From: Samuel Cabrero Date: Fri, 14 Feb 2025 16:13:39 +0000 (+0100) Subject: vfs: Use RESOLVE_NO_XDEV by default on all shares X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=862d16cee8c7fd6804bfd6a6e948fe78c5b1b837;p=thirdparty%2Fsamba.git vfs: Use RESOLVE_NO_XDEV by default on all shares Enable the flag by default on all shares, it will be automatically disabled if the system does not support openat2(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15805 Signed-off-by: Samuel Cabrero Reviewed-by: Ralph Boehme --- diff --git a/script/autobuild.py b/script/autobuild.py index feaafebe9e2..08abd398810 100755 --- a/script/autobuild.py +++ b/script/autobuild.py @@ -333,7 +333,7 @@ tasks = { "samba-no-opath-build": { "git-clone-required": True, "sequence": [ - ("configure", "ADDITIONAL_CFLAGS='-DDISABLE_OPATH=1 -DDISABLE_VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS=1 -DDISABLE_PROC_FDS=1' ./configure.developer --without-ad-dc " + samba_configure_params), + ("configure", "ADDITIONAL_CFLAGS='-DDISABLE_OPATH=1 -DDISABLE_VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS=1 -DDISABLE_VFS_OPEN_HOW_RESOLVE_NO_XDEV=1 -DDISABLE_PROC_FDS=1' ./configure.developer --without-ad-dc " + samba_configure_params), ("make", "make -j"), ("check-clean-tree", CLEAN_SOURCE_TREE_CMD), ("chmod-R-a-w", "chmod -R a-w ."), diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 34b00f5b547..670c35c94cf 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -76,6 +76,17 @@ static int vfswrap_connect(vfs_handle_struct *handle, const char *service, const #ifdef DISABLE_VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS handle->conn->open_how_resolve &= ~VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS; #endif + bval = lp_parm_bool(SNUM(handle->conn), + "vfs_default", + "VFS_OPEN_HOW_RESOLVE_NO_XDEV", + true); + if (bval) { + handle->conn->open_how_resolve |= + VFS_OPEN_HOW_RESOLVE_NO_XDEV; + } +#ifdef DISABLE_VFS_OPEN_HOW_RESOLVE_NO_XDEV + handle->conn->open_how_resolve &= ~VFS_OPEN_HOW_RESOLVE_NO_XDEV; +#endif return 0; /* Return >= 0 for success */ }