From: Sebastien Buisson Date: Mon, 21 Jan 2019 16:07:48 +0000 (+0900) Subject: LU-930 doc: man page for lctl nodemap_set_sepol X-Git-Tag: 2.12.53~38 X-Git-Url: https://git.whamcloud.com/gitweb?a=commitdiff_plain;h=4813c6afbe77137facf4579f458d34d4dda40dd5;p=fs%2Flustre-release.git LU-930 doc: man page for lctl nodemap_set_sepol Man page for lctl nodemap_set_sepol. Test-Parameters: trivial Signed-off-by: Sebastien Buisson Change-Id: I9e27aaa7d5653fcd6225a424bdbb920471b01555 Reviewed-on: https://review.whamcloud.com/34084 Tested-by: Jenkins Tested-by: Maloo Reviewed-by: James Nunez Reviewed-by: Joseph Gmitter Reviewed-by: Andreas Dilger --- diff --git a/lustre/doc/Makefile.am b/lustre/doc/Makefile.am index 9212e98..11e92bf 100644 --- a/lustre/doc/Makefile.am +++ b/lustre/doc/Makefile.am @@ -151,6 +151,7 @@ SERVER_MANFILES = \ lctl-nodemap-del-range.8 \ lctl-nodemap-modify.8 \ lctl-nodemap-set-fileset.8 \ + lctl-nodemap-set-sepol.8 \ lctl-snapshot-create.8 \ lctl-snapshot-destroy.8 \ lctl-snapshot-list.8 \ diff --git a/lustre/doc/lctl-nodemap-set-sepol.8 b/lustre/doc/lctl-nodemap-set-sepol.8 new file mode 100644 index 0000000..0c04b74 --- /dev/null +++ b/lustre/doc/lctl-nodemap-set-sepol.8 @@ -0,0 +1,76 @@ +.TH lctl-nodemap-set-sepol 8 "2019 Jan 21" Lustre "configuration utilities" +.SH NAME +lctl-nodemap-set-sepol \- Set SELinux policy info on a nodemap. + +.SH SYNOPSIS +.br +.B lctl nodemap_set_sepol --name +.RI < nodemap > +.B --sepol +.RI < sepol > +.br +.SH DESCRIPTION +.B nodemap_set_sepol +adds SELinux policy info as described by +.I sepol +to the specified +.IR nodemap . +The +.I sepol +string describing the SELinux policy has the following syntax: + +::: + +where: +.RS 4 +- is a digit telling if SELinux is in Permissive mode (0) or Enforcing +mode (1) + +- is the name of the SELinux policy + +- is the version of the SELinux policy + +- is the computed hash of the binary representation of the policy, as +exported in /etc/selinux//policy/policy. +.RE + +The reference +.I sepol +string can be obtained on a client node known to enforce the right SELinux policy, +by calling the l_getsepol command line utility. + +Clients belonging to +.I nodemap +must enforce the SELinux policy described by +.IR sepol , +otherwise they are denied access to the Lustre file system. + +.SH OPTIONS +.I nodemap +is the name of the nodemap that this SELinux policy info should be associated +with. + +.I sepol +is the string describing the SELinux policy that clients must enforce. It has +to conform to the syntax described above. + +.SH EXAMPLES +.nf +# lctl nodemap_set_sepol --name restricted --sepol '1:mls:31:40afb76d077c441b69af58cccaaa2ca63641ed6e21b0a887dc21a684f508b78f' +# lctl nodemap_set_sepol --name admins --sepol '' +.fi + +.SH AVAILABILITY +.B lctl +is part of the +.BR Lustre (7) +filesystem package. +.SH SEE ALSO +.BR lustre (7), +.BR lctl-nodemap-activate (8), +.BR lctl-nodemap-add (8), +.BR lctl-nodemap-del (8), +.BR lctl-nodemap-del-range (8), +.BR lctl-nodemap-add-idmap (8), +.BR lctl-nodemap-del-idmap (8), +.BR lctl-nodemap-modify (8) diff --git a/lustre/doc/lctl.8 b/lustre/doc/lctl.8 index 521d79e..84e6920 100644 --- a/lustre/doc/lctl.8 +++ b/lustre/doc/lctl.8 @@ -375,6 +375,11 @@ Modify a nodemap property. .RS 4 Add a fileset to a nodemap. .RE +.PP +\fBlctl-nodemap-set-sepol\fR(8) +.RS 4 +Set SELinux policy info on a nodemap. +.RE .SS Configuration logs .TP .BI clear_conf " "