[fedfs-utils] [PATCH 5/6] fedfs-domainroot: Add "fsid=" export option

[Chuck Lever]

The purpose of creating a separate export for each domain root
directory is to allow domain administrators to specify a distinct
security policy on each domain root directory. However, current NFS
clients need to see an FSID change when crossing a security policy
boundary on NFS servers.

Force an FSID change by specifying "fsid=" on each exported domain
root directory. The domain root mechanism may be replaced in
subsequent fedfs-utils released with something more robust, thus for
now this is a change only for 0.10-stable.

Signed-off-by: Chuck Lever <chuck.lever at oracle.com>
---
 src/PyFedfs/domainroot/exports.py |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/PyFedfs/domainroot/exports.py b/src/PyFedfs/domainroot/exports.py
index cc0b4c0..b6ce926 100644
--- a/src/PyFedfs/domainroot/exports.py
+++ b/src/PyFedfs/domainroot/exports.py
@@ -24,6 +24,7 @@ try:
     import sys
     import logging as log
     import augeas
+    import uuid
 
     from PyFedfs.domainroot.parse_file import parse_file
 
@@ -68,6 +69,8 @@ def add_exports_entry(pathname):
                'insecure')
     config.set('/files/etc/exports/dir[last()]/client[1]/option[4]',
                'sec=sys:none')
+    config.set('/files/etc/exports/dir[last()]/client[1]/option[5]',
+               'fsid=' + str(uuid.uuid4()))
 
     ret = EXIT_SUCCESS
     try: