Sometimes it makes more sense to deny access to users who aren't
mapped, instead of just squashing them to nobody. This patch adds a
per-nodemap flag which, if enabled, makes it so EACCES is returned to
all users mapped to the squashed UID. One use case is preventing an
unmapped user from being able to fill a /tmp-style directory, and in
conjunction with SSK it can restrict users of authorized clients to
their subset of the filesystem namespace, essentially providing
isolated containers.
Signed-off-by: Kit Westneat <kit.westneat@gmail.com>
Change-Id: Ia511c887dd94bdec281cbb85e46d49496f85721c
Reviewed-on: http://review.whamcloud.com/18758
Tested-by: Jenkins
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
git://git.whamcloud.com / fs / lustre-release.git / commitdiff