Skip to content

Commit

Permalink
Remove inode_owner_or_capable override for secpolicy (#178)
Browse files Browse the repository at this point in the history
This commit fixes a bug whereby owner@ ACL that limits WRITE_DATA
access for the owner of a file was not being properly enforced. The
owner of a file should be prevented from write access in this case,
but being owner of file should still allow the file owner to chmod,
chown, and setacl.

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
  • Loading branch information
anodos325 authored and usaleem-ix committed Dec 20, 2023
1 parent fb730c6 commit 241a774
Showing 1 changed file with 1 addition and 4 deletions.
5 changes: 1 addition & 4 deletions module/os/linux/zfs/policy.c
Original file line number Diff line number Diff line change
Expand Up @@ -120,10 +120,7 @@ secpolicy_vnode_access2(const cred_t *cr, struct inode *ip, uid_t owner,
return (0);
}

if ((uid == owner) || (uid == 0))
return (0);

if (zpl_inode_owner_or_capable(kcred->user_ns, ip))
if (uid == 0)
return (0);

#if defined(CONFIG_USER_NS)
Expand Down

0 comments on commit 241a774

Please sign in to comment.