From c03e960d9044961fcfbeaa5d5aeb5bcc1bc0cc7a Mon Sep 17 00:00:00 2001
From: Axel Burri <axel@tty0.ch>
Date: Tue, 19 Nov 2019 22:07:37 +0100
Subject: [PATCH] ssh_filter_btrbk.sh: exclude "btrfs subvolume show|list" from
 restrict-path

btrbk requires "btrfs subvolume list|show" queries from the mount
point in order to build btrfs trees. This conflicts with tightly set
--restrict-path.
---
 doc/ssh_filter_btrbk.1.asciidoc | 7 ++++---
 ssh_filter_btrbk.sh             | 5 +++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/doc/ssh_filter_btrbk.1.asciidoc b/doc/ssh_filter_btrbk.1.asciidoc
index e8ab2b9..ae385b4 100644
--- a/doc/ssh_filter_btrbk.1.asciidoc
+++ b/doc/ssh_filter_btrbk.1.asciidoc
@@ -34,8 +34,8 @@ The accepted commands are specified by the "--source", "--target",
 
 The following commands are always allowed:
 
- - "btrfs subvolume show"
- - "btrfs subvolume list"
+ - "btrfs subvolume show" (not affected by "--restrict-path")
+ - "btrfs subvolume list" (not affected by "--restrict-path")
  - "readlink"
  - "cat /proc/self/mountinfo"
  - pipes through "gzip", "pigz", "bzip2", "pbzip2", "xz", "lzop",
@@ -80,7 +80,8 @@ OPTIONS
     Allow btrfs receive command: "btrfs receive".
 
 -p, --restrict-path <path>::
-    Restrict btrfs commands to <path>.
+    Restrict commands to <path>. Note that "btrfs subvolume show",
+    "btrfs subvolume list" are NOT affected by this option.
 
 -l, --log::
     Log ACCEPT and REJECT messages to the system log.
diff --git a/ssh_filter_btrbk.sh b/ssh_filter_btrbk.sh
index 4fed20b..1e7ffcd 100755
--- a/ssh_filter_btrbk.sh
+++ b/ssh_filter_btrbk.sh
@@ -161,8 +161,9 @@ while [[ "$#" -ge 1 ]]; do
     shift
 done
 
-allow_cmd "${sudo_prefix}btrfs subvolume show"; # subvolume queries are always allowed
-allow_exact_cmd "${sudo_prefix}btrfs subvolume list ${file_match}"; # subvolume queries are always allowed
+# NOTE: subvolume queries no NOT affected by "--restrict-path":
+# btrbk also calls show/list on the mount point of the subvolume
+allow_exact_cmd "${sudo_prefix}btrfs subvolume (show|list)( ${option_match})* ${file_match}";
 allow_cmd "${sudo_prefix}readlink"              # used to resolve mountpoints
 allow_exact_cmd "cat /proc/self/mountinfo"      # used to resolve mountpoints
 allow_exact_cmd "cat /proc/self/mounts"         # legacy, for btrbk < 0.27.0