The purpose of creating a separate export for each domain root directory is to allow domain administrators to specify a distinct security policy on each domain root directory. However, current NFS clients need to see an FSID change when crossing a security policy boundary on NFS servers.
Force an FSID change by specifying "fsid=" on each exported domain root directory. The domain root mechanism may be replaced in subsequent fedfs-utils released with something more robust, thus for now this is a change only for 0.10-stable. Signed-off-by: Chuck Lever <[email protected]> --- src/PyFedfs/domainroot/exports.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/PyFedfs/domainroot/exports.py b/src/PyFedfs/domainroot/exports.py index cc0b4c0..b6ce926 100644 --- a/src/PyFedfs/domainroot/exports.py +++ b/src/PyFedfs/domainroot/exports.py @@ -24,6 +24,7 @@ try: import sys import logging as log import augeas + import uuid from PyFedfs.domainroot.parse_file import parse_file @@ -68,6 +69,8 @@ def add_exports_entry(pathname): 'insecure') config.set('/files/etc/exports/dir[last()]/client[1]/option[4]', 'sec=sys:none') + config.set('/files/etc/exports/dir[last()]/client[1]/option[5]', + 'fsid=' + str(uuid.uuid4())) ret = EXIT_SUCCESS try: _______________________________________________ fedfs-utils-devel mailing list [email protected] https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel
