git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Wed, 31 Jan 2024 14:40:44 +0000 (15:40 +0100)
committer	Oleg Drokin <green@whamcloud.com>
	Fri, 23 Feb 2024 07:14:48 +0000 (07:14 +0000)
commit	b4a336d0ce91c05ae48544b3fd2e56f0bcb0a8cf
tree	e338c8e6e1156b56e6f5d615bf26dccc49cdc9fc	tree \| snapshot
parent	aa07458ae1d20b492a14340683e9a278f6817e5e	commit \| diff

LU-17454 nodemap: allow mapping for root

Allow an id mapping for root, to match what is implemented for regular
users, with the following behavior:
- if admin property is set, root remains root.
- if admin property is not set, the idmap for '0' is taken into
  account.
- if admin property is not set and there is no idmap for '0' and
  deny_unknown property is not set, root is squashed to the squash
  uid/gid.
- if admin property is not set and there is no idmap for '0' and
  deny_unknown property is set, root is blocked.

Note that map_mode remains ignored for root. Also, capabilities are
not dropped for root when mapped, just like it is done for regular
users. If admins want to drop root capabilities, root must be
squashed.

sanity-sec test_15 is updated to test root mapping.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Id2e950b99e3b3ba27179408c647e1f7b7c49e32e
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/53870
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/ptlrpc/nodemap_handler.c		diff \| blob \| history
lustre/tests/sanity-sec.sh		diff \| blob \| history