PERFORCE change 171949 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Sat Dec 19 10:28:20 UTC 2009
http://p4web.freebsd.org/chv.cgi?CH=171949
Change 171949 by trasz at trasz_victim on 2009/12/19 10:28:03
Make it possible to enable NFSv4 ACLs using tunefs(8).
Affected files ...
.. //depot/projects/soc2008/trasz_nfs4acl/sbin/tunefs/tunefs.8#4 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sbin/tunefs/tunefs.c#2 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ffs/ffs_vfsops.c#25 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ffs/fs.h#3 edit
Differences ...
==== //depot/projects/soc2008/trasz_nfs4acl/sbin/tunefs/tunefs.8#4 (text+ko) ====
@@ -44,6 +44,7 @@
.Op Fl L Ar volname
.Op Fl l Cm enable | disable
.Op Fl m Ar minfree
+.Op Fl N Cm enable | disable
.Op Fl n Cm enable | disable
.Op Fl o Cm space | time
.Op Fl p
@@ -70,7 +71,7 @@
primary super-block.
This is potentially dangerous - use with caution.
.It Fl a Cm enable | disable
-Turn on/off the administrative ACL enable flag.
+Turn on/off the administrative POSIX.1e ACL enable flag.
.It Fl e Ar maxbpg
Indicate the maximum number of blocks any single file can
allocate out of a cylinder group before it is forced to begin
@@ -114,6 +115,8 @@
If the value is raised above the current usage level,
users will be unable to allocate files until enough files have
been deleted to get under the higher threshold.
+.It Fl N Cm enable | disable
+Turn on/off the administrative NFSv4 ACL enable flag.
.It Fl n Cm enable | disable
Turn on/off soft updates.
.It Fl o Cm space | time
==== //depot/projects/soc2008/trasz_nfs4acl/sbin/tunefs/tunefs.c#2 (text+ko) ====
@@ -76,12 +76,12 @@
int
main(int argc, char *argv[])
{
- char *avalue, *Jvalue, *Lvalue, *lvalue, *nvalue;
+ char *avalue, *Jvalue, *Lvalue, *lvalue, *Nvalue, *nvalue;
const char *special, *on;
const char *name;
int active;
int Aflag, aflag, eflag, evalue, fflag, fvalue, Jflag, Lflag, lflag;
- int mflag, mvalue, nflag, oflag, ovalue, pflag, sflag, svalue;
+ int mflag, mvalue, Nflag, nflag, oflag, ovalue, pflag, sflag, svalue;
int ch, found_arg, i;
const char *chg[2];
struct ufs_args args;
@@ -90,12 +90,12 @@
if (argc < 3)
usage();
Aflag = aflag = eflag = fflag = Jflag = Lflag = lflag = mflag = 0;
- nflag = oflag = pflag = sflag = 0;
- avalue = Jvalue = Lvalue = lvalue = nvalue = NULL;
+ Nflag = nflag = oflag = pflag = sflag = 0;
+ avalue = Jvalue = Lvalue = lvalue = Nvalue = nvalue = NULL;
evalue = fvalue = mvalue = ovalue = svalue = 0;
active = 0;
found_arg = 0; /* At least one arg is required. */
- while ((ch = getopt(argc, argv, "Aa:e:f:J:L:l:m:n:o:ps:")) != -1)
+ while ((ch = getopt(argc, argv, "Aa:e:f:J:L:l:m:N:n:o:ps:")) != -1)
switch (ch) {
case 'A':
@@ -105,7 +105,7 @@
case 'a':
found_arg = 1;
- name = "ACLs";
+ name = "POSIX.1e ACLs";
avalue = optarg;
if (strcmp(avalue, "enable") &&
strcmp(avalue, "disable")) {
@@ -187,6 +187,18 @@
mflag = 1;
break;
+ case 'N':
+ found_arg = 1;
+ name = "NFSv4 ACLs";
+ Nvalue = optarg;
+ if (strcmp(Nvalue, "enable") &&
+ strcmp(Nvalue, "disable")) {
+ errx(10, "bad %s (options are %s)",
+ name, "`enable' or `disable'");
+ }
+ Nflag = 1;
+ break;
+
case 'n':
found_arg = 1;
name = "soft updates";
@@ -255,10 +267,13 @@
strlcpy(sblock.fs_volname, Lvalue, MAXVOLLEN);
}
if (aflag) {
- name = "ACLs";
+ name = "POSIX.1e ACLs";
if (strcmp(avalue, "enable") == 0) {
if (sblock.fs_flags & FS_ACLS) {
warnx("%s remains unchanged as enabled", name);
+ } else if (sblock.fs_flags & FS_NFS4ACLS) {
+ warnx("%s and NFSv4 ACLs are mutually "
+ "exclusive", name);
} else {
sblock.fs_flags |= FS_ACLS;
warnx("%s set", name);
@@ -349,6 +364,29 @@
warnx(OPTWARN, "space", "<", MINFREE);
}
}
+ if (Nflag) {
+ name = "NFSv4 ACLs";
+ if (strcmp(Nvalue, "enable") == 0) {
+ if (sblock.fs_flags & FS_NFS4ACLS) {
+ warnx("%s remains unchanged as enabled", name);
+ } else if (sblock.fs_flags & FS_ACLS) {
+ warnx("%s and POSIX.1e ACLs are mutually "
+ "exclusive", name);
+ } else {
+ sblock.fs_flags |= FS_NFS4ACLS;
+ warnx("%s set", name);
+ }
+ } else if (strcmp(Nvalue, "disable") == 0) {
+ if ((~sblock.fs_flags & FS_NFS4ACLS) ==
+ FS_NFS4ACLS) {
+ warnx("%s remains unchanged as disabled",
+ name);
+ } else {
+ sblock.fs_flags &= ~FS_NFS4ACLS;
+ warnx("%s cleared", name);
+ }
+ }
+ }
if (nflag) {
name = "soft updates";
if (strcmp(nvalue, "enable") == 0) {
@@ -423,16 +461,18 @@
fprintf(stderr, "%s\n%s\n%s\n%s\n",
"usage: tunefs [-A] [-a enable | disable] [-e maxbpg] [-f avgfilesize]",
" [-J enable | disable ] [-L volname] [-l enable | disable]",
-" [-m minfree] [-n enable | disable] [-o space | time] [-p]",
-" [-s avgfpdir] special | filesystem");
+" [-m minfree] [-N enable | disable] [-n enable | disable]",
+" [-o space | time] [-p] [-s avgfpdir] special | filesystem");
exit(2);
}
void
printfs(void)
{
- warnx("ACLs: (-a) %s",
+ warnx("POSIX.1e ACLs: (-a) %s",
(sblock.fs_flags & FS_ACLS)? "enabled" : "disabled");
+ warnx("NFSv4 ACLs: (-N) %s",
+ (sblock.fs_flags & FS_NFS4ACLS)? "enabled" : "disabled");
warnx("MAC multilabel: (-l) %s",
(sblock.fs_flags & FS_MULTILABEL)? "enabled" : "disabled");
warnx("soft updates: (-n) %s",
==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ffs/ffs_vfsops.c#25 (text+ko) ====
@@ -369,6 +369,13 @@
MNT_IUNLOCK(mp);
}
+ if ((fs->fs_flags & FS_NFS4ACLS) != 0) {
+ /* XXX: Set too late ? */
+ MNT_ILOCK(mp);
+ mp->mnt_flag |= MNT_NFS4ACLS;
+ MNT_IUNLOCK(mp);
+ }
+
/*
* If this is a snapshot request, take the snapshot.
*/
@@ -846,9 +853,9 @@
if (mp->mnt_flag & MNT_NFS4ACLS)
printf("WARNING: ACLs flag on fs conflicts with "
- "\"nfs4acls\" mount option; flag ignored\n");
- else
- mp->mnt_flag |= MNT_ACLS;
+ "\"nfs4acls\" mount option; option ignored\n");
+ mp->mnt_flag &= ~MNT_NFS4ACLS;
+ mp->mnt_flag |= MNT_ACLS;
MNT_IUNLOCK(mp);
#else
@@ -857,6 +864,24 @@
mp->mnt_stat.f_mntonname);
#endif
}
+ if ((fs->fs_flags & FS_NFS4ACLS) != 0) {
+#ifdef UFS_ACL
+ MNT_ILOCK(mp);
+
+ if (mp->mnt_flag & MNT_ACLS)
+ printf("WARNING: NFSv4 ACLs flag on fs conflicts with "
+ "\"acls\" mount option; option ignored\n");
+ mp->mnt_flag &= ~MNT_ACLS;
+ mp->mnt_flag |= MNT_NFS4ACLS;
+
+ MNT_IUNLOCK(mp);
+#else
+ printf(
+"WARNING: %s: NFSv4 ACLs flag on fs but no ACLs support\n",
+ mp->mnt_stat.f_mntonname);
+#endif
+ }
+
ump->um_mountp = mp;
ump->um_dev = dev;
ump->um_devvp = devvp;
==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ffs/fs.h#3 (text+ko) ====
@@ -393,22 +393,24 @@
* flag to indicate that the indicies need to be rebuilt (by fsck) before
* they can be used.
*
- * FS_ACLS indicates that ACLs are administratively enabled for the
- * file system, so they should be loaded from extended attributes,
+ * FS_ACLS indicates that POSIX.1e ACLs are administratively enabled
+ * for the file system, so they should be loaded from extended attributes,
* observed for access control purposes, and be administered by object
- * owners. FS_MULTILABEL indicates that the TrustedBSD MAC Framework
- * should attempt to back MAC labels into extended attributes on the
- * file system rather than maintain a single mount label for all
- * objects.
+ * owners. FS_NFS4ACLS indicates that NFSv4 ACLs are administratively
+ * enabled. This flag is mutually exclusive with FS_ACLS. FS_MULTILABEL
+ * indicates that the TrustedBSD MAC Framework should attempt to back MAC
+ * labels into extended attributes on the file system rather than maintain
+ * a single mount label for all objects.
*/
-#define FS_UNCLEAN 0x01 /* filesystem not clean at mount */
-#define FS_DOSOFTDEP 0x02 /* filesystem using soft dependencies */
-#define FS_NEEDSFSCK 0x04 /* filesystem needs sync fsck before mount */
-#define FS_INDEXDIRS 0x08 /* kernel supports indexed directories */
-#define FS_ACLS 0x10 /* file system has ACLs enabled */
-#define FS_MULTILABEL 0x20 /* file system is MAC multi-label */
-#define FS_GJOURNAL 0x40 /* gjournaled file system */
-#define FS_FLAGS_UPDATED 0x80 /* flags have been moved to new location */
+#define FS_UNCLEAN 0x0001 /* filesystem not clean at mount */
+#define FS_DOSOFTDEP 0x0002 /* filesystem using soft dependencies */
+#define FS_NEEDSFSCK 0x0004 /* filesystem needs sync fsck before mount */
+#define FS_INDEXDIRS 0x0008 /* kernel supports indexed directories */
+#define FS_ACLS 0x0010 /* file system has POSIX.1e ACLs enabled */
+#define FS_MULTILABEL 0x0020 /* file system is MAC multi-label */
+#define FS_GJOURNAL 0x0040 /* gjournaled file system */
+#define FS_FLAGS_UPDATED 0x0080 /* flags have been moved to new location */
+#define FS_NFS4ACLS 0x0100 /* file system has NFSv4 ACLs enabled */
/*
* Macros to access bits in the fs_active array.
More information about the p4-projects
mailing list