From: Sebastien Buisson Date: Mon, 2 May 2022 13:36:00 +0000 (+0200) Subject: LU-15787 sec: document enc-unaware clients on enc files X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=d732a4604dac6ee1334ce19720718491cc1a8f06;p=fs%2Flustre-release.git LU-15787 sec: document enc-unaware clients on enc files Document the behavior of encryption-unaware clients when they access encrypted files. Lustre-change: https://review.whamcloud.com/47182 Lustre-commit: 751a8114ef3afe9abe7692b3974b070db6a705a2 Test-Parameters: trivial Signed-off-by: Sebastien Buisson Change-Id: I0354e3051e10aa0542baeb8e34c6201d47e65710 Reviewed-by: Andreas Dilger Reviewed-on: https://review.whamcloud.com/47228 Tested-by: jenkins Tested-by: Maloo --- diff --git a/Documentation/client_side_encryption/access_semantics.txt b/Documentation/client_side_encryption/access_semantics.txt index 7ed0bc7..7cac67a 100644 --- a/Documentation/client_side_encryption/access_semantics.txt +++ b/Documentation/client_side_encryption/access_semantics.txt @@ -105,6 +105,28 @@ It is not currently possible to backup and restore encrypted files without the encryption key. This would require special APIs which have not yet been implemented. +From encryption-unaware clients +------------------------------- + +Encryption-unaware clients are Lustre clients explicitly compiled without +encryption support (``--enable-crypto=no``), or compiled for a kernel that +does not have necessary features to support Lustre client encryption (older +than CentOS/RHEL 8.1, Ubuntu 18.04, SLES 15 SP2), or Lustre clients with a +version older than 2.14. + +From those clients, we prevent manipulating encrypted files and directories, +in order to avoid file system corruption. +The forbidden operations are: +- open; +- create; +- link; +- rename; +- migrate. +Encryption-unaware clients get -ENOKEY if they try to perform these operations. +Note that encryption-unaware clients can still list directory content, stat or +remove files, but they have to use encrypted names for that, which may contain +non-printable characters. + Encryption policy enforcement =============================