diff options
| author | Jerry Jelinek <jerry.jelinek@joyent.com> | 2013-06-24 19:43:25 +0000 |
|---|---|---|
| committer | Robert Mustacchi <rm@joyent.com> | 2014-03-28 14:59:49 -0700 |
| commit | 8cd81a20c40b49e1fad4022a2774ec6ad5066532 (patch) | |
| tree | 58f2d934d415c60ca40418b7d582b510fe287fda /usr/src/cmd/zoneadmd/vplat.c | |
| parent | 3878843a57bae7ad8da31ef4aaeed8388d2f534c (diff) | |
| download | illumos-joyent-8cd81a20c40b49e1fad4022a2774ec6ad5066532.tar.gz | |
4662 need a way to disable default file systems in zones
Reviewed by: Dan McDonald <danmcd@omniti.com>
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Approved by: Richard Lowe <richlowe@richlowe.net>
Diffstat (limited to 'usr/src/cmd/zoneadmd/vplat.c')
| -rw-r--r-- | usr/src/cmd/zoneadmd/vplat.c | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/usr/src/cmd/zoneadmd/vplat.c b/usr/src/cmd/zoneadmd/vplat.c index df81c54c96..b9954b81b3 100644 --- a/usr/src/cmd/zoneadmd/vplat.c +++ b/usr/src/cmd/zoneadmd/vplat.c @@ -21,6 +21,7 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, Joyent Inc. All rights reserved. */ /* @@ -157,6 +158,8 @@ static m_label_t *zlabel = NULL; static m_label_t *zid_label = NULL; static priv_set_t *zprivs = NULL; +static const char *DFLT_FS_ALLOWED = "hsfs,smbfs,nfs,nfs3,nfs4,nfsdyn"; + /* from libsocket, not in any header file */ extern int getnetmaskbyaddr(struct in_addr, struct in_addr *); @@ -4589,26 +4592,42 @@ setup_zone_hostid(zone_dochandle_t handle, zlog_t *zlogp, zoneid_t zoneid) static int setup_zone_fs_allowed(zone_dochandle_t handle, zlog_t *zlogp, zoneid_t zoneid) { - char fsallowedp[ZONE_FS_ALLOWED_MAX]; + char fsallowed[ZONE_FS_ALLOWED_MAX]; + char *fsallowedp = fsallowed; + int len = sizeof (fsallowed); int res; - res = zonecfg_get_fs_allowed(handle, fsallowedp, sizeof (fsallowedp)); + res = zonecfg_get_fs_allowed(handle, fsallowed, len); if (res == Z_BAD_PROPERTY) { - return (Z_OK); + /* No value, set the defaults */ + (void) strlcpy(fsallowed, DFLT_FS_ALLOWED, len); } else if (res != Z_OK) { - report_prop_err(zlogp, "fs-allowed", fsallowedp, res); + report_prop_err(zlogp, "fs-allowed", fsallowed, res); return (res); + } else if (fsallowed[0] == '-') { + /* dropping default privs - use remaining list */ + if (fsallowed[1] != ',') + return (Z_OK); + fsallowedp += 2; + len -= 2; + } else { + /* Has a value, append the defaults */ + if (strlcat(fsallowed, ",", len) >= len || + strlcat(fsallowed, DFLT_FS_ALLOWED, len) >= len) { + report_prop_err(zlogp, "fs-allowed", fsallowed, + Z_TOO_BIG); + return (Z_TOO_BIG); + } } - if (zone_setattr(zoneid, ZONE_ATTR_FS_ALLOWED, &fsallowedp, - sizeof (fsallowedp)) != 0) { + if (zone_setattr(zoneid, ZONE_ATTR_FS_ALLOWED, fsallowedp, len) != 0) { zerror(zlogp, B_TRUE, "fs-allowed couldn't be set: %s: %d", fsallowedp, res); return (Z_SYSTEM); } - return (res); + return (Z_OK); } static int |