Remove inode_owner_or_capable override for secpolicy (#179)

This commit fixes a bug whereby owner@ ACL that limits WRITE_DATA access for the owner of a file was not being properly enforced. The owner of a file should be prevented from write access in this case, but being owner of file should still allow the file owner to chmod, chown, and setacl. Signed-off-by: Andrew Walker <[email protected]>
truenas · Nov 16, 2023 · 0af02f7 · 0af02f7
1 parent 908c376
commit 0af02f7
Showing 1 changed file with 1 addition and 4 deletions.
diff --git a/module/os/linux/zfs/policy.c b/module/os/linux/zfs/policy.c
@@ -120,10 +120,7 @@ secpolicy_vnode_access2(const cred_t *cr, struct inode *ip, uid_t owner,
 		return (0);
 	}
 
-	if ((uid == owner) || (uid == 0))
-		return (0);
-
-	if (zpl_inode_owner_or_capable(zfs_init_idmap, ip))
+	if (uid == 0)
 		return (0);
 
 #if defined(CONFIG_USER_NS)