Clarify comments in config/*.m4, vdev_geom.c, zfs_allow_*.ksh
Rephrase comments to be more clear. Reviewed-by: Serapheim Dimitropoulos <serapheim@delphix.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Ryan Moeller <ryan@iXsystems.com> Signed-off-by: Matthew Ahrens <mahrens@delphix.com> Closes #10481
This commit is contained in:
parent
745ace3f24
commit
540493ba4f
@ -29,9 +29,9 @@ AC_DEFUN([AM_ICONV_LINK],
|
||||
AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY])
|
||||
|
||||
dnl Add $INCICONV to CPPFLAGS before performing the following checks,
|
||||
dnl because if the user has installed libiconv and not disabled its use
|
||||
dnl via --without-libiconv-prefix, he wants to use it. The first
|
||||
dnl AC_LINK_IFELSE will then fail, the second AC_LINK_IFELSE will succeed.
|
||||
dnl so that if libiconv is installed, it will be used (unless disabled
|
||||
dnl via --without-libiconv-prefix). The first AC_LINK_IFELSE will
|
||||
dnl then fail, the second AC_LINK_IFELSE will succeed.
|
||||
am_save_CPPFLAGS="$CPPFLAGS"
|
||||
AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCICONV])
|
||||
|
||||
|
@ -67,8 +67,8 @@ AC_DEFUN([AC_LIB_HAVE_LINKFLAGS],
|
||||
AC_LIB_LINKFLAGS_BODY([$1], [$2])
|
||||
|
||||
dnl Add $INC[]NAME to CPPFLAGS before performing the following checks,
|
||||
dnl because if the user has installed lib[]Name and not disabled its use
|
||||
dnl via --without-lib[]Name-prefix, he wants to use it.
|
||||
dnl so that if lib[]Name is installed, it will be used (unless
|
||||
dnl disabled via --without-lib[]Name-prefix).
|
||||
ac_save_CPPFLAGS="$CPPFLAGS"
|
||||
AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
|
||||
|
||||
|
@ -8,10 +8,9 @@ dnl From Bruno Haible.
|
||||
|
||||
dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed
|
||||
dnl to access previously installed libraries. The basic assumption is that
|
||||
dnl a user will want packages to use other packages he previously installed
|
||||
dnl with the same --prefix option.
|
||||
dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate
|
||||
dnl libraries, but is otherwise very convenient.
|
||||
dnl packages should use other packages that are installed with the same
|
||||
dnl --prefix option. This macro is not needed if only AC_LIB_LINKFLAGS is
|
||||
dnl used to locate libraries, but is otherwise very convenient.
|
||||
AC_DEFUN([AC_LIB_PREFIX],
|
||||
[
|
||||
AC_BEFORE([$0], [AC_LIB_LINKFLAGS])
|
||||
|
@ -844,7 +844,7 @@ vdev_geom_open(vdev_t *vd, uint64_t *psize, uint64_t *max_psize,
|
||||
* opened (since boot), and we are not loading an
|
||||
* existing pool configuration. This looks like a
|
||||
* vdev add operation to a new or existing pool.
|
||||
* Assume the user knows what he/she is doing and find
|
||||
* Assume the user really wants to do this, and find
|
||||
* GEOM provider by its name, ignoring GUID mismatches.
|
||||
*
|
||||
* XXPOLICY: It would be safer to only allow a device
|
||||
|
@ -66,7 +66,7 @@ log_must zfs create $childfs
|
||||
log_must zfs create $grandchild
|
||||
|
||||
#
|
||||
# Setting different permissions to the same set on two level.
|
||||
# Setting different permissions to the same set on two levels.
|
||||
# But only assign the user at one level.
|
||||
#
|
||||
log_must zfs allow -s @set $perms1 $ROOT_TESTFS
|
||||
@ -74,7 +74,8 @@ log_must zfs allow -s @set $perms2 $childfs
|
||||
log_must zfs allow $STAFF1 @set $childfs
|
||||
|
||||
#
|
||||
# Verify only perms2 is valid to user on the level which he was assigned.
|
||||
# Verify that the user only has the permissions that they were assigned
|
||||
# in each filesystem.
|
||||
#
|
||||
log_must verify_noperm $ROOT_TESTFS $perms1 $STAFF1
|
||||
for fs in $childfs $grandchild ; do
|
||||
|
@ -33,13 +33,13 @@
|
||||
|
||||
#
|
||||
# DESCRIPTION:
|
||||
# non-root user can allow any permissions which he is holding to
|
||||
# other else user when it get 'allow' permission.
|
||||
# A non-root user can use 'zfs allow' to delegate permissions that
|
||||
# they have, if they also have the 'allow' permission.
|
||||
#
|
||||
# STRATEGY:
|
||||
# 1. Set two set permissions to two datasets locally.
|
||||
# 2. Verify the non-root user can allow permission if he has allow
|
||||
# permission.
|
||||
# 2. Verify the non-root user can use 'zfs allow' if they have
|
||||
# 'allow' permission.
|
||||
#
|
||||
|
||||
verify_runnable "both"
|
||||
@ -69,8 +69,8 @@ for dtst in $DATASETS ; do
|
||||
log_must user_run $STAFF1 zfs allow -l $OTHER1 $perms1 $dtst
|
||||
log_must verify_perm $dtst $perms1 $OTHER1
|
||||
|
||||
# $perms2 was not allow to $STAFF1, so he have no permission to
|
||||
# delegate permission to other else.
|
||||
# $perms2 was not allowed to $STAFF1, so they do not have
|
||||
# permission to delegate permission to other users.
|
||||
log_mustnot user_run $STAFF1 zfs allow $OTHER1 $perms2 $dtst
|
||||
log_must verify_noperm $dtst $perms2 $OTHER1
|
||||
done
|
||||
|
Loading…
Reference in New Issue
Block a user