LPROC_SEQ_FOPS(nodemap_fileset);
/**
+ * Reads and prints the SELinux policy info for the given nodemap.
+ *
+ * \param m seq file in proc fs
+ * \param data unused
+ * \retval 0 success
+ */
+static int nodemap_sepol_seq_show(struct seq_file *m, void *data)
+{
+ struct lu_nodemap *nodemap;
+ int rc = 0;
+
+ mutex_lock(&active_config_lock);
+ nodemap = nodemap_lookup(m->private);
+ mutex_unlock(&active_config_lock);
+ if (IS_ERR(nodemap)) {
+ rc = PTR_ERR(nodemap);
+ CERROR("cannot find nodemap '%s': rc = %d\n",
+ (char *)m->private, rc);
+ return rc;
+ }
+
+ seq_printf(m, "%s\n", nodemap_get_sepol(nodemap));
+ nodemap_putref(nodemap);
+ return rc;
+}
+
+/**
+ * Set SELinux policy info on a nodemap.
+ *
+ * \param[in] file proc file
+ * \param[in] buffer string, "<sepol>"
+ * \param[in] count \a buffer length
+ * \param[in] off unused
+ * \retval \a count on success
+ * \retval negative number on error
+ */
+static ssize_t
+nodemap_sepol_seq_write(struct file *file,
+ const char __user *buffer,
+ size_t count, loff_t *off)
+{
+ struct seq_file *m = file->private_data;
+ char sepol[LUSTRE_NODEMAP_SEPOL_LENGTH + 1];
+ int rc = 0;
+
+ BUILD_BUG_ON(sizeof(sepol) !=
+ sizeof(((struct lu_nodemap *)0)->nm_sepol));
+
+ if (count > 0) {
+ if (count >= sizeof(sepol))
+ GOTO(out, rc = -ENAMETOOLONG);
+
+ if (copy_from_user(sepol, buffer, count))
+ GOTO(out, rc = -EFAULT);
+
+ sepol[count] = '\0';
+
+ rc = nodemap_set_sepol(m->private, sepol);
+ }
+
+out:
+ if (rc != 0)
+ return rc;
+
+ return count;
+}
+LPROC_SEQ_FOPS(nodemap_sepol);
+
+/**
* Reads and prints the exports attached to the given nodemap.
*
* \param m seq file in proc fs, stores nodemap
return 0;
}
+/**
+ * Reads and prints the forbid_encryption flag for the given nodemap.
+ *
+ * \param m seq file in proc fs
+ * \param data unused
+ * \retval 0 success
+ */
+static int nodemap_forbid_encryption_seq_show(struct seq_file *m, void *data)
+{
+ struct lu_nodemap *nodemap;
+ int rc;
+
+ mutex_lock(&active_config_lock);
+ nodemap = nodemap_lookup(m->private);
+ mutex_unlock(&active_config_lock);
+ if (IS_ERR(nodemap)) {
+ rc = PTR_ERR(nodemap);
+ CERROR("cannot find nodemap '%s': rc = %d\n",
+ (char *)m->private, rc);
+ return rc;
+ }
+
+ seq_printf(m, "%d\n", (int)nodemap->nmf_forbid_encryption);
+ nodemap_putref(nodemap);
+ return 0;
+}
+
static struct lprocfs_vars lprocfs_nm_module_vars[] = {
{
.name = "active",
LPROC_SEQ_FOPS_RO(nodemap_deny_unknown);
LPROC_SEQ_FOPS_RO(nodemap_map_mode);
LPROC_SEQ_FOPS_RO(nodemap_audit_mode);
+LPROC_SEQ_FOPS_RO(nodemap_forbid_encryption);
const struct file_operations nodemap_ranges_fops = {
.open = nodemap_ranges_open,
.fops = &nodemap_audit_mode_fops,
},
{
+ .name = "forbid_encryption",
+ .fops = &nodemap_forbid_encryption_fops,
+ },
+ {
.name = "squash_uid",
.fops = &nodemap_squash_uid_fops,
},
.fops = &nodemap_fileset_fops,
},
{
+ .name = "sepol",
+ .fops = &nodemap_sepol_fops,
+ },
+ {
.name = "exports",
.fops = &nodemap_exports_fops,
},
.fops = &nodemap_admin_fops,
},
{
+ .name = "deny_unknown",
+ .fops = &nodemap_deny_unknown_fops,
+ },
+ {
.name = "squash_uid",
.fops = &nodemap_squash_uid_fops,
},
.fops = &nodemap_audit_mode_fops,
},
{
+ .name = "forbid_encryption",
+ .fops = &nodemap_forbid_encryption_fops,
+ },
+ {
NULL
}
};