git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Thu, 6 Dec 2018 09:40:45 +0000 (10:40 +0100)
committer	Oleg Drokin <green@whamcloud.com>
	Wed, 30 Jan 2019 02:39:41 +0000 (02:39 +0000)
commit	1f6cb3534e74f0c9462008c8088b5734b64ed41c
tree	87987813ea5f9aefe12a486e39c697d19779aa9b	tree \| snapshot
parent	8048e216c16fa403da6fa2a755df8f718ab3105d	commit \| diff

LU-8955 nodemap: add SELinux policy info to nodemap

Give the ability to set SELinux policy information on a nodemap,
in a new nodemap field named 'sepol'.
When set, a client pertaining to this nodemap will be allowed to
connect only if the SELinux policy information it sends matches
the one stored in the nodemap.

Expected 'sepol' string format is:
<1-digit>:<policy name>:<policy version>:<policy hash>
1-digit is 0 for SELinux Permissive mode, 1 for Enforcing mode.

SELinux policy info of nodemap is stored permanently by using
'lctl set_param -P' commands. It means MDS and OSS will be able to
retrieve SELinux policy info of nodemap after a restart (when they
read params llog).
MGS will not see SElinux policy info after restart, but this does
not prevent the feature from working.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Ia1d178dd34f05ede020b490b1797a71dbae15d7b
Reviewed-on: https://review.whamcloud.com/24420
Tested-by: Jenkins
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: Li Dongyang <dongyangli@ddn.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/include/lustre_nodemap.h		diff \| blob \| history
lustre/include/uapi/linux/lustre/lustre_idl.h		diff \| blob \| history
lustre/mgs/mgs_handler.c		diff \| blob \| history
lustre/mgs/mgs_llog.c		diff \| blob \| history
lustre/ptlrpc/nodemap_handler.c		diff \| blob \| history
lustre/ptlrpc/nodemap_lproc.c		diff \| blob \| history
lustre/utils/lctl.c		diff \| blob \| history
lustre/utils/obd.c		diff \| blob \| history
lustre/utils/obdctl.h		diff \| blob \| history