Bug 115361
| Summary: | [zfs] "zfs get setuid" doesn't reflect setuid state as set by "zfs mount" | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Scot Hetzel <swhetzel> | ||||
| Component: | bin | Assignee: | Alan Somers <asomers> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | asomers | ||||
| Priority: | Normal | ||||||
| Version: | 7.0-CURRENT | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Scot Hetzel
2007-08-09 20:00:13 UTC
Responsible Changed From-To: freebsd-bugs->pjd I'll take this one. Attached is a test program for setting/unsetting ZFS mount options via mount. Scot -- DISCLAIMER: No electrons were mamed while sending this message. Only slightly bruised. On 8/23/07, Scot Hetzel <swhetzel@gmail.com> wrote: > Attached is a test program for setting/unsetting ZFS mount options via > mount. > The zfstest program runs the failure case that is shown in this PR, as well as testing the following mount options: ZFS PROPERTY MOUNT OPTION atime atime, noatime, nononatime exec exec, noexec, nonoexec readonly rw, ro, noro setuid setuid, nosetuid xattr (1) xattr, noxattr devices (2) devices, nodevices devices,setuid (3) suid, nosuid, nonosuid 1. waiting to be implemented in FreeBSD ZFS 2. not used for FreeBSD ZFS due to devfs (?) 3. according to zfs(1M) nosuid option is an alias for "nodevices,nosetuid", FreeBSD ZFS only turns setuid off when nosuid is specified. devices is not turned off due to devfs (?) I did find another problem, if you use the rw mount option, it mounts the filesystem read-only. hp010# mount -u -o ro /usr/ports/distfiles ; mount | grep dist rootpool/usr/ports/distfiles on /usr/ports/distfiles (zfs, local) hp010# mount -u -o rw /usr/ports/distfiles ; mount | grep dist rootpool/usr/ports/distfiles on /usr/ports/distfiles (zfs, local, read-only) hp010# mount -u -o ro /usr/ports/distfiles ; mount | grep dist rootpool/usr/ports/distfiles on /usr/ports/distfiles (zfs, local, read-only) Scot -- DISCLAIMER: No electrons were mamed while sending this message. Only slightly bruised. Responsible Changed From-To: pjd->freebsd-fs With pjd's permission, reassing ZFS-related PRs to freebsd-fs. If there are no objections, I would like to close this PR. -- Martin Matuska FreeBSD committer http://blog.vx.sk On Tue, Oct 11, 2011 at 2:23 AM, Martin Matuska <mm@freebsd.org> wrote: > If there are no objections, I would like to close this PR. > > -- > Martin Matuska > FreeBSD committer > http://blog.vx.sk > I just ran the zfstest script on: FreeBSD fbsd10 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r257220: Sun Oct 27 22:42:08 CDT 2013 root@fbsd10:/usr/obj/usr/src/sys/GENERIC i386 The results below shows that mount still can't change devices, setuid or xattr attributes on the zfs filesystem (zfs get devices,setuid,xattr ${ZFS_FILESYSTEM}). they should show as off, and SOURCE should change to temporary, but they stay at default. NOTE: change ZFS_FILESYSTEM and ZFS_MOUNTPOINT in the zfstest script to the appropriate zfs filesystem and mount point. ================================================================================ Test setting/unsetting of devices ===> Current settings for Scratch/ports/distfiles NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles devices on default Scratch/ports/distfiles on /usr/ports/distfiles (zfs, local, nfsv4acls) ===> mount -u -o nodevices /usr/ports/distfiles NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles devices on default <- should be off and temporary Scratch/ports/distfiles on /usr/ports/distfiles (zfs, NFS exported, local, nfsv4acls) <- missing nodevices ===> mount -u -o devices /usr/ports/distfiles NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles devices on default Scratch/ports/distfiles on /usr/ports/distfiles (zfs, NFS exported, local, nfsv4acls) ================================================================================ Test setting/unsetting of setuid ===> Current settings for Scratch/ports/distfiles NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles setuid on default Scratch/ports/distfiles on /usr/ports/distfiles (zfs, local, nfsv4acls) ===> mount -u -o nosetuid /usr/ports/distfiles NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles setuid on default <- should be off and temporary Scratch/ports/distfiles on /usr/ports/distfiles (zfs, NFS exported, local, nosuid, nfsv4acls) ===> mount -u -o setuid /usr/ports/distfiles NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles setuid on default Scratch/ports/distfiles on /usr/ports/distfiles (zfs, NFS exported, local, nfsv4acls) ================================================================================ Test setting/unsetting of suid ===> Current settings for Scratch/ports/distfiles NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles devices on default Scratch/ports/distfiles setuid on default Scratch/ports/distfiles on /usr/ports/distfiles (zfs, local, nfsv4acls) ===> mount -u -o nosuid /usr/ports/distfiles NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles devices on default <- should be off and temporary Scratch/ports/distfiles setuid on default <- should be off and temporary Scratch/ports/distfiles on /usr/ports/distfiles (zfs, NFS exported, local, nosuid, nfsv4acls) <- missing nodevices ===> mount -u -o nonosuid /usr/ports/distfiles NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles devices on default Scratch/ports/distfiles setuid on default Scratch/ports/distfiles on /usr/ports/distfiles (zfs, NFS exported, local, nfsv4acls) ===> mount -u -o suid /usr/ports/distfiles =====> nosuid already set NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles devices on default Scratch/ports/distfiles setuid on default Scratch/ports/distfiles on /usr/ports/distfiles (zfs, NFS exported, local, nfsv4acls) ================================================================================ Test setting/unsetting of xattr ===> Current settings for Scratch/ports/distfiles NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles xattr off temporary Scratch/ports/distfiles on /usr/ports/distfiles (zfs, local, nfsv4acls) ===> mount -u -o noxattr /usr/ports/distfiles NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles xattr off temporary Scratch/ports/distfiles on /usr/ports/distfiles (zfs, NFS exported, local, nfsv4acls) <- missing noxattr ===> mount -u -o xattr /usr/ports/distfiles NAME PROPERTY VALUE SOURCE Scratch/ports/distfiles xattr off temporary <- should be on and default Scratch/ports/distfiles on /usr/ports/distfiles (zfs, NFS exported, local, nfsv4acls) ================================================================================ -- DISCLAIMER: No electrons were maimed while sending this message. Only slightly bruised. Most of this bug has apparently been fixed. "zfs mount" can now turn exec, atime, and rw back on. And there are no plans to implement the devices or xattr properties. So the only part of this bug report that still applies is that the setuid option can't be changed by a remount. I'll retitle the bug appropriately. It seems that To restate the bug: "zfs mount -o update,setuid <FILESYSTEM>" works, but "zfs get setuid <FILESYSTEM>" doesn't reflect the new state of the mount option. Steps to reproduce: $ sudo zpool create foo da1 $ sudo zfs create foo/fs $ sudo cp -a /sbin/ping /foo/fs $ zfs get setuid foo/fs NAME PROPERTY VALUE SOURCE foo/fs setuid on default $ mount | grep foo.fs foo/fs on /foo/fs (zfs, local, nfsv4acls) $ /foo/fs/ping -c 1 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=55 time=3.419 ms --- 8.8.8.8 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 3.419/3.419/3.419/0.000 ms $ sudo zfs mount -o update,nosetuid foo/fs $ mount | grep foo.fs foo/fs on /foo/fs (zfs, local, nosuid, nfsv4acls) # XXX "zfs get" will return the wrong value $ zfs get setuid foo/fs NAME PROPERTY VALUE SOURCE foo/fs setuid on default $ /foo/fs/ping -c 1 8.8.8.8 ping: ssend socket: Operation not permitted In the above transcript, the output of "mount" matches what is expected, as does the behavior of ping (which requires setuid to run). Only the output of "zfs get" is wrong. A commit references this bug: Author: asomers Date: Tue Feb 20 18:42:09 UTC 2018 New revision: 329652 URL: https://svnweb.freebsd.org/changeset/base/329652 Log: Update ZFS tests now that PR 221985 is fixed tests/sys/cddl/zfs/tests/cli_root/zfs_get/zfs_get_003_pos.ksh tests/sys/cddl/zfs/tests/cli_root/zfs_mount/zfs_mount_007_pos.ksh Convert Illumos syntax => FreeBSD syntax tests/sys/cddl/zfs/tests/cli_root/zfs_get/zfs_get_test.sh Clear expected failure for zfs_get_003_pos tests/sys/cddl/zfs/tests/cli_root/zfs_mount/zfs_mount_007_pos.ksh Remove the "devices" property. Unlike on Illumos, on FreeBSD it can't be changed temporarily (or at all). tests/sys/cddl/zfs/tests/cli_root/zfs_mount/zfs_mount_test.sh Remove the expected failure for zfs_mount_007_pos due to 221985, but add a new expected failure due to PR 115361. PR: 221985 PR: 115361 Sponsored by: Spectra Logic Corp Changes: projects/zfsd/head/tests/sys/cddl/zfs/tests/cli_root/zfs_get/zfs_get_003_pos.ksh projects/zfsd/head/tests/sys/cddl/zfs/tests/cli_root/zfs_get/zfs_get_test.sh projects/zfsd/head/tests/sys/cddl/zfs/tests/cli_root/zfs_mount/zfs_mount_007_pos.ksh projects/zfsd/head/tests/sys/cddl/zfs/tests/cli_root/zfs_mount/zfs_mount_test.sh Committed Tue Feb 20 18:42:09 UTC 2018 as r329652. ^Triage: assign to committer that resolved. |
