Hi!
I noticed that a non-root user is able to create (but not delete)
snapshots of a root btrfs filesystem on kernel 3.4.0.
I''m not sure I understand the security model correctly, but letting
unprivileged users create snapshots of the entire filesystem seems...
wrong. Is this intentional?
------------------------------------------------------------
~/test$ ls -la
total 0
drwxr-xr-x 1 sliedes sliedes 0 Jun 4 02:28 .
drwxr-xr-x 1 sliedes sliedes 7352 Jun 4 02:27 ..
~/test$ whoami
sliedes
~/test$ groups
sliedes dialout cdrom floppy audio src video plugdev kvm wireshark sbox
~/test$ btrfs subvolume snapshot / newsnap
Create a snapshot of ''/'' in ''./newsnap''
~/test$ ls -la
total 32
drwxr-xr-x 1 sliedes sliedes 14 Jun 4 02:28 .
drwxr-xr-x 1 sliedes sliedes 7352 Jun 4 02:27 ..
drwxr-xr-x 1 root root 336 Jun 2 05:32 newsnap
~/test$ btrfs subvolume delete newsnap
Delete subvolume ''/home/sliedes/test/newsnap''
ERROR: cannot delete ''/home/sliedes/test/newsnap'' - Operation
not permitted
~/test$ sudo btrfs subvolume delete newsnap
Delete subvolume ''/home/sliedes/test/newsnap''
~/test$
------------------------------------------------------------
Sami
