Temporarily use root credentials to mount snapshots in .zfs

When mounting a snapshot in the .zfs/snapshots control directory,
temporarily assume roots credentials to perform the VFS_MOUNT().

This allows regular users and users inside jails to access these
snapshots.

The regular usermount code is not helpful here, since it requires
that the user performing the mount own the mountpoint, which won't
be the case for .zfs/snapshot/<snapname>

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tony Nguyen <tony.nguyen@delphix.com>
Signed-off-by: Allan Jude <allan@klarasystems.com>
Sponsored-By: Modirum MDPay
Sponsored-By: Klara Inc.
Closes #11312

diff --git a/module/os/freebsd/spl/spl_vfs.c b/module/os/freebsd/spl/spl_vfs.c
index 60ea627e975b4f9d50d4926be9d10005b03fcd63..3f4feb140d5e6fc322306e5a6e269a3acf6b8cff 100644 (file)
--- a/module/os/freebsd/spl/spl_vfs.c
+++ b/module/os/freebsd/spl/spl_vfs.c
@@ -125,7 +125,7 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const char *fstype, char *fspath,
        struct vfsconf *vfsp;
        struct mount *mp;
        vnode_t *vp, *mvp;
-       struct ucred *cr;
+       struct ucred *pcr, *tcr;
        int error;
 
        ASSERT_VOP_ELOCKED(*vpp, "mount_snapshot");
@@ -194,14 +194,18 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const char *fstype, char *fspath,
         * mount(8) and df(1) output.
         */
        mp->mnt_flag |= MNT_IGNORE;
+
        /*
         * XXX: This is evil, but we can't mount a snapshot as a regular user.
         * XXX: Is is safe when snapshot is mounted from within a jail?
         */
-       cr = td->td_ucred;
+       tcr = td->td_ucred;
+       pcr = td->td_proc->p_ucred;
        td->td_ucred = kcred;
+       td->td_proc->p_ucred = kcred;
        error = VFS_MOUNT(mp);
-       td->td_ucred = cr;
+       td->td_ucred = tcr;
+       td->td_proc->p_ucred = pcr;
 
        if (error != 0) {
                /*