ZFS: fix the delegate tests

These tests have never worked correctly

* Replace runwattr with sudo
* Fix a scoping bug with the "dtst" variable
* Cleanup user properties created during tests
* Eliminate the checks for refreservation and send support. They will always
  be supported.
* Fix verify_fs_snapshot. It seemed to assume that permissions would not yet
  be delegated, but that's not how it's actually used.
* Combine verify_fs_promote with verify_vol_promote
* Remove some useless sleeps
* Fix backwards condition in verify_vol_volsize
* Remove some redundant cleanup steps in the tests. cleanup.ksh will handle
  everything.
* Disable some parts of the tests that FreeBSD doesn't support:
    * Creating snapshots with mkdir
    * devices
    * shareisci
    * sharenfs
    * xattr
    * zoned

The sharenfs parts could probably be reenabled with more work to remove the
Solarisms.

MFC after:	2 weeks
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D21898

tests/sys/cddl/zfs/tests/delegate/delegate_common.kshlib

@@ -159,11 +159,9 @@ function user_run
 {
 	typeset user=$1
 	typeset group=$($GROUPS $user)
-
 	shift
 
-	eval \$RUNWATTR -u \$user -g \$group \"$@\" > /dev/null 2>&1
-	return $?
+	sudo -u $user -g $group $@
 }
 
 function common_perm
@@ -251,7 +249,7 @@ function check_fs_perm
 			ret=$?
 			;;
 		promote) 
-			verify_fs_promote $user $perm $fs
+			verify_promote $user $perm $fs
 			ret=$?
 			;;
 		canmount)
@@ -336,7 +334,7 @@ function check_vol_perm
 			ret=$?
 			;;
 		promote) 
-			verify_vol_promote $user $perm $vol
+			verify_promote $user $perm $vol
 			ret=$?
 			;;
 		volsize) 
@@ -358,6 +356,8 @@ function check_vol_perm
 
 function setup_unallow_testenv
 {
+	typeset dtst
+
 	log_must restore_root_datasets
 
 	log_must $ZFS create $SUBFS
@@ -403,8 +403,9 @@ function verify_send
 	typeset bak_user=$TMPDIR/bak.$user.$stamp
 	typeset bak_root=$TMPDIR/bak.root.$stamp
 
-	user_run $user eval "$ZFS send $snap > $bak_user"
+	user_run $user $ZFS send $snap > $bak_user
 	log_must eval "$ZFS send $snap > $bak_root"
+	log_must $ZFS destroy $snap
 
 	if [[ $(checksum $bak_user) == $(checksum $bak_root) ]]; then
 		ret=0
@@ -422,6 +423,7 @@ function verify_fs_receive
 	typeset perm=$2
 	typeset fs=$3
 
+	typeset dtst
 	typeset oldval
 	typeset stamp=${perm}.${user}.$($DATE +'%F-%R:%S')
 	typeset newfs=$fs/newfs.$stamp
@@ -444,27 +446,27 @@ function verify_fs_receive
 		log_must eval "$ZFS send $dtstsnap > $bak_root"
 		log_must $ZFS destroy -rf $dtst
 
-		user_run $user eval "$ZFS receive $dtst < $bak_root"
+		user_run $user $ZFS receive $dtst < $bak_root
 		if datasetexists $dtstsnap ; then
 			return 1
 		fi
 
 		log_must $ZFS allow $user create $fs
-		user_run $user eval "$ZFS receive $dtst < $bak_root"
+		user_run $user $ZFS receive $dtst < $bak_root
 		log_must $ZFS unallow $user create $fs
 		if datasetexists $dtstsnap ; then
 			return 1
 		fi
 
 		log_must $ZFS allow $user mount $fs
-		user_run $user eval "$ZFS receive $dtst < $bak_root"
+		user_run $user $ZFS receive $dtst < $bak_root
 		log_must $ZFS unallow $user mount $fs
 		if datasetexists $dtstsnap ; then
 			return 1
 		fi
 
 		log_must $ZFS allow $user mount,create $fs
-		user_run $user eval "$ZFS receive $dtst < $bak_root"
+		user_run $user $ZFS receive $dtst < $bak_root
 		log_must $ZFS unallow $user mount,create $fs
 		if ! datasetexists $dtstsnap ; then
 			return 1
@@ -500,6 +502,7 @@ function verify_userprop
 	if [[ $stamp != $(get_prop "$user:ts" $dtst) ]]; then
 		return 1
 	fi
+	log_must $ZFS inherit "$user:ts" $dtst
 
 	return 0
 }
@@ -581,7 +584,6 @@ function verify_fs_create
 	typeset stamp=${perm}.${user}.$($DATE +'%F-%R:%S')
 	typeset newfs=$fs/nfs.$stamp
 	typeset newvol=$fs/nvol.$stamp
-	typeset check_refrev=false
 
 	user_run $user $ZFS create $newfs
 	if datasetexists $newfs ; then
@@ -594,9 +596,6 @@ function verify_fs_create
 	if ! datasetexists $newfs ; then
 		return 1
 	fi
-	if support_refrev $newfs; then
-		check_refrev=true
-	fi
 	log_must $ZFS destroy $newfs
 
 	if is_global_zone ; then
@@ -635,26 +634,20 @@ function verify_fs_create
 			return 1
 		fi
 
-		if [[ $check_refrev == true ]]; then
-			log_must $ZFS allow $user refreservation $fs
-			user_run $user $ZFS create -V 150m $newvol
-			log_must $ZFS unallow $user refreservation $fs
-			if datasetexists $newvol ; then
-				return 1
-			fi
+		log_must $ZFS allow $user refreservation $fs
+		user_run $user $ZFS create -V 150m $newvol
+		log_must $ZFS unallow $user refreservation $fs
+		if datasetexists $newvol ; then
+			return 1
 		fi
 
 		log_must $ZFS allow $user mount $fs
 		log_must $ZFS allow $user reservation $fs
-		if [[ $check_refrev == true ]]; then
-			log_must $ZFS allow $user refreservation $fs
-		fi
+		log_must $ZFS allow $user refreservation $fs
 		user_run $user $ZFS create -V 150m $newvol
 		log_must $ZFS unallow $user mount $fs
 		log_must $ZFS unallow $user reservation $fs
-		if [[ $check_refrev == true ]]; then
-			log_must $ZFS unallow $user refreservation $fs
-		fi
+		log_must $ZFS unallow $user refreservation $fs
 		if ! datasetexists $newvol ; then
 			return 1
 		fi
@@ -708,13 +701,6 @@ function verify_fs_snapshot
 		log_must $ZFS umount $fs
 	fi
 	user_run $user $ZFS snapshot $snap
-	if datasetexists $snap ; then
-		return 1
-	fi
-
-	log_must $ZFS allow $user mount $fs
-	user_run $user $ZFS snapshot $snap
-	log_must $ZFS unallow $user mount $fs
 	if ! datasetexists $snap ; then
 		return 1
 	fi
@@ -724,31 +710,20 @@ function verify_fs_snapshot
 		log_must $ZFS mount $fs
 	fi
 	user_run $user $ZFS snapshot $snap
-	if datasetexists $snap ; then
-		return 1
-	fi
-
-	log_must $ZFS allow $user mount $fs
-	user_run $user $ZFS snapshot $snap
-	log_must $ZFS unallow $user mount $fs
 	if ! datasetexists $snap ; then
 		return 1
 	fi
 	log_must $ZFS destroy $snap
 
-	typeset snapdir=${mntpt}/$(get_snapdir_name)/snap.$stamp
-	user_run $user $MKDIR $snapdir
-	if datasetexists $snap ; then
-		return 1
-	fi
-
-	log_must $ZFS allow $user mount $fs
-	user_run $user $MKDIR $snapdir
-	log_must $ZFS unallow $user mount $fs
-	if ! datasetexists $snap ; then
-		return 1
-	fi
-	log_must $ZFS destroy $snap
+	# TODO
+	# FreeBSD does not yet support creating snapshots with mkdir.
+	# See tests/sys/cddl/zfs/tests/snapshot/snapshot_015_pos.ksh
+	# typeset snapdir=${mntpt}/$(get_snapdir_name)/snap.$stamp
+	# user_run $user $MKDIR $snapdir
+	# if ! datasetexists $snap ; then
+		# return 1
+	# fi
+	# log_must $ZFS destroy $snap
 
 	return 0
 }
@@ -773,23 +748,14 @@ function verify_fs_rollback
 	log_must $TOUCH $mntpt/testfile.$stamp
 
 	user_run $user $ZFS rollback -R $snap
-	$SLEEP 10
-	if is_global_zone ; then
-		if [[ $oldval == $(datasetcksum $fs) ]]; then
-			return 1
-		fi
-	else
-		# datasetcksum can not be used in local zone
-		if [[ ! -e $mntpt/testfile.$stamp ]]; then
-			return 1
-		fi
+	if [[ -e $mntpt/testfile.$stamp ]]; then
+		return 1
 	fi
 
 	# rollback on mounted fs has to be with mount permission
 	log_must $ZFS allow $user mount $fs
 	user_run $user $ZFS rollback -R $snap
 	log_must $ZFS unallow $user mount $fs
-	$SLEEP 10
 	if is_global_zone ; then
 		if [[ $oldval != $(datasetcksum $fs) ]]; then
 			return 1
@@ -1083,7 +1049,7 @@ function verify_fs_mountpoint
 	return 0
 }
 
-function verify_fs_promote
+function verify_promote
 {
 	typeset user=$1
 	typeset perm=$2
@@ -1102,13 +1068,14 @@ function verify_fs_promote
 	typeset clone_orig=$(get_prop origin $clone)
 
 	user_run $user $ZFS promote $fs
-	# promote should fail if original fs does not have
-	# promote permission
+	# promote should fail if original fs does not have mount and promote
+	# permissions
 	if [[ $fs_orig != $(get_prop origin $fs) || \
 		$clone_orig != $(get_prop origin $clone) ]]; then
 		return 1
 	fi
 	
+	# promote should fail if original fs does not have mount permission
 	log_must $ZFS allow $user promote $clone
 	user_run $user $ZFS promote $fs
 	log_must $ZFS unallow $user promote $clone
@@ -1117,6 +1084,7 @@ function verify_fs_promote
 		return 1
 	fi
 	
+	# promote should fail if original fs does not have promote permission
 	log_must $ZFS allow $user mount $fs
 	user_run $user $ZFS promote $fs
 	log_must $ZFS unallow $user mount $fs
@@ -1503,16 +1471,10 @@ function verify_vol_snapshot
 	typeset snap=$vol@snap.$stamp
 
 	user_run $user $ZFS snapshot $snap
-	if datasetexists $snap ; then
-		return 1
-	fi
-
-	log_must $ZFS allow $user mount $vol
-	user_run $user $ZFS snapshot $snap
-	log_must $ZFS unallow $user mount $vol
 	if ! datasetexists $snap ; then
 		return 1
 	fi
+	log_must $ZFS destroy $snap
 
 	return 0
 }
@@ -1535,16 +1497,6 @@ function verify_vol_rollback
 		bs=512 count=1
 
 	user_run $user $ZFS rollback -R $snap
-	$SLEEP 10
-	if [[ $oldval == $(datasetcksum $vol) ]]; then
-		return 1
-	fi
-
-	# rollback on volume has to be with mount permission
-	log_must $ZFS allow $user mount $vol
-	user_run $user $ZFS rollback -R $snap
-	$SLEEP 10
-	log_must $ZFS unallow $user mount $vol
 	if [[ $oldval != $(datasetcksum $vol) ]]; then
 		return 1
 	fi
@@ -1645,130 +1597,6 @@ function verify_vol_rename
 	return 0
 }
 
-function verify_vol_promote
-{
-	typeset user=$1
-	typeset perm=$2
-	typeset vol=$3
-
-	typeset stamp=${perm}.${user}.$($DATE +'%F-%R:%S')
-        typeset basevol=${vol%/*}
-	typeset snap=$vol@snap.$stamp
-	typeset clone=$basevol/cvol.$stamp
-
-	log_must $ZFS snapshot $snap
-	log_must $ZFS clone $snap $clone
-	log_must $ZFS promote $clone		
-
-	typeset vol_orig=$(get_prop origin $vol)
-	typeset clone_orig=$(get_prop origin $clone)
-
-	# promote should fail if $vol and $clone
-	# miss either mount or promote permission
-	# case 1
-	user_run $user $ZFS promote $vol
-	if [[ $vol_orig != $(get_prop origin $vol) || \
-		$clone_orig != $(get_prop origin $clone) ]]; 
-	then
-		return 1
-	fi
-	
-	# promote should fail if $vol and $clone
-	# miss either mount or promote permission
-	# case 2
-	log_must $ZFS allow $user promote $clone
-	user_run $user $ZFS promote $vol
-	log_must $ZFS unallow $user promote $clone
-	if [[ $vol_orig != $(get_prop origin $vol) || \
-		$clone_orig != $(get_prop origin $clone) ]]; 
-	then
-		return 1
-	fi
-	
-	# promote should fail if $vol and $clone
-	# miss either mount or promote permission
-	# case 3
-	log_must $ZFS allow $user mount $vol
-	user_run $user $ZFS promote $vol
-	log_must $ZFS unallow $user mount $vol
-	if [[ $vol_orig != $(get_prop origin $vol) || \
-		$clone_orig != $(get_prop origin $clone) ]]; 
-	then
-		return 1
-	fi
-	
-	# promote should fail if $vol and $clone
-	# miss either mount or promote permission
-	# case 4
-	log_must $ZFS allow $user mount $clone
-	user_run $user $ZFS promote $vol
-	log_must $ZFS unallow $user mount $clone
-	if [[ $vol_orig != $(get_prop origin $vol) || \
-		$clone_orig != $(get_prop origin $clone) ]]; 
-	then
-		return 1
-	fi
-	
-	# promote should fail if $vol and $clone
-	# miss either mount or promote permission
-	# case 5
-	log_must $ZFS allow $user promote $clone
-	log_must $ZFS allow $user mount $vol
-	user_run $user $ZFS promote $vol
-	log_must $ZFS unallow $user promote $clone
-	log_must $ZFS unallow $user mount $vol
-	if [[ $vol_orig != $(get_prop origin $vol) || \
-		$clone_orig != $(get_prop origin $clone) ]]; 
-	then
-		return 1
-	fi
-
-	# promote should fail if $vol and $clone
-	# miss either mount or promote permission
-	# case 6
-	log_must $ZFS allow $user promote $clone
-	log_must $ZFS allow $user mount $clone
-	user_run $user $ZFS promote $vol
-	log_must $ZFS unallow $user promote $clone
-	log_must $ZFS unallow $user mount $vol
-	if [[ $vol_orig != $(get_prop origin $vol) || \
-		$clone_orig != $(get_prop origin $clone) ]]; 
-	then
-		return 1
-	fi
-
-	# promote should fail if $vol and $clone
-	# miss either mount or promote permission
-	# case 7
-	log_must $ZFS allow $user mount $vol
-	log_must $ZFS allow $user mount $clone
-	user_run $user $ZFS promote $vol
-	log_must $ZFS unallow $user mount $vol
-	log_must $ZFS unallow $user mount $clone
-	if [[ $vol_orig != $(get_prop origin $vol) || \
-		$clone_orig != $(get_prop origin $clone) ]]; 
-	then
-		return 1
-	fi
-
-	# promote only succeeds when $vol and $clone
-	# have both mount and promote permission
-	# case 8
-	log_must $ZFS allow $user promote $clone
-	log_must $ZFS allow $user mount $vol
-	log_must $ZFS allow $user mount $clone
-	user_run $user $ZFS promote $vol
-	log_must $ZFS unallow $user promote $clone
-	log_must $ZFS unallow $user mount $vol
-	log_must $ZFS unallow $user mount $clone
-	if [[ $snap != $(get_prop origin $clone) || \
-		$clone_orig != $(get_prop origin $vol) ]]; then
-		return 1
-	fi
-
-	return 0
-}
-
 function verify_vol_volsize
 {
 	typeset user=$1
@@ -1779,17 +1607,9 @@ function verify_vol_volsize
 	oldval=$(get_prop volsize $vol)
 	(( newval = oldval * 2 ))
 
-	typeset check_refrev=false
-	if support_refrev $vol; then
-		check_refrev=true
-	fi
 	typeset reserv_size
 	
-	if [[ $check_refrev == true ]]; then
-		reserv_size=$(get_prop refreservation $vol)
-	else
-		reserv_size=$(get_prop reservation $vol)
-	fi
+	reserv_size=$(get_prop refreservation $vol)
 
 	if [[ "0" == $reserv_size ]]; then
 		# sparse volume
@@ -1803,20 +1623,16 @@ function verify_vol_volsize
 		# normal volume, reservation permission
 		# is required
 		user_run $user $ZFS set volsize=$newval $vol
-		if [[ $newval == $(get_prop volsize $vol) ]];
+		zfs get -p volsize $vol
+		if [[ $newval != $(get_prop volsize $vol) ]];
 		then
 			return 1
 		fi
 
-		log_must $ZFS allow $user reservation $vol
-		if [[ $check_refrev == true ]]; then
-			log_must $ZFS allow $user refreservation $vol
-		fi
+		log_must $ZFS allow $user refreservation $vol
 		user_run $user $ZFS set volsize=$newval $vol
 		log_must $ZFS unallow $user reservation $vol
-		if [[ $check_refrev == true ]]; then
-			log_must $ZFS unallow $user refreservation $vol
-		fi
+		log_must $ZFS unallow $user refreservation $vol
 		if [[ $oldval == $(get_prop volsize $vol) ]];
 		then
 			return 1
@@ -1888,15 +1704,3 @@ function verify_allow
 	return 0
 
 }
-
-function support_refrev
-{
-	typeset dataset=$1
-	
-	$ZFS get refreservation $dataset > /dev/null 2>&1
-	if (( $? != 0 )); then
-		return 1
-	fi
-
-	return 0
-}

tests/sys/cddl/zfs/tests/delegate/zfs_allow_001_pos.ksh

@@ -67,8 +67,6 @@ function cleanup
 	if [[ $group_added == "TRUE" ]] ; then
 		del_group everyone
 	fi
-
-	restore_root_datasets
 }
 
 log_assert "everyone' is interpreted as a keyword even if a user " \
@@ -111,7 +109,6 @@ for dtst in $DATASETS ; do
 	log_must $ZFS allow everyone $perms $dtst
 	log_must verify_perm $dtst $perms $EVERYONE
 done
-log_must restore_root_datasets
 if [[ $group_added == "TRUE" ]]; then
 	log_must $GROUPDEL everyone
 fi

tests/sys/cddl/zfs/tests/delegate/zfs_allow_002_pos.ksh

@@ -65,8 +65,6 @@ function cleanup
 	if $ID $STAFF_GROUP > /dev/null 2>&1; then
 		log_must del_user $STAFF_GROUP 
 	fi
-
-	restore_root_datasets
 }
 
 log_assert "<user|group> is interpreted as user if possible, then as group."

tests/sys/cddl/zfs/tests/delegate/zfs_allow_003_pos.ksh

@@ -60,7 +60,6 @@
 verify_runnable "both"
 
 log_assert "Verify option '-l' only allow permission to the dataset itself."
-log_onexit restore_root_datasets
 
 childfs=$ROOT_TESTFS/childfs
 
@@ -74,10 +73,6 @@ else
 allow,userprop"
 fi
 
-if check_version "5.10" ; then
-	perms="${perms},send"
-fi
-
 log_must $ZFS create $childfs
 
 for dtst in $DATASETS ; do
@@ -113,6 +108,4 @@ for dtst in $DATASETS ; do
 	fi
 done
 
-log_must restore_root_datasets
-
 log_pass "Verify option '-l' only allow permission to the dataset itself pass."

tests/sys/cddl/zfs/tests/delegate/zfs_allow_007_pos.ksh

@@ -65,7 +65,6 @@
 verify_runnable "both"
 
 log_assert "Verify permission set can be masked on descendent dataset."
-log_onexit restore_root_datasets
 
 typeset perms1="snapshot,reservation,compression"
 eval set -A dataset $DATASETS

tests/sys/cddl/zfs/tests/delegate/zfs_allow_010_pos.ksh

@@ -60,7 +60,6 @@ verify_runnable "both"
 
 log_assert "Verify privileged user has correct permissions once which was "\
 	"delegated to him in datasets"
-log_onexit restore_root_datasets
 
 #
 #				Results in	Results in
@@ -79,7 +78,6 @@ set -A perms	create		true		false	\
 		compression	true		true	\
 		canmount	true		false	\
 		atime		true		false	\
-		devices		true		false	\
 		exec		true		false	\
 		volsize		false		true	\
 		setuid		true		false	\
@@ -92,16 +90,14 @@ set -A perms	create		true		false	\
 		clone		true		true	\
 		rename		true		true	\
 		promote		true		true	\
-		zoned		true		false	\
-		shareiscsi	true		true	\
-		xattr		true		false	\
 		receive		true		false	\
 		destroy		true		true
-if is_global_zone; then
-	typeset -i n=${#perms[@]}
-	perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false"
-	perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false"
-fi
+		# TODO: shareiscsi is not yet supported on FreeBSD
+		# shareiscsi	true		true
+# the sharenfs test is Solaris-specific.  TODO: port it to FreeBSD.
+#typeset -i n=${#perms[@]}
+#perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false"
+#perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false"
 
 for dtst in $DATASETS; do
 	typeset -i k=1

tests/sys/cddl/zfs/tests/delegate/zfs_allow_012_neg.ksh

@@ -56,24 +56,16 @@
 #
 ################################################################################
 
-verify_runnable "global"
-
-function cleanup
-{
-	log_must $ZPOOL set delegation=on $TESTPOOL
-	log_must restore_root_datasets
-}
-
 log_assert "Verify privileged user can not use permissions properly when " \
 	"delegation property is set off"
-log_onexit cleanup
-
 
 set -A perms	create snapshot mount send allow quota reservation \
 	    	recordsize mountpoint checksum compression canmount atime \
 		devices exec volsize setuid readonly snapdir userprop \
 		aclmode aclinherit rollback clone rename promote \
-		zoned shareiscsi xattr receive destroy sharenfs share
+		xattr receive destroy
+# TODO: add sharenfs and share after the Solarisisms have been removed from
+# those tests
 
 log_must $ZPOOL set delegation=off $TESTPOOL
 

tests/sys/cddl/zfs/tests/delegate/zfs_allow_test.sh

@@ -30,7 +30,7 @@ atf_test_case zfs_allow_001_pos cleanup
 zfs_allow_001_pos_head()
 {
 	atf_set "descr" "everyone' is interpreted as a keyword even if a useror group named 'everyone' exists."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_allow_001_pos_body()
 {
@@ -56,7 +56,7 @@ atf_test_case zfs_allow_002_pos cleanup
 zfs_allow_002_pos_head()
 {
 	atf_set "descr" "<user|group> is interpreted as user if possible, then as group."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_allow_002_pos_body()
 {
@@ -82,7 +82,7 @@ atf_test_case zfs_allow_003_pos cleanup
 zfs_allow_003_pos_head()
 {
 	atf_set "descr" "Verify option '-l' only allow permission to the dataset itself."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_allow_003_pos_body()
 {
@@ -108,7 +108,7 @@ atf_test_case zfs_allow_004_pos cleanup
 zfs_allow_004_pos_head()
 {
 	atf_set "descr" "Verify option '-d' allow permission to the descendent datasets."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_allow_004_pos_body()
 {
@@ -134,7 +134,7 @@ atf_test_case zfs_allow_005_pos cleanup
 zfs_allow_005_pos_head()
 {
 	atf_set "descr" "Verify option '-c' will be granted locally to the creator."
-	atf_set "require.progs"  zfs svcs runwattr
+	atf_set "require.progs" zfs sudo
 }
 zfs_allow_005_pos_body()
 {
@@ -160,7 +160,7 @@ atf_test_case zfs_allow_006_pos cleanup
 zfs_allow_006_pos_head()
 {
 	atf_set "descr" "Changing permissions in a set will change what is allowedwherever the set is used."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_allow_006_pos_body()
 {
@@ -186,7 +186,7 @@ atf_test_case zfs_allow_007_pos cleanup
 zfs_allow_007_pos_head()
 {
 	atf_set "descr" "Verify permission set can be masked on descendent dataset."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_allow_007_pos_body()
 {
@@ -212,7 +212,7 @@ atf_test_case zfs_allow_008_pos cleanup
 zfs_allow_008_pos_head()
 {
 	atf_set "descr" "Verify non-root user can allow permissions."
-	atf_set "require.progs"  zfs svcs runwattr
+	atf_set "require.progs" zfs sudo
 }
 zfs_allow_008_pos_body()
 {
@@ -238,7 +238,7 @@ atf_test_case zfs_allow_009_neg cleanup
 zfs_allow_009_neg_head()
 {
 	atf_set "descr" "Verify invalid arguments are handled correctly."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_allow_009_neg_body()
 {
@@ -263,8 +263,8 @@ zfs_allow_009_neg_cleanup()
 atf_test_case zfs_allow_010_pos cleanup
 zfs_allow_010_pos_head()
 {
-	atf_set "descr" "Verify privileged user has correct permissions once which wasdelegated to him in datasets"
-	atf_set "require.progs"  zfs svcs
+	atf_set "descr" "Verify privileged user has correct permissions once which was delegated to him in datasets"
+	atf_set "require.progs" zfs sudo
 }
 zfs_allow_010_pos_body()
 {
@@ -289,8 +289,8 @@ zfs_allow_010_pos_cleanup()
 atf_test_case zfs_allow_011_neg cleanup
 zfs_allow_011_neg_head()
 {
-	atf_set "descr" "Verify zpool subcmds and system readonly properties can't bedelegated."
-	atf_set "require.progs"  zfs svcs
+	atf_set "descr" "Verify zpool subcmds and system readonly properties can't be delegated."
+	atf_set "require.progs" zfs sudo
 }
 zfs_allow_011_neg_body()
 {
@@ -315,8 +315,8 @@ zfs_allow_011_neg_cleanup()
 atf_test_case zfs_allow_012_neg cleanup
 zfs_allow_012_neg_head()
 {
-	atf_set "descr" "Verify privileged user can not use permissions properly whendelegation property is set off"
-	atf_set "require.progs"  zfs zpool svcs
+	atf_set "descr" "Verify privileged user can not use permissions properly when delegation property is set off"
+	atf_set "require.progs" zfs sudo
 }
 zfs_allow_012_neg_body()
 {

tests/sys/cddl/zfs/tests/delegate/zfs_unallow_007_neg.ksh

@@ -62,7 +62,7 @@ log_assert "zfs unallow won't remove those permissions which inherited from " \
 	"its parent dataset."
 log_onexit restore_root_datasets
 
-perm1="atime,devices"; perm2="compression,checksum"
+perm1="atime"; perm2="compression,checksum"
 log_must $ZFS create $SUBFS
 log_must $ZFS allow $STAFF1 $perm1 $ROOT_TESTFS
 log_must $ZFS allow $STAFF1 $perm2 $SUBFS

tests/sys/cddl/zfs/tests/delegate/zfs_unallow_test.sh

@@ -30,7 +30,7 @@ atf_test_case zfs_unallow_001_pos cleanup
 zfs_unallow_001_pos_head()
 {
 	atf_set "descr" "Verify '-l' only removed the local permissions."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_unallow_001_pos_body()
 {
@@ -56,7 +56,7 @@ atf_test_case zfs_unallow_002_pos cleanup
 zfs_unallow_002_pos_head()
 {
 	atf_set "descr" "Verify '-d' only removed the descendent permissions."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_unallow_002_pos_body()
 {
@@ -82,7 +82,7 @@ atf_test_case zfs_unallow_003_pos cleanup
 zfs_unallow_003_pos_head()
 {
 	atf_set "descr" "Verify options '-r' and '-l'+'-d' will unallow permission tothis dataset and the descendent datasets."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_unallow_003_pos_body()
 {
@@ -108,7 +108,7 @@ atf_test_case zfs_unallow_004_pos cleanup
 zfs_unallow_004_pos_head()
 {
 	atf_set "descr" "Verify '-s' will remove permissions from the named set."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_unallow_004_pos_body()
 {
@@ -134,7 +134,7 @@ atf_test_case zfs_unallow_005_pos cleanup
 zfs_unallow_005_pos_head()
 {
 	atf_set "descr" "Verify option '-c' will remove the created permission set."
-	atf_set "require.progs"  zfs svcs runwattr
+	atf_set "require.progs" zfs sudo
 }
 zfs_unallow_005_pos_body()
 {
@@ -160,7 +160,7 @@ atf_test_case zfs_unallow_006_pos cleanup
 zfs_unallow_006_pos_head()
 {
 	atf_set "descr" "Verify option '-u', '-g' and '-e' only removed the specified typepermissions set."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_unallow_006_pos_body()
 {
@@ -186,7 +186,7 @@ atf_test_case zfs_unallow_007_neg cleanup
 zfs_unallow_007_neg_head()
 {
 	atf_set "descr" "zfs unallow won't remove those permissions which inherited fromits parent dataset."
-	atf_set "require.progs"  zfs svcs
+	atf_set "require.progs" zfs sudo
 }
 zfs_unallow_007_neg_body()
 {
@@ -212,7 +212,7 @@ atf_test_case zfs_unallow_008_neg cleanup
 zfs_unallow_008_neg_head()
 {
 	atf_set "descr" "zfs unallow can handle invalid arguments."
-	atf_set "require.progs"  zfs svcs runwattr
+	atf_set "require.progs" zfs sudo
 }
 zfs_unallow_008_neg_body()
 {