zfs allow send:encrypted #17543
zfs allow send:encrypted #17543
Conversation
|
Why can't it be |
Outside of encryption it makes no sense to restrict it. But I agree that raw sounds consistent with the |
The permission was originally called If there is a preference to call it |
allanjude
force-pushed
the
send_encrypted
branch
from
8bfcda6 to
97fbdcb
Compare
A new `zfs allow` permissions that ONLY allows sending replication streams in raw (encrypted) mode, so encrypted data will not be decrypted as part of the replication process. Sponsored-by: Klara, Inc. Sponsored-by: Karakun AG Co-authored-by: JT Pennington <[email protected]> Signed-off-by: Allan Jude <[email protected]>
Create tests for the new send:encrypted permission Sponsored-by: Klara, Inc. Sponsored-by: Karakun AG Signed-off-by: JT Pennington <[email protected]>
allanjude
force-pushed
the
send_encrypted
branch
from
97fbdcb to
a027152
Compare
|
Fixed a missing line continuation that failed to install some of the tests |
| if (rawok == B_TRUE) { | ||
| error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, | ||
| ZFS_DELEG_PERM_SENDRAW, cr); | ||
| } | ||
| if (rawok == B_FALSE || error != 0) { | ||
| error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, | ||
| ZFS_DELEG_PERM_SEND, cr); | ||
| } |
There was a problem hiding this comment.
May be subjective, but I'd first verified ZFS_DELEG_PERM_SEND and then, if needed, more specific ZFS_DELEG_PERM_SENDRAW.
| # Copyright 2007 Sun Microsystems, Inc. All rights reserved. | ||
| # Use is subject to license terms. |
There was a problem hiding this comment.
I wonder what part here is from Sun? ;)
|
|
||
| # Create staff group and add two user to it | ||
| log_must add_group $STAFF_GROUP | ||
| if ! id $STAFF1 > /dev/null 2>&1; then |
There was a problem hiding this comment.
I wonder if we need to check this. At least add_user_freebsd already checks it inside. Wonder is Linux' useradd does it.
| log_note "Create a user called 'testerbot'." | ||
| if ! id testerbot > /dev/null 2>&1; then | ||
| user_added="TRUE" | ||
| log_must add_user $STAFF_GROUP testerbot |
There was a problem hiding this comment.
Can't we use some $STAFF1 created in setup?
| # 4. Write random data to the encrypted dataset | ||
| # 5. Snapshot the dataset | ||
| # 6. As root: attempt a send and raw send (both should succeed) | ||
| # 7. As user: attempt a send and raw send (both should fail, no permission) |
There was a problem hiding this comment.
I don't see any log_mustnot in this file. Is the description not accurate?
Motivation and Context
Allow delegation of permission to ONLY send raw encrypted replication.
This allows automated replication processes to only have permission to the raw replication stream, without the ability to send the decrypted version of the stream.
Description
A new
zfs allowpermission:send:encrypted, similar to the existingsendpermission, but only allows send with the--rawflag. Any attempt to send without--rawwill be denied.The existing
sendpermission is unchanged, so retains the ability to send either way.How Has This Been Tested?
Manually, and with new ZTS additions
Types of changes
Checklist:
Signed-off-by.