Whamcloud - gitweb
LU-17431 nodemap: introduce child_raise_privileges property
The new 'child_raise_privileges' property is a mask of nodemap
properties. It is set to 'none' by default, meaning child nodemaps can
only lower privileges established by their parent nodemap.
Parent nodemaps can grant permission for child nodemaps to raise
privilege associated with a nodemap property by adding it to
child_raise_privileges. Possible values (multiple can be specified,
comma separated) are:
- admin, defining whether root is squashed;
- trusted, permitting to see the file system's canonical identifiers;
- deny_unknown, denying all access to users not explicitly mapped;
- readonly_mount, forcing clients to read-only mount;
- forbid_encryption, preventing use of encryption by clients;
- subnm_raise_privs, for the raise privileges property itself;
- and any roles accepted by the rbac property, defining admin roles.
To allow all privileges to be raised, use 'all' value.
Any privilege not explicitly specified by the parent cannot be raised
in the child nodemap.
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Ifac5e3ea2f47ea3910e7cd0de6379b0e9ada8d18
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55539
Reviewed-by: Marc Vef <mvef@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
14 files changed:
git://git.whamcloud.com / fs / lustre-release.git / commit