*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; If not, see
- * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
+ * http://www.gnu.org/licenses/gpl-2.0.html
*
* GPL HEADER END
*/
/*
* Copyright (C) 2013, Trustees of Indiana University
+ *
+ * Copyright (c) 2017, Intel Corporation.
+ *
* Author: Joshua Walgenbach <jjw@iu.edu>
*/
#ifndef _LUSTRE_NODEMAP_H
#define _LUSTRE_NODEMAP_H
-#include <lustre/lustre_idl.h>
+#include <uapi/linux/lustre/lustre_idl.h>
#define LUSTRE_NODEMAP_NAME "nodemap"
#define LUSTRE_NODEMAP_DEFAULT_ID 0
-/** enums containing the types of ids contained in a nodemap
- * kept so other modules (mgs, mdt, etc) can define the type
- * of search easily
- */
-
-enum nodemap_id_type {
- NODEMAP_UID,
- NODEMAP_GID,
-};
-
-enum nodemap_tree_type {
- NODEMAP_FS_TO_CLIENT,
- NODEMAP_CLIENT_TO_FS,
+static const struct nodemap_rbac_name {
+ enum nodemap_rbac_roles nrn_mode;
+ const char *nrn_name;
+} nodemap_rbac_names[] = {
+ { NODEMAP_RBAC_FILE_PERMS, "file_perms" },
+ { NODEMAP_RBAC_DNE_OPS, "dne_ops" },
+ { NODEMAP_RBAC_QUOTA_OPS, "quota_ops" },
+ { NODEMAP_RBAC_BYFID_OPS, "byfid_ops" },
+ { NODEMAP_RBAC_CHLG_OPS, "chlg_ops" },
+ { NODEMAP_RBAC_FSCRYPT_ADMIN, "fscrypt_admin" },
};
struct nodemap_pde {
/* flags to govern nodemap behavior */
bool nmf_trust_client_ids:1,
nmf_deny_unknown:1,
- nmf_allow_root_access:1;
+ nmf_allow_root_access:1,
+ nmf_enable_audit:1,
+ nmf_forbid_encryption:1,
+ nmf_readonly_mount:1;
+ /* bitmap for mapping type */
+ enum nodemap_mapping_modes nmf_map_mode;
+ /* bitmap for rbac, enum nodemap_rbac_roles */
+ enum nodemap_rbac_roles nmf_rbac;
/* unique ID set by MGS */
unsigned int nm_id;
/* nodemap ref counter */
uid_t nm_squash_uid;
/* GID to squash unmapped GIDs */
gid_t nm_squash_gid;
+ /* PROJID to squash unmapped PROJIDs */
+ projid_t nm_squash_projid;
/* NID range list */
struct list_head nm_ranges;
/* lock for idmap red/black trees */
- rwlock_t nm_idmap_lock;
+ struct rw_semaphore nm_idmap_lock;
/* UID map keyed by local UID */
struct rb_root nm_fs_to_client_uidmap;
/* UID map keyed by remote UID */
struct rb_root nm_fs_to_client_gidmap;
/* GID map keyed by remote UID */
struct rb_root nm_client_to_fs_gidmap;
+ /* PROJID map keyed by local UID */
+ struct rb_root nm_fs_to_client_projidmap;
+ /* PROJID map keyed by remote UID */
+ struct rb_root nm_client_to_fs_projidmap;
/* attached client members of this nodemap */
struct mutex nm_member_list_lock;
struct list_head nm_member_list;
struct nodemap_pde *nm_pde_data;
/* fileset the nodes of this nodemap are restricted to */
char nm_fileset[PATH_MAX+1];
+ /* information about the expected SELinux policy on the nodes */
+ char nm_sepol[LUSTRE_NODEMAP_SEPOL_LENGTH + 1];
/* used when loading/unloading nodemaps */
struct list_head nm_list;
int nodemap_set_allow_root(const char *name, bool allow_root);
int nodemap_set_trust_client_ids(const char *name, bool trust_client_ids);
int nodemap_set_deny_unknown(const char *name, bool deny_unknown);
+int nodemap_set_mapping_mode(const char *name,
+ enum nodemap_mapping_modes map_mode);
+int nodemap_set_rbac(const char *name, enum nodemap_rbac_roles rbac);
int nodemap_set_squash_uid(const char *name, uid_t uid);
int nodemap_set_squash_gid(const char *name, gid_t gid);
-bool nodemap_can_setquota(const struct lu_nodemap *nodemap);
+int nodemap_set_squash_projid(const char *name, projid_t projid);
+int nodemap_set_audit_mode(const char *name, bool enable_audit);
+int nodemap_set_forbid_encryption(const char *name, bool forbid_encryption);
+int nodemap_set_readonly_mount(const char *name, bool readonly_mount);
+bool nodemap_can_setquota(struct lu_nodemap *nodemap, __u32 qc_type, __u32 id);
int nodemap_add_idmap(const char *name, enum nodemap_id_type id_type,
const __u32 map[2]);
int nodemap_del_idmap(const char *name, enum nodemap_id_type id_type,
const __u32 map[2]);
int nodemap_set_fileset(const char *name, const char *fileset);
char *nodemap_get_fileset(const struct lu_nodemap *nodemap);
+int nodemap_set_sepol(const char *name, const char *sepol);
+const char *nodemap_get_sepol(const struct lu_nodemap *nodemap);
__u32 nodemap_map_id(struct lu_nodemap *nodemap,
enum nodemap_id_type id_type,
enum nodemap_tree_type tree_type, __u32 id);
int nodemap_test_id(lnet_nid_t nid, enum nodemap_id_type idtype,
__u32 client_id, __u32 *fs_id);
-enum nm_config_file_type {
- NCFT_MGS,
- NCFT_TGT,
-};
-struct nm_config_file *nm_config_file_register(const struct lu_env *env,
- struct dt_object *obj,
- struct local_oid_storage *los,
- enum nm_config_file_type ncf_type);
-void nm_config_file_deregister(const struct lu_env *env,
- struct nm_config_file *ncf,
- enum nm_config_file_type ncf_type);
+struct nm_config_file *nm_config_file_register_mgs(const struct lu_env *env,
+ struct dt_object *obj,
+ struct local_oid_storage *los);
+struct dt_device;
+struct nm_config_file *nm_config_file_register_tgt(const struct lu_env *env,
+ struct dt_device *dev,
+ struct local_oid_storage *los);
+void nm_config_file_deregister_mgs(const struct lu_env *env,
+ struct nm_config_file *ncf);
+void nm_config_file_deregister_tgt(const struct lu_env *env,
+ struct nm_config_file *ncf);
struct lu_nodemap *nodemap_get_from_exp(struct obd_export *exp);
void nodemap_putref(struct lu_nodemap *nodemap);
#ifdef HAVE_SERVER_SUPPORT
+
struct nodemap_range_tree {
- struct interval_node *nmrt_range_interval_root;
+ struct interval_tree_root nmrt_range_interval_root;
unsigned int nmrt_range_highest_id;
};
int nodemap_process_idx_pages(struct nodemap_config *config, union lu_page *lip,
struct lu_nodemap **recent_nodemap);
-struct dt_device;
-int nodemap_fs_init(const struct lu_env *env, struct dt_device *dev,
- struct obd_device *obd, struct local_oid_storage *los);
-void nodemap_fs_fini(const struct lu_env *env, struct obd_device *obd);
#else /* disable nodemap processing in MGC of non-servers */
static inline int nodemap_process_idx_pages(void *config,
union lu_page *lip,
git://git.whamcloud.com / fs / lustre-release.git / blobdiff