[fedfs-utils] [PATCH 5/6] fedfs-domainroot: Add "fsid=" export option
Chuck Lever
chuck.lever at oracle.com
Fri Oct 23 12:07:41 PDT 2015
The purpose of creating a separate export for each domain root
directory is to allow domain administrators to specify a distinct
security policy on each domain root directory. However, current NFS
clients need to see an FSID change when crossing a security policy
boundary on NFS servers.
Force an FSID change by specifying "fsid=" on each exported domain
root directory. The domain root mechanism may be replaced in
subsequent fedfs-utils released with something more robust, thus for
now this is a change only for 0.10-stable.
Signed-off-by: Chuck Lever <chuck.lever at oracle.com>
---
src/PyFedfs/domainroot/exports.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/PyFedfs/domainroot/exports.py b/src/PyFedfs/domainroot/exports.py
index cc0b4c0..b6ce926 100644
--- a/src/PyFedfs/domainroot/exports.py
+++ b/src/PyFedfs/domainroot/exports.py
@@ -24,6 +24,7 @@ try:
import sys
import logging as log
import augeas
+ import uuid
from PyFedfs.domainroot.parse_file import parse_file
@@ -68,6 +69,8 @@ def add_exports_entry(pathname):
'insecure')
config.set('/files/etc/exports/dir[last()]/client[1]/option[4]',
'sec=sys:none')
+ config.set('/files/etc/exports/dir[last()]/client[1]/option[5]',
+ 'fsid=' + str(uuid.uuid4()))
ret = EXIT_SUCCESS
try:
More information about the fedfs-utils-devel
mailing list