Whamcloud - gitweb
LU-9220 gss: support Kerberos auth from unprivileged container
When a container runs unprivileged, it cannot get access to /proc.
So, to be able to do the required ioctl to
/proc/fs/lustre/sptlrpc/gss/init_channel in order to negotiate
credentials, delegate this ioctl to a parent thread that does not run
in the container's namespace.
The rest of the authentication process is still carried out in the
container's namespace if relevant.
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I445ccc82d9b853775bc0de73323699638f688dab
Reviewed-on: https://review.whamcloud.com/26035
Tested-by: Jenkins
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Kit Westneat <kit.westneat@gmail.com>
Reviewed-by: Jeremy Filizetti <jeremy.filizetti@gmail.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>