Date: Sat, 19 Dec 2009 10:28:19 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 171949 for review Message-ID: <200912191028.nBJASJhb064920@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/chv.cgi?CH=171949 Change 171949 by trasz@trasz_victim on 2009/12/19 10:28:03 Make it possible to enable NFSv4 ACLs using tunefs(8). Affected files ... .. //depot/projects/soc2008/trasz_nfs4acl/sbin/tunefs/tunefs.8#4 edit .. //depot/projects/soc2008/trasz_nfs4acl/sbin/tunefs/tunefs.c#2 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ffs/ffs_vfsops.c#25 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ffs/fs.h#3 edit Differences ... ==== //depot/projects/soc2008/trasz_nfs4acl/sbin/tunefs/tunefs.8#4 (text+ko) ==== @@ -44,6 +44,7 @@ .Op Fl L Ar volname .Op Fl l Cm enable | disable .Op Fl m Ar minfree +.Op Fl N Cm enable | disable .Op Fl n Cm enable | disable .Op Fl o Cm space | time .Op Fl p @@ -70,7 +71,7 @@ primary super-block. This is potentially dangerous - use with caution. .It Fl a Cm enable | disable -Turn on/off the administrative ACL enable flag. +Turn on/off the administrative POSIX.1e ACL enable flag. .It Fl e Ar maxbpg Indicate the maximum number of blocks any single file can allocate out of a cylinder group before it is forced to begin @@ -114,6 +115,8 @@ If the value is raised above the current usage level, users will be unable to allocate files until enough files have been deleted to get under the higher threshold. +.It Fl N Cm enable | disable +Turn on/off the administrative NFSv4 ACL enable flag. .It Fl n Cm enable | disable Turn on/off soft updates. .It Fl o Cm space | time ==== //depot/projects/soc2008/trasz_nfs4acl/sbin/tunefs/tunefs.c#2 (text+ko) ==== @@ -76,12 +76,12 @@ int main(int argc, char *argv[]) { - char *avalue, *Jvalue, *Lvalue, *lvalue, *nvalue; + char *avalue, *Jvalue, *Lvalue, *lvalue, *Nvalue, *nvalue; const char *special, *on; const char *name; int active; int Aflag, aflag, eflag, evalue, fflag, fvalue, Jflag, Lflag, lflag; - int mflag, mvalue, nflag, oflag, ovalue, pflag, sflag, svalue; + int mflag, mvalue, Nflag, nflag, oflag, ovalue, pflag, sflag, svalue; int ch, found_arg, i; const char *chg[2]; struct ufs_args args; @@ -90,12 +90,12 @@ if (argc < 3) usage(); Aflag = aflag = eflag = fflag = Jflag = Lflag = lflag = mflag = 0; - nflag = oflag = pflag = sflag = 0; - avalue = Jvalue = Lvalue = lvalue = nvalue = NULL; + Nflag = nflag = oflag = pflag = sflag = 0; + avalue = Jvalue = Lvalue = lvalue = Nvalue = nvalue = NULL; evalue = fvalue = mvalue = ovalue = svalue = 0; active = 0; found_arg = 0; /* At least one arg is required. */ - while ((ch = getopt(argc, argv, "Aa:e:f:J:L:l:m:n:o:ps:")) != -1) + while ((ch = getopt(argc, argv, "Aa:e:f:J:L:l:m:N:n:o:ps:")) != -1) switch (ch) { case 'A': @@ -105,7 +105,7 @@ case 'a': found_arg = 1; - name = "ACLs"; + name = "POSIX.1e ACLs"; avalue = optarg; if (strcmp(avalue, "enable") && strcmp(avalue, "disable")) { @@ -187,6 +187,18 @@ mflag = 1; break; + case 'N': + found_arg = 1; + name = "NFSv4 ACLs"; + Nvalue = optarg; + if (strcmp(Nvalue, "enable") && + strcmp(Nvalue, "disable")) { + errx(10, "bad %s (options are %s)", + name, "`enable' or `disable'"); + } + Nflag = 1; + break; + case 'n': found_arg = 1; name = "soft updates"; @@ -255,10 +267,13 @@ strlcpy(sblock.fs_volname, Lvalue, MAXVOLLEN); } if (aflag) { - name = "ACLs"; + name = "POSIX.1e ACLs"; if (strcmp(avalue, "enable") == 0) { if (sblock.fs_flags & FS_ACLS) { warnx("%s remains unchanged as enabled", name); + } else if (sblock.fs_flags & FS_NFS4ACLS) { + warnx("%s and NFSv4 ACLs are mutually " + "exclusive", name); } else { sblock.fs_flags |= FS_ACLS; warnx("%s set", name); @@ -349,6 +364,29 @@ warnx(OPTWARN, "space", "<", MINFREE); } } + if (Nflag) { + name = "NFSv4 ACLs"; + if (strcmp(Nvalue, "enable") == 0) { + if (sblock.fs_flags & FS_NFS4ACLS) { + warnx("%s remains unchanged as enabled", name); + } else if (sblock.fs_flags & FS_ACLS) { + warnx("%s and POSIX.1e ACLs are mutually " + "exclusive", name); + } else { + sblock.fs_flags |= FS_NFS4ACLS; + warnx("%s set", name); + } + } else if (strcmp(Nvalue, "disable") == 0) { + if ((~sblock.fs_flags & FS_NFS4ACLS) == + FS_NFS4ACLS) { + warnx("%s remains unchanged as disabled", + name); + } else { + sblock.fs_flags &= ~FS_NFS4ACLS; + warnx("%s cleared", name); + } + } + } if (nflag) { name = "soft updates"; if (strcmp(nvalue, "enable") == 0) { @@ -423,16 +461,18 @@ fprintf(stderr, "%s\n%s\n%s\n%s\n", "usage: tunefs [-A] [-a enable | disable] [-e maxbpg] [-f avgfilesize]", " [-J enable | disable ] [-L volname] [-l enable | disable]", -" [-m minfree] [-n enable | disable] [-o space | time] [-p]", -" [-s avgfpdir] special | filesystem"); +" [-m minfree] [-N enable | disable] [-n enable | disable]", +" [-o space | time] [-p] [-s avgfpdir] special | filesystem"); exit(2); } void printfs(void) { - warnx("ACLs: (-a) %s", + warnx("POSIX.1e ACLs: (-a) %s", (sblock.fs_flags & FS_ACLS)? "enabled" : "disabled"); + warnx("NFSv4 ACLs: (-N) %s", + (sblock.fs_flags & FS_NFS4ACLS)? "enabled" : "disabled"); warnx("MAC multilabel: (-l) %s", (sblock.fs_flags & FS_MULTILABEL)? "enabled" : "disabled"); warnx("soft updates: (-n) %s", ==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ffs/ffs_vfsops.c#25 (text+ko) ==== @@ -369,6 +369,13 @@ MNT_IUNLOCK(mp); } + if ((fs->fs_flags & FS_NFS4ACLS) != 0) { + /* XXX: Set too late ? */ + MNT_ILOCK(mp); + mp->mnt_flag |= MNT_NFS4ACLS; + MNT_IUNLOCK(mp); + } + /* * If this is a snapshot request, take the snapshot. */ @@ -846,9 +853,9 @@ if (mp->mnt_flag & MNT_NFS4ACLS) printf("WARNING: ACLs flag on fs conflicts with " - "\"nfs4acls\" mount option; flag ignored\n"); - else - mp->mnt_flag |= MNT_ACLS; + "\"nfs4acls\" mount option; option ignored\n"); + mp->mnt_flag &= ~MNT_NFS4ACLS; + mp->mnt_flag |= MNT_ACLS; MNT_IUNLOCK(mp); #else @@ -857,6 +864,24 @@ mp->mnt_stat.f_mntonname); #endif } + if ((fs->fs_flags & FS_NFS4ACLS) != 0) { +#ifdef UFS_ACL + MNT_ILOCK(mp); + + if (mp->mnt_flag & MNT_ACLS) + printf("WARNING: NFSv4 ACLs flag on fs conflicts with " + "\"acls\" mount option; option ignored\n"); + mp->mnt_flag &= ~MNT_ACLS; + mp->mnt_flag |= MNT_NFS4ACLS; + + MNT_IUNLOCK(mp); +#else + printf( +"WARNING: %s: NFSv4 ACLs flag on fs but no ACLs support\n", + mp->mnt_stat.f_mntonname); +#endif + } + ump->um_mountp = mp; ump->um_dev = dev; ump->um_devvp = devvp; ==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ffs/fs.h#3 (text+ko) ==== @@ -393,22 +393,24 @@ * flag to indicate that the indicies need to be rebuilt (by fsck) before * they can be used. * - * FS_ACLS indicates that ACLs are administratively enabled for the - * file system, so they should be loaded from extended attributes, + * FS_ACLS indicates that POSIX.1e ACLs are administratively enabled + * for the file system, so they should be loaded from extended attributes, * observed for access control purposes, and be administered by object - * owners. FS_MULTILABEL indicates that the TrustedBSD MAC Framework - * should attempt to back MAC labels into extended attributes on the - * file system rather than maintain a single mount label for all - * objects. + * owners. FS_NFS4ACLS indicates that NFSv4 ACLs are administratively + * enabled. This flag is mutually exclusive with FS_ACLS. FS_MULTILABEL + * indicates that the TrustedBSD MAC Framework should attempt to back MAC + * labels into extended attributes on the file system rather than maintain + * a single mount label for all objects. */ -#define FS_UNCLEAN 0x01 /* filesystem not clean at mount */ -#define FS_DOSOFTDEP 0x02 /* filesystem using soft dependencies */ -#define FS_NEEDSFSCK 0x04 /* filesystem needs sync fsck before mount */ -#define FS_INDEXDIRS 0x08 /* kernel supports indexed directories */ -#define FS_ACLS 0x10 /* file system has ACLs enabled */ -#define FS_MULTILABEL 0x20 /* file system is MAC multi-label */ -#define FS_GJOURNAL 0x40 /* gjournaled file system */ -#define FS_FLAGS_UPDATED 0x80 /* flags have been moved to new location */ +#define FS_UNCLEAN 0x0001 /* filesystem not clean at mount */ +#define FS_DOSOFTDEP 0x0002 /* filesystem using soft dependencies */ +#define FS_NEEDSFSCK 0x0004 /* filesystem needs sync fsck before mount */ +#define FS_INDEXDIRS 0x0008 /* kernel supports indexed directories */ +#define FS_ACLS 0x0010 /* file system has POSIX.1e ACLs enabled */ +#define FS_MULTILABEL 0x0020 /* file system is MAC multi-label */ +#define FS_GJOURNAL 0x0040 /* gjournaled file system */ +#define FS_FLAGS_UPDATED 0x0080 /* flags have been moved to new location */ +#define FS_NFS4ACLS 0x0100 /* file system has NFSv4 ACLs enabled */ /* * Macros to access bits in the fs_active array.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912191028.nBJASJhb064920>