From patchwork Fri Oct 23 19:07:41 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chuck Lever <chuck.lever@oracle.com>
X-Patchwork-Id: 535200
Return-Path: <fedfs-utils-devel-bounces@oss.oracle.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 618B5141573
	for <incoming@patchwork.ozlabs.org>;
	Sat, 24 Oct 2015 06:07:53 +1100 (AEDT)
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
	by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2)
	with ESMTP id t9NJ7k0i013336
	(version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 23 Oct 2015 19:07:46 GMT
Received: from oss.oracle.com (oss-old-reserved.oracle.com [137.254.22.2])
	by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id t9NJ7jnj007194
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 23 Oct 2015 19:07:45 GMT
Received: from localhost ([127.0.0.1] helo=lb-oss.oracle.com)
	by oss.oracle.com with esmtp (Exim 4.63)
	(envelope-from <fedfs-utils-devel-bounces@oss.oracle.com>)
	id 1Zphgn-0001Mp-RI; Fri, 23 Oct 2015 12:07:45 -0700
Received: from userv0022.oracle.com ([156.151.31.74])
	by oss.oracle.com with esmtp (Exim 4.63)
	(envelope-from <chucklever@gmail.com>) id 1Zphgm-0001Md-Mz
	for fedfs-utils-devel@oss.oracle.com; Fri, 23 Oct 2015 12:07:44 -0700
Received: from aserp1020.oracle.com (aserp1020.oracle.com [141.146.126.67])
	by userv0022.oracle.com (8.13.8/8.13.8) with ESMTP id
	t9NJ7iDM003739
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <fedfs-utils-devel@oss.oracle.com>; Fri, 23 Oct 2015 19:07:44 GMT
Received: from userp2030.oracle.com (userp2030.oracle.com [156.151.31.89])
	by aserp1020.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with
	ESMTP id t9NJ7hA3010148
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO)
	for <fedfs-utils-devel@oss.oracle.com>; Fri, 23 Oct 2015 19:07:43 GMT
Authentication-Results: aserp1020.oracle.com; dkim=pass
	reason="2048-bit key" header.d=gmail.com header.i=@gmail.com
	header.b=Cf5Ejd8K
Received: from pps.filterd (userp2030.oracle.com [127.0.0.1])
	by userp2030.oracle.com (8.15.0.59/8.15.0.59) with SMTP id
	t9NJ4cvK049064
	for <fedfs-utils-devel@oss.oracle.com>; Fri, 23 Oct 2015 19:07:43 GMT
Received: from mail-io0-f170.google.com (mail-io0-f170.google.com
	[209.85.223.170]) by userp2030.oracle.com with ESMTP id 1xn1sc9bsj-1
	(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128
	verify=NOT) for <fedfs-utils-devel@oss.oracle.com>;
	Fri, 23 Oct 2015 19:07:43 +0000
Received: by iow1 with SMTP id 1so133762864iow.1
	for <fedfs-utils-devel@oss.oracle.com>;
	Fri, 23 Oct 2015 12:07:42 -0700 (PDT)
X-Received: by 10.107.160.208 with SMTP id
	j199mr23875614ioe.146.1445627262327;
	Fri, 23 Oct 2015 12:07:42 -0700 (PDT)
Received: from seurat.1015granger.net
	([2604:8800:100:81fc:20c:29ff:fe44:ec31])
	by smtp.gmail.com with ESMTPSA id
	mh8sm1864055igb.3.2015.10.23.12.07.41
	for <fedfs-utils-devel@oss.oracle.com>
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 23 Oct 2015 12:07:41 -0700 (PDT)
From: Chuck Lever <chuck.lever@oracle.com>
To: fedfs-utils-devel@oss.oracle.com
Date: Fri, 23 Oct 2015 12:07:41 -0700
Message-ID: <20151023190741.101462.78778.stgit@seurat.1015granger.net>
In-Reply-To: <20151023190357.101462.95038.stgit@seurat.1015granger.net>
References: <20151023190357.101462.95038.stgit@seurat.1015granger.net>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
X-Proofpoint-SPF-Result: pass
X-Proofpoint-SPF-Record: v=spf1 redirect=_spf.google.com
X-ServerName: mail-io0-f170.google.com
X-Proofpoint-Virus-Version: vendor=nai engine=5700 definitions=7963
	signatures=670651
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
	suspectscore=1
	malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
	adjust=0 reason=mlx scancount=1 engine=8.0.1-1507310000
	definitions=main-1510230319
Subject: [fedfs-utils] [PATCH 5/6] fedfs-domainroot: Add "fsid=" export
	option
X-BeenThere: fedfs-utils-devel@oss.oracle.com
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: fedfs-utils Developers <fedfs-utils-devel@oss.oracle.com>
List-Id: fedfs-utils Developers <fedfs-utils-devel.oss.oracle.com>
List-Unsubscribe: <https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel>,
	<mailto:fedfs-utils-devel-request@oss.oracle.com?subject=unsubscribe>
List-Archive: <http://oss.oracle.com/pipermail/fedfs-utils-devel>
List-Post: <mailto:fedfs-utils-devel@oss.oracle.com>
List-Help: <mailto:fedfs-utils-devel-request@oss.oracle.com?subject=help>
List-Subscribe: <https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel>,
	<mailto:fedfs-utils-devel-request@oss.oracle.com?subject=subscribe>
Sender: fedfs-utils-devel-bounces@oss.oracle.com
Errors-To: fedfs-utils-devel-bounces@oss.oracle.com
X-Source-IP: aserv0022.oracle.com [141.146.126.234]

The purpose of creating a separate export for each domain root
directory is to allow domain administrators to specify a distinct
security policy on each domain root directory. However, current NFS
clients need to see an FSID change when crossing a security policy
boundary on NFS servers.

Force an FSID change by specifying "fsid=" on each exported domain
root directory. The domain root mechanism may be replaced in
subsequent fedfs-utils released with something more robust, thus for
now this is a change only for 0.10-stable.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 src/PyFedfs/domainroot/exports.py |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/PyFedfs/domainroot/exports.py b/src/PyFedfs/domainroot/exports.py
index cc0b4c0..b6ce926 100644
--- a/src/PyFedfs/domainroot/exports.py
+++ b/src/PyFedfs/domainroot/exports.py
@@ -24,6 +24,7 @@ try:
     import sys
     import logging as log
     import augeas
+    import uuid
 
     from PyFedfs.domainroot.parse_file import parse_file
 
@@ -68,6 +69,8 @@ def add_exports_entry(pathname):
                'insecure')
     config.set('/files/etc/exports/dir[last()]/client[1]/option[4]',
                'sec=sys:none')
+    config.set('/files/etc/exports/dir[last()]/client[1]/option[5]',
+               'fsid=' + str(uuid.uuid4()))
 
     ret = EXIT_SUCCESS
     try: