I'm sponsoring this fast-track for Robert Gordon.
Thanks,
Jerry
Template Version: @(#)sac_nextcase 1.70 03/30/10 SMI
This information is Copyright (c) 2010, Oracle and/or its affiliates. All
rights reserved.
1. Introduction
1.1. Project/Component Working Name:
NFS Instances
1.2. Name of Document Author/Supplier:
Author: Robert Gordon
1.3 Date of This Document:
21 July, 2010
4. Technical Description
Patch binding is requested; however, there are no plans to backport any of
the proposed changes.
The proposed changes are needed to support an NFS server in a non-global
zone; however, the changes are not specific to NFS. They would also be used
when enabling any file sharing protocol (ie. CIFS) server for non-global zones.
PRIV_SYS_SHARE
--------------
Establishing an NFS or CIFS share requires full root privileges; however,
within a non-global zone, full privileges are not permitted. A new system
privilege PRIV_SYS_SHARE is proposed, and is enforced in sharefs when
adding or removing shares.
PRIV_SYS_SHARE can be assigned to a zone, and it is enabled by default for
root users in both global and non-global zones. It can also be assigned to
Non-privileged users.
With PRIV_SYS_SHARE, a global zone administrator may allow or prohibit
sharing from any protocol (CIFS, NFS) in any zone (global or non-global).
Enforcement of the protocol-specific privileges (PRIV_SYS_NFS and
PRIV_SYS_SMB) will not be changed. To establish a share, both
PRIV_SYS_SHARE and the protocol-specific privilege are required.
VFS Share Ownership and References
----------------------------------
A file system may only be shared by a single NFS server instance.
File systems are assigned to zones with "add_dataset" and "add_fs" zone
config resources. The assigned file systems are only mounted in their zone,
and therefore can only be shared by the NFS server running in the zone.
However, a zone's root dataset is problematic because it is mounted both
within the global zone and its non-global zone. To ensure that a file
system can never be shared by multiple NFS server instances, the notion of
VFS share ownership is introduced.
Enforcement of VFS share ownership prevents the global zone from sharing an
active non-global zone's root dataset.
Two new vfs_t fields (vfs_share_owner, vfs_share_count) are used to track
VFS shares and VFS share ownership they are managed by using the following
interfaces:
int vfs_share_ref(vfs_t *, zone_t *);
void vfs_share_unref(vfs_t *, zone_t *);
For each share, the NFS server establishes a share reference on the VFS
containing the shared object. The reference is removed when the object is
unshared. VFS share reference and VFS ownership changes are coordinated with
a new vfs_t lock: vfs_share_owner_lock.
If the zone_t * argument for vfs_share_ref() is not the current zone owner
of the VFS, EPERM is returned, otherwise the reference count is bumped and
optionally sets ownership.
Zone boot fails if share references exist on its root dataset VFS with EBUSY.
EXPORTED INTERFACES:
|Proposed |Specified |
|Stability |in what |
Interface Name |Classification |Document? | Comments
===============================================================================
| | |
PRIV_SYS_SHARE |Committed |This | Share Privilege
| |Document |
| | |
vfs_share_ref() |Consolidation |This | VFS
vfs_share_unref() |Private |Document | Share Ownership.
| | |
| | |
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
ON
6.5. ARC review type: FastTrack
6.6. ARC Exposure: open
_______________________________________________
opensolaris-arc mailing list
opensolaris-arc@opensolaris.org
