[src/trunk]: src/external/cddl/osnet/dist/uts/common/fs/zfs In zfs_setattr() ...

[simonb <simonb%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/544f6bf8ccc7
branches:  trunk
changeset: 1029123:544f6bf8ccc7
user:      simonb <simonb%NetBSD.org@localhost>
date:      Wed Dec 22 14:04:10 2021 +0000

description:
In zfs_setattr() don't recheck the auth policy for a "nodump" flags
change. zfs_netbsd_setattr() has already checked if this request is
authorised, and our secpolicy_xvattr() doesn't check kauth chflags.

XXX: Fix this propery when we migrate to openzfs.

riastradh@: Seems reasonable.

diffstat:

 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vnops.c |  10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diffs (21 lines):

diff -r 22090dc7f387 -r 544f6bf8ccc7 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vnops.c
--- a/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vnops.c    Wed Dec 22 12:05:24 2021 +0000
+++ b/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vnops.c    Wed Dec 22 14:04:10 2021 +0000
@@ -3503,7 +3503,17 @@
                if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
                        if (xoap->xoa_nodump !=
                            ((zp->z_pflags & ZFS_NODUMP) != 0)) {
+#if 0
+                               /*
+                                 * XXXSB - zfs_netbsd_setattr()
+                                 * has already checked if this
+                                 * request is authorised, and our
+                                 * secpolicy_xvattr() doesn't check
+                                 * kauth chflags.  Fix this when we
+                                 * migrate to openzfs.
+                                */
                                need_policy = TRUE;
+#endif
                        } else {
                                XVA_CLR_REQ(xvap, XAT_NODUMP);
                                XVA_SET_REQ(&tmpxvattr, XAT_NODUMP);