In zfs_setattr() don't recheck the auth policy for a "nodump" flags

change. zfs_netbsd_setattr() has already checked if this request is authorised, and our secpolicy_xvattr() doesn't check kauth chflags. XXX: Fix this propery when we migrate to openzfs. riastradh@: Seems reasonable.
2021-12-22 14:04:10 +00:00 · 2021-12-22 14:04:10 +00:00 · 8ac21e5a89
parent baff841034
commit 8ac21e5a89
1 changed files with 10 additions and 0 deletions
--- a/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vnops.c
+++ b/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vnops.c
@ -3503,7 +3503,17 @@ zfs_setattr(vnode_t *vp, vattr_t *vap, int flags, cred_t *cr,
 		if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
 			if (xoap->xoa_nodump !=
 			    ((zp->z_pflags & ZFS_NODUMP) != 0)) {
+#if 0
+				/*
+                                 * XXXSB - zfs_netbsd_setattr()
+                                 * has already checked if this
+                                 * request is authorised, and our
+                                 * secpolicy_xvattr() doesn't check
+                                 * kauth chflags.  Fix this when we
+                                 * migrate to openzfs.
+				 */
 				need_policy = TRUE;
+#endif
 			} else {
 				XVA_CLR_REQ(xvap, XAT_NODUMP);
 				XVA_SET_REQ(&tmpxvattr, XAT_NODUMP);