git://git.whamcloud.com - fs/lustre-release.git/commit

author	Qian Yingjin <qian@ddn.com>
	Thu, 11 Apr 2019 02:41:38 +0000 (10:41 +0800)
committer	Oleg Drokin <green@whamcloud.com>
	Thu, 13 Jun 2019 04:33:00 +0000 (04:33 +0000)
commit	2102c86e0d0ae735aed9ee8c1c6a77b63eda6037
tree	933f92a3e0da40450ff84eaadf6f6dc2c7c2bddb	tree \| snapshot
parent	58d744e3eaab358ef346e51ff4aa17e9f08efbb3	commit \| diff

LU-10092 pcc: security and permission for non-root user access

For current PCC, if a file is left on the PCC cache, it may be
accessible to other jobs/users who would not normally be able to
access it. (That is, they access it directly on the PCC mount via
FID as the local PCC mount is basically just a normal local file
system.)

This patch solves this by restricting access on the PCC side and
just depending on the Lustre side permissions for opening a file.
So PCC files on the local mount fs are created with some minimal
(zero) set of permissions. Then, when accessing a PCC cached
file, we do the permission check on the Lustre file, then do not
do it on the PCC file. This should render the PCC files
inaccessible except to root or via Lustre.

Test-Parameters: clientcount=3 testlist=sanity-pcc,sanity-pcc,sanity-pcc
Signed-off-by: Qian Yingjin <qian@ddn.com>
Change-Id: I059fa3e479fe97ef6b65db1cbeb8b7f3ea611880
Reviewed-on: https://review.whamcloud.com/34637
Tested-by: Jenkins
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Li Xi <lixi@ddn.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/llite/file.c		diff \| blob \| history
lustre/llite/llite_lib.c		diff \| blob \| history
lustre/llite/namei.c		diff \| blob \| history
lustre/llite/pcc.c		diff \| blob \| history
lustre/llite/pcc.h		diff \| blob \| history
lustre/tests/sanity-pcc.sh		diff \| blob \| history