Hi! I noticed that a non-root user is able to create (but not delete) snapshots of a root btrfs filesystem on kernel 3.4.0. I'm not sure I understand the security model correctly, but letting unprivileged users create snapshots of the entire filesystem seems... wrong. Is this intentional? ------------------------------------------------------------ ~/test$ ls -la total 0 drwxr-xr-x 1 sliedes sliedes 0 Jun 4 02:28 . drwxr-xr-x 1 sliedes sliedes 7352 Jun 4 02:27 .. ~/test$ whoami sliedes ~/test$ groups sliedes dialout cdrom floppy audio src video plugdev kvm wireshark sbox ~/test$ btrfs subvolume snapshot / newsnap Create a snapshot of '/' in './newsnap' ~/test$ ls -la total 32 drwxr-xr-x 1 sliedes sliedes 14 Jun 4 02:28 . drwxr-xr-x 1 sliedes sliedes 7352 Jun 4 02:27 .. drwxr-xr-x 1 root root 336 Jun 2 05:32 newsnap ~/test$ btrfs subvolume delete newsnap Delete subvolume '/home/sliedes/test/newsnap' ERROR: cannot delete '/home/sliedes/test/newsnap' - Operation not permitted ~/test$ sudo btrfs subvolume delete newsnap Delete subvolume '/home/sliedes/test/newsnap' ~/test$ ------------------------------------------------------------ Sami
Attachment:
signature.asc
Description: Digital signature
