[zfs-discuss] sys_mount problem

Tue, 12 Sep 2006 10:25:07 -0700 

Hello,

I'm trying to set ZFS to work with RBAC so that I could manage all ZFS
stuff w/out root. However, in my setup there is sys_mount privilege
needed:

- without sys_mount:

vk199839:tessier:~$ zpool list
NAME                    SIZE    USED   AVAIL    CAP  HEALTH     ALTROOT
local                   264G   71.4G    193G    27%  ONLINE     -
vk199839:tessier:~$ profiles 
ZFS Storage Management
ZFS File system Management
Basic Solaris User
All
vk199839:tessier:~$ ppriv $$
317:    bash
flags = <none>
        E: basic,dtrace_kernel,dtrace_proc,dtrace_user
        I: basic,dtrace_kernel,dtrace_proc,dtrace_user
        P: basic,dtrace_kernel,dtrace_proc,dtrace_user
        L: all
vk199839:tessier:~$ pfexec zfs create local/testfs
cannot create 'local/testfs': permission denied
vk199839:tessier:~$ pfexec truss zfs create local/testfs

<snip>

zone_lookup(0x00000000)                         = 0
ioctl(4, ZFS_IOC_OBJSET_STATS, 0x0804679C)      Err#2 ENOENT
ioctl(4, ZFS_IOC_CREATE, 0x0804679C)            Err#1 EPERM [sys_mount]
brk(0x080CA000)                                 = 0
fstat64(2, 0x080457C0)                          = 0
cannot create 'write(2, " c a n n o t   c r e a t".., 15)       = 15
local/testfswrite(2, " l o c a l / t e s t f s", 12)    = 12
': permission deniedwrite(2, " ' :   p e r m i s s i o".., 20)  = 20


- however with sys_mount:

vk199839:tessier:~$ ppriv $$
434:    /usr/bin/bash
flags = <none>
        E: basic,dtrace_kernel,dtrace_proc,dtrace_user,sys_mount
        I: basic,dtrace_kernel,dtrace_proc,dtrace_user,sys_mount
        P: basic,dtrace_kernel,dtrace_proc,dtrace_user,sys_mount
        L: all
vk199839:tessier:~$ profiles 
ZFS Storage Management
ZFS File system Management
Basic Solaris User
All
vk199839:tessier:~$ pfexec zfs create local/testfs
vk199839:tessier:~$ echo $?
0
vk199839:tessier:~$ zfs list |grep testfs
local/testfs             9K   191G     9K  /local/testfs
vk199839:sier:~$ ls -ald /local/testfs/
drwxr-xr-x   2 root     sys            2 Sep 12 19:15 /local/testfs/
vk199839:tessier:~$ ls -ald /local/       
drwxrwxr-x  14 vk199839 sys           16 Sep 12 19:15 /local/

Any idea what is wrong ?

Also, I would like the fs to be created with vk199839:sys and not with
root:sys ownership.


v.
_______________________________________________
zfs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Reply via email to