summaryrefslogtreecommitdiff
path: root/usr/src
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src')
-rw-r--r--usr/src/cmd/zoneadmd/vplat.c33
-rw-r--r--usr/src/lib/libzonecfg/common/libzonecfg.c2
-rw-r--r--usr/src/man/man1m/zonecfg.1m7
-rw-r--r--usr/src/uts/common/fs/hsfs/hsfs_vfsops.c3
-rw-r--r--usr/src/uts/common/fs/nfs/nfs4_common.c3
-rw-r--r--usr/src/uts/common/fs/nfs/nfs_common.c7
-rw-r--r--usr/src/uts/common/fs/smbclnt/smbfs/smbfs_vfsops.c3
7 files changed, 42 insertions, 16 deletions
diff --git a/usr/src/cmd/zoneadmd/vplat.c b/usr/src/cmd/zoneadmd/vplat.c
index df81c54c96..b9954b81b3 100644
--- a/usr/src/cmd/zoneadmd/vplat.c
+++ b/usr/src/cmd/zoneadmd/vplat.c
@@ -21,6 +21,7 @@
/*
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, Joyent Inc. All rights reserved.
*/
/*
@@ -157,6 +158,8 @@ static m_label_t *zlabel = NULL;
static m_label_t *zid_label = NULL;
static priv_set_t *zprivs = NULL;
+static const char *DFLT_FS_ALLOWED = "hsfs,smbfs,nfs,nfs3,nfs4,nfsdyn";
+
/* from libsocket, not in any header file */
extern int getnetmaskbyaddr(struct in_addr, struct in_addr *);
@@ -4589,26 +4592,42 @@ setup_zone_hostid(zone_dochandle_t handle, zlog_t *zlogp, zoneid_t zoneid)
static int
setup_zone_fs_allowed(zone_dochandle_t handle, zlog_t *zlogp, zoneid_t zoneid)
{
- char fsallowedp[ZONE_FS_ALLOWED_MAX];
+ char fsallowed[ZONE_FS_ALLOWED_MAX];
+ char *fsallowedp = fsallowed;
+ int len = sizeof (fsallowed);
int res;
- res = zonecfg_get_fs_allowed(handle, fsallowedp, sizeof (fsallowedp));
+ res = zonecfg_get_fs_allowed(handle, fsallowed, len);
if (res == Z_BAD_PROPERTY) {
- return (Z_OK);
+ /* No value, set the defaults */
+ (void) strlcpy(fsallowed, DFLT_FS_ALLOWED, len);
} else if (res != Z_OK) {
- report_prop_err(zlogp, "fs-allowed", fsallowedp, res);
+ report_prop_err(zlogp, "fs-allowed", fsallowed, res);
return (res);
+ } else if (fsallowed[0] == '-') {
+ /* dropping default privs - use remaining list */
+ if (fsallowed[1] != ',')
+ return (Z_OK);
+ fsallowedp += 2;
+ len -= 2;
+ } else {
+ /* Has a value, append the defaults */
+ if (strlcat(fsallowed, ",", len) >= len ||
+ strlcat(fsallowed, DFLT_FS_ALLOWED, len) >= len) {
+ report_prop_err(zlogp, "fs-allowed", fsallowed,
+ Z_TOO_BIG);
+ return (Z_TOO_BIG);
+ }
}
- if (zone_setattr(zoneid, ZONE_ATTR_FS_ALLOWED, &fsallowedp,
- sizeof (fsallowedp)) != 0) {
+ if (zone_setattr(zoneid, ZONE_ATTR_FS_ALLOWED, fsallowedp, len) != 0) {
zerror(zlogp, B_TRUE,
"fs-allowed couldn't be set: %s: %d", fsallowedp, res);
return (Z_SYSTEM);
}
- return (res);
+ return (Z_OK);
}
static int
diff --git a/usr/src/lib/libzonecfg/common/libzonecfg.c b/usr/src/lib/libzonecfg/common/libzonecfg.c
index 9a664b8824..7b2a1f014f 100644
--- a/usr/src/lib/libzonecfg/common/libzonecfg.c
+++ b/usr/src/lib/libzonecfg/common/libzonecfg.c
@@ -2322,7 +2322,7 @@ zonecfg_valid_fs_allowed(const char *fsallowedp)
while (*cp != '\0') {
p = cp;
while (*p != '\0' && *p != ',') {
- if (!isalnum(*p))
+ if (!isalnum(*p) && *p != '-')
return (Z_INVALID_PROPERTY);
p++;
}
diff --git a/usr/src/man/man1m/zonecfg.1m b/usr/src/man/man1m/zonecfg.1m
index 9e0ec3ce6a..791f532f8b 100644
--- a/usr/src/man/man1m/zonecfg.1m
+++ b/usr/src/man/man1m/zonecfg.1m
@@ -1,9 +1,10 @@
'\" te
.\" Copyright (c) 2004, 2009 Sun Microsystems, Inc. All Rights Reserved.
+.\" Copyright 2013 Joyent, Inc. All Rights Reserved.
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
.\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
.\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH ZONECFG 1M "Aug 24, 2012"
+.TH ZONECFG 1M "Feb 28, 2014"
.SH NAME
zonecfg \- set up zone configuration
.SH SYNOPSIS
@@ -871,7 +872,9 @@ control and is related to the \fBzone.cpu-cap\fR resource control. See
.RS 4n
A comma-separated list of additional filesystems that may be mounted within
the zone; for example "ufs,pcfs". By default, only hsfs(7fs) and network
-filesystems can be mounted.
+filesystems can be mounted. If the first entry in the list is "-" then
+that disables all of the default filesystems. If any filesystems are listed
+after "-" then only those filesystems can be mounted.
This property does not apply to filesystems mounted into the zone via "add fs"
or "add dataset".
diff --git a/usr/src/uts/common/fs/hsfs/hsfs_vfsops.c b/usr/src/uts/common/fs/hsfs/hsfs_vfsops.c
index 8286dc11ac..dbe9aa4c07 100644
--- a/usr/src/uts/common/fs/hsfs/hsfs_vfsops.c
+++ b/usr/src/uts/common/fs/hsfs/hsfs_vfsops.c
@@ -21,6 +21,7 @@
/*
* Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2011 Bayard G. Bell. All rights reserved.
+ * Copyright 2013 Joyent, Inc. All rights reserved.
*/
/*
@@ -149,7 +150,7 @@ static vfsdef_t vfw = {
"hsfs",
hsfsinit,
/* We don't suppport remounting */
- VSW_HASPROTO|VSW_STATS|VSW_CANLOFI|VSW_ZMOUNT,
+ VSW_HASPROTO|VSW_STATS|VSW_CANLOFI,
&hsfs_proto_opttbl
};
diff --git a/usr/src/uts/common/fs/nfs/nfs4_common.c b/usr/src/uts/common/fs/nfs/nfs4_common.c
index 03c9dbcbaa..11c6984f95 100644
--- a/usr/src/uts/common/fs/nfs/nfs4_common.c
+++ b/usr/src/uts/common/fs/nfs/nfs4_common.c
@@ -22,6 +22,7 @@
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
*
* Copyright 2011, 2012 Nexenta Systems, Inc. All rights reserved.
+ * Copyright 2013 Joyent, Inc. All rights reserved.
*/
/*
@@ -50,7 +51,7 @@ static vfsdef_t vfw4 = {
VFSDEF_VERSION,
"nfs4",
nfs4init,
- VSW_CANREMOUNT|VSW_NOTZONESAFE|VSW_STATS|VSW_ZMOUNT,
+ VSW_CANREMOUNT|VSW_NOTZONESAFE|VSW_STATS,
NULL
};
diff --git a/usr/src/uts/common/fs/nfs/nfs_common.c b/usr/src/uts/common/fs/nfs/nfs_common.c
index 16a467e64c..6a3cb3d695 100644
--- a/usr/src/uts/common/fs/nfs/nfs_common.c
+++ b/usr/src/uts/common/fs/nfs/nfs_common.c
@@ -21,6 +21,7 @@
/*
* Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2011 Bayard G. Bell. All rights reserved.
+ * Copyright 2013 Joyent, Inc. All rights reserved.
*/
/*
@@ -123,7 +124,7 @@ static vfsdef_t vfw = {
VFSDEF_VERSION,
"nfsdyn",
nfsdyninit,
- VSW_ZMOUNT,
+ 0,
NULL
};
@@ -140,7 +141,7 @@ static vfsdef_t vfw2 = {
VFSDEF_VERSION,
"nfs",
nfsinit,
- VSW_CANREMOUNT|VSW_NOTZONESAFE|VSW_STATS|VSW_ZMOUNT,
+ VSW_CANREMOUNT|VSW_NOTZONESAFE|VSW_STATS,
NULL
};
@@ -157,7 +158,7 @@ static vfsdef_t vfw3 = {
VFSDEF_VERSION,
"nfs3",
nfs3init,
- VSW_CANREMOUNT|VSW_NOTZONESAFE|VSW_STATS|VSW_ZMOUNT,
+ VSW_CANREMOUNT|VSW_NOTZONESAFE|VSW_STATS,
NULL
};
diff --git a/usr/src/uts/common/fs/smbclnt/smbfs/smbfs_vfsops.c b/usr/src/uts/common/fs/smbclnt/smbfs/smbfs_vfsops.c
index 86c8111b72..6473b52690 100644
--- a/usr/src/uts/common/fs/smbclnt/smbfs/smbfs_vfsops.c
+++ b/usr/src/uts/common/fs/smbclnt/smbfs/smbfs_vfsops.c
@@ -34,6 +34,7 @@
/*
* Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2013, Joyent, Inc. All rights reserved.
*/
#include <sys/systm.h>
@@ -115,7 +116,7 @@ static vfsdef_t vfw = {
VFSDEF_VERSION,
(char *)fs_type_name,
smbfsinit, /* init routine */
- VSW_HASPROTO|VSW_NOTZONESAFE|VSW_ZMOUNT, /* flags */
+ VSW_HASPROTO|VSW_NOTZONESAFE, /* flags */
&smbfs_mntopts /* mount options table prototype */
};
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-19 10:40:42 +0000