9 @@ enum vfs_notify_upper_type { > * exported vnode operations > */ > >+/* Define this to indicate that vfs_exjail_clone() exists for ZFS to use. */ >+#define VFS_SUPPORTS_EXJAIL_CLONE 1 >+ > int dounmount(struct mount *, uint64_t, struct thread *); > > int kernel_mount(struct mntarg *ma, uint64_t flags); >@@ -1017,6 +1020,7 @@ int vfs_setpublicfs /* set publicly exported fs > (struct mount *, struct netexport *, struct export_args *); > void vfs_periodic(struct mount *, int); > int vfs_busy(struct mount *, int); >+void vfs_exjail_clone(struct mount *, struct mount *); > void vfs_exjail_delete(struct prison *); > int vfs_export /* process mount export info */ > (struct mount *, struct export_args *, bool);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=246517">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 275200
:
246422
| 246517