When mounting a snapshot in the .zfs/snapshots control directory,
temporarily assume roots credentials to perform the VFS_MOUNT().
This allows regular users and users inside jails to access these
snapshots.
The regular usermount code is not helpful here, since it requires
that the user performing the mount own the mountpoint, which won't
be the case for .zfs/snapshot/<snapname>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tony Nguyen <tony.nguyen@delphix.com>
Signed-off-by: Allan Jude <allan@klarasystems.com>
Sponsored-By: Modirum MDPay
Sponsored-By: Klara Inc.
Closes #11312
struct vfsconf *vfsp;
struct mount *mp;
vnode_t *vp, *mvp;
- struct ucred *cr;
+ struct ucred *pcr, *tcr;
int error;
ASSERT_VOP_ELOCKED(*vpp, "mount_snapshot");
* mount(8) and df(1) output.
*/
mp->mnt_flag |= MNT_IGNORE;
+
/*
* XXX: This is evil, but we can't mount a snapshot as a regular user.
* XXX: Is is safe when snapshot is mounted from within a jail?
*/
- cr = td->td_ucred;
+ tcr = td->td_ucred;
+ pcr = td->td_proc->p_ucred;
td->td_ucred = kcred;
+ td->td_proc->p_ucred = kcred;
error = VFS_MOUNT(mp);
- td->td_ucred = cr;
+ td->td_ucred = tcr;
+ td->td_proc->p_ucred = pcr;
if (error != 0) {
/*