git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Thu, 4 Feb 2021 08:22:56 +0000 (17:22 +0900)
committer	Oleg Drokin <green@whamcloud.com>
	Sat, 13 Mar 2021 18:34:02 +0000 (18:34 +0000)
commit	67c4cffac6dbd30ce30e1d3132b65d4e4a374dda
tree	e46c4243891073fe07e72b7d31212136374fc897	tree \| snapshot
parent	10b842909a5e9dfa05f12e08baf6aae1fa97972f	commit \| diff

LU-14401 sec: fix migrate for encrypted dir

When setting an encryption policy on a directory that we want to
be encrypted, we need to make sure it is empty.
But, in some cases, setting the LL_XATTR_NAME_ENCRYPTION_CONTEXT xattr
should be allowed on non-empty directories, for instance when a
directory is migrated across MDTs into new shard directories.
Also, it is required for the encrpytion key to be available on the
client when migrating a directory so that the filenames can be
properly rehashed for the new MDT directory shard.
And, in any case, we need to prevent explicit setting of
LL_XATTR_NAME_ENCRYPTION_CONTEXT xattr outside of encryption policy
definition.

Update sanity-sec test_49 to test migration of non-empty encrypted
directory, and add sanity-sec test_57 to test security.c protection.

Fixes: e8f74fb0f5 ("LU-12275 sec: verify dir is empty when setting enc policy")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I2466ea35a871c6c07bdcf9fba7191485e855e655
Reviewed-on: https://review.whamcloud.com/41413
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: John L. Hammond <jhammond@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/llite/crypto.c		diff \| blob \| history
lustre/llite/file.c		diff \| blob \| history
lustre/llite/llite_internal.h		diff \| blob \| history
lustre/llite/xattr.c		diff \| blob \| history
lustre/mdd/mdd_internal.h		diff \| blob \| history
lustre/tests/sanity-sec.sh		diff \| blob \| history