Hello,
I''m trying to set ZFS to work with RBAC so that I could manage all ZFS
stuff w/out root. However, in my setup there is sys_mount privilege
needed:
- without sys_mount:
vk199839:tessier:~$ zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
local 264G 71.4G 193G 27% ONLINE -
vk199839:tessier:~$ profiles
ZFS Storage Management
ZFS File system Management
Basic Solaris User
All
vk199839:tessier:~$ ppriv $$
317: bash
flags = <none>
E: basic,dtrace_kernel,dtrace_proc,dtrace_user
I: basic,dtrace_kernel,dtrace_proc,dtrace_user
P: basic,dtrace_kernel,dtrace_proc,dtrace_user
L: all
vk199839:tessier:~$ pfexec zfs create local/testfs
cannot create ''local/testfs'': permission denied
vk199839:tessier:~$ pfexec truss zfs create local/testfs
<snip>
zone_lookup(0x00000000) = 0
ioctl(4, ZFS_IOC_OBJSET_STATS, 0x0804679C) Err#2 ENOENT
ioctl(4, ZFS_IOC_CREATE, 0x0804679C) Err#1 EPERM [sys_mount]
brk(0x080CA000) = 0
fstat64(2, 0x080457C0) = 0
cannot create ''write(2, " c a n n o t c r e a t".., 15)
= 15
local/testfswrite(2, " l o c a l / t e s t f s", 12) = 12
'': permission deniedwrite(2, " '' : p e r m i s s i
o".., 20) = 20
- however with sys_mount:
vk199839:tessier:~$ ppriv $$
434: /usr/bin/bash
flags = <none>
E: basic,dtrace_kernel,dtrace_proc,dtrace_user,sys_mount
I: basic,dtrace_kernel,dtrace_proc,dtrace_user,sys_mount
P: basic,dtrace_kernel,dtrace_proc,dtrace_user,sys_mount
L: all
vk199839:tessier:~$ profiles
ZFS Storage Management
ZFS File system Management
Basic Solaris User
All
vk199839:tessier:~$ pfexec zfs create local/testfs
vk199839:tessier:~$ echo $?
0
vk199839:tessier:~$ zfs list |grep testfs
local/testfs 9K 191G 9K /local/testfs
vk199839:sier:~$ ls -ald /local/testfs/
drwxr-xr-x 2 root sys 2 Sep 12 19:15 /local/testfs/
vk199839:tessier:~$ ls -ald /local/
drwxrwxr-x 14 vk199839 sys 16 Sep 12 19:15 /local/
Any idea what is wrong ?
Also, I would like the fs to be created with vk199839:sys and not with
root:sys ownership.
v.