[PROPOSAL] GEOM probing/tasting firewall
Lev Serebryakov
lev at FreeBSD.org
Wed Jul 31 09:10:11 UTC 2013
Hello, Freebsd-geom.
After message to GEOM list by Rotate 13 <rabgvzr at gmail.com> I was "forced"
to write this proposal.
For first time this idea was formulated in Jabber talk with friend of
mine, who uses FreeBSD for massive iSCSI hosting on ZVOLs. He has problems
with tasting these ZVOLs, which contain different types of data (Windows
disks, Linux disks, FreeBSD disks, etc). Here are label conflicts, strange
messages about corrupted GPTs, etc. So, it looks like to have configurable
way to prevent some GEOM tasting is good idea.
I propose to have mechanism, modelled after ipfw, to filter all new GEOMs
before passing it to class tasting mechanisms.
It will be chain of (numbered) rules with format:
rule ::= (enable | disable) ['taste'] ['by'] <consumer-spec> [['of'] <conditions>]
consumer-spec ::= 'all' | <class-name>
conditions ::= <condtition> ('and' <condition>)*
condition ::= [not] ( 'class' <mask>' | 'name' <mask> | 'path' <mask> )
mask ::= <shell-like-glob>
'path' means "path in /dev hierarchy' here.
Of course, default last (and only one, if user does nothing) rule must be
"enable taste by all"
Maybe, <conditions> could be expanded to full-featured boolean expressions,
with parenthesis and 'or' operator, it is possible, but ommitted in this
proposal to save time (I don't want to write out full expression EBNF now).
Every added rule should trigger spoiling and re-tasting of all providers,
which are not opened by upper level (so, already mounted file systems will
prevent GEOMs from disappearing even if new rule forbid such tasting).
I could write prototype code for this proposal, it it is not rejected right
now :)
--
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>
More information about the freebsd-geom
mailing list