diff mbox

[5/6] fedfs-domainroot: Add "fsid=" export option

Message ID 20151023190741.101462.78778.stgit@seurat.1015granger.net
State Accepted
Headers show

Commit Message

Chuck Lever Oct. 23, 2015, 7:07 p.m. UTC 
The purpose of creating a separate export for each domain root
directory is to allow domain administrators to specify a distinct
security policy on each domain root directory. However, current NFS
clients need to see an FSID change when crossing a security policy
boundary on NFS servers.

Force an FSID change by specifying "fsid=" on each exported domain
root directory. The domain root mechanism may be replaced in
subsequent fedfs-utils released with something more robust, thus for
now this is a change only for 0.10-stable.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 src/PyFedfs/domainroot/exports.py |    3 +++
 1 file changed, 3 insertions(+)
diff mbox

Patch

diff --git a/src/PyFedfs/domainroot/exports.py b/src/PyFedfs/domainroot/exports.py
index cc0b4c0..b6ce926 100644
--- a/src/PyFedfs/domainroot/exports.py
+++ b/src/PyFedfs/domainroot/exports.py
@@ -24,6 +24,7 @@  try:
     import sys
     import logging as log
     import augeas
+    import uuid
 
     from PyFedfs.domainroot.parse_file import parse_file
 
@@ -68,6 +69,8 @@  def add_exports_entry(pathname):
                'insecure')
     config.set('/files/etc/exports/dir[last()]/client[1]/option[4]',
                'sec=sys:none')
+    config.set('/files/etc/exports/dir[last()]/client[1]/option[5]',
+               'fsid=' + str(uuid.uuid4()))
 
     ret = EXIT_SUCCESS
     try: