*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; If not, see
- * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
+ * http://www.gnu.org/licenses/gpl-2.0.html
*
* GPL HEADER END
*/
/*
* Copyright (C) 2013, Trustees of Indiana University
+ *
+ * Copyright (c) 2017, Intel Corporation.
+ *
* Author: Joshua Walgenbach <jjw@iu.edu>
*/
#ifndef _LUSTRE_NODEMAP_H
#define _LUSTRE_NODEMAP_H
-#include <lustre/lustre_idl.h>
+#include <uapi/linux/lustre/lustre_idl.h>
#define LUSTRE_NODEMAP_NAME "nodemap"
NODEMAP_CLIENT_TO_FS,
};
+enum nodemap_mapping_modes {
+ NODEMAP_MAP_BOTH,
+ NODEMAP_MAP_UID_ONLY,
+ NODEMAP_MAP_GID_ONLY,
+};
+
struct nodemap_pde {
char npe_name[LUSTRE_NODEMAP_NAME_LENGTH + 1];
struct proc_dir_entry *npe_proc_entry;
/* flags to govern nodemap behavior */
bool nmf_trust_client_ids:1,
nmf_deny_unknown:1,
- nmf_allow_root_access:1;
+ nmf_allow_root_access:1,
+ nmf_map_uid_only:1,
+ nmf_map_gid_only:1,
+ nmf_enable_audit:1,
+ nmf_forbid_encryption:1;
/* unique ID set by MGS */
unsigned int nm_id;
/* nodemap ref counter */
/* NID range list */
struct list_head nm_ranges;
/* lock for idmap red/black trees */
- rwlock_t nm_idmap_lock;
+ struct rw_semaphore nm_idmap_lock;
/* UID map keyed by local UID */
struct rb_root nm_fs_to_client_uidmap;
/* UID map keyed by remote UID */
struct nodemap_pde *nm_pde_data;
/* fileset the nodes of this nodemap are restricted to */
char nm_fileset[PATH_MAX+1];
+ /* information about the expected SELinux policy on the nodes */
+ char nm_sepol[LUSTRE_NODEMAP_SEPOL_LENGTH + 1];
/* used when loading/unloading nodemaps */
struct list_head nm_list;
int nodemap_set_allow_root(const char *name, bool allow_root);
int nodemap_set_trust_client_ids(const char *name, bool trust_client_ids);
int nodemap_set_deny_unknown(const char *name, bool deny_unknown);
+int nodemap_set_mapping_mode(const char *name, enum nodemap_mapping_modes mode);
int nodemap_set_squash_uid(const char *name, uid_t uid);
int nodemap_set_squash_gid(const char *name, gid_t gid);
+int nodemap_set_audit_mode(const char *name, bool enable_audit);
+int nodemap_set_forbid_encryption(const char *name, bool forbid_encryption);
bool nodemap_can_setquota(const struct lu_nodemap *nodemap);
int nodemap_add_idmap(const char *name, enum nodemap_id_type id_type,
const __u32 map[2]);
const __u32 map[2]);
int nodemap_set_fileset(const char *name, const char *fileset);
char *nodemap_get_fileset(const struct lu_nodemap *nodemap);
+int nodemap_set_sepol(const char *name, const char *sepol);
+const char *nodemap_get_sepol(const struct lu_nodemap *nodemap);
__u32 nodemap_map_id(struct lu_nodemap *nodemap,
enum nodemap_id_type id_type,
enum nodemap_tree_type tree_type, __u32 id);
void nodemap_putref(struct lu_nodemap *nodemap);
#ifdef HAVE_SERVER_SUPPORT
+
struct nodemap_range_tree {
- struct interval_node *nmrt_range_interval_root;
+ struct interval_tree_root nmrt_range_interval_root;
unsigned int nmrt_range_highest_id;
};