rpms / glusterfs

Clone
Source Code
GIT

Blame SOURCES/0652-shared-storage-Prevent-mounting-shared-storage-from-.patch

c4 c5 c5-plus c6 c6-plus c6-sig-storage-gluster-5 c6-sig-storage-gluster-6 c6-sig-storage-gluster-7 c7 c7-alt c7-atomic c7-beta c7-sig-storage-gluster-5 c7-sig-storage-gluster-6 c7-sig-storage-gluster-7 c7-sig-storage-gluster-8 c7-sig-storage-gluster-9 c8 c8-beta c8-sig-storage-gluster-10 c8-sig-storage-gluster-6 c8-sig-storage-gluster-7 c8-sig-storage-gluster-8 c8-sig-storage-gluster-9 c8s c8s-sig-storage-gluster-10 c8s-sig-storage-gluster-11 c8s-sig-storage-gluster-8 c8s-sig-storage-gluster-9 c9 c9-beta c9s-sig-storage-gluster-10 c9s-sig-storage-gluster-11 c9s-sig-storage-gluster-9
  1.   7c2869f26cdcee2cbe099e4f80fce4d1b8bad4bb
  2.   SOURCES
  3.   0652-shared-storage-Prevent-mounting-shared-storage-from-.patch
Blob History Raw
7c2869 
From aee1f5c071719aa36c500b89cb99706ddea67e47 Mon Sep 17 00:00:00 2001
7c2869 
From: Mohammed Rafi KC <rkavunga@redhat.com>
7c2869 
Date: Mon, 26 Mar 2018 20:27:34 +0530
7c2869 
Subject: [PATCH 652/653] shared storage: Prevent mounting shared storage from
7c2869 
 non-trusted client
7c2869
7c2869 
gluster shared storage is a volume used for internal storage for
7c2869 
various features including ganesha, geo-rep, snapshot.
7c2869
7c2869 
So this volume should not be exposed to the client, as it is
7c2869 
a special volume for internal use.
7c2869
7c2869 
This fix wont't generate non trusted volfile for shared storage volume.
7c2869
7c2869 
Change-Id: I8ffe30ae99ec05196d75466210b84db311611a4c
7c2869 
BUG: 1559331
7c2869 
Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com>
7c2869 
Reviewed-on: https://code.engineering.redhat.com/gerrit/134590
7c2869 
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
7c2869 
Tested-by: Atin Mukherjee <amukherj@redhat.com>
7c2869 
---
7c2869 
 xlators/mgmt/glusterd/src/glusterd-volgen.c | 21 +++++++++++++++++++++
7c2869 
 1 file changed, 21 insertions(+)
7c2869
7c2869 
diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c
7c2869 
index 859a932..fb7c91f 100644
7c2869 
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.c
7c2869 
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c
7c2869 
@@ -5494,6 +5494,7 @@ generate_client_volfiles (glusterd_volinfo_t *volinfo,
7c2869 
         int                i                  = 0;
7c2869 
         int                ret                = -1;
7c2869 
         char               filepath[PATH_MAX] = {0,};
7c2869 
+        char               *volname           = NULL;
7c2869 
         char               *types[]           = {NULL, NULL, NULL};
7c2869 
         dict_t             *dict              = NULL;
7c2869 
         xlator_t           *this              = NULL;
7c2869 
@@ -5501,6 +5502,26 @@ generate_client_volfiles (glusterd_volinfo_t *volinfo,
7c2869
7c2869 
         this = THIS;
7c2869
7c2869 
+        volname = volinfo->is_snap_volume ?
7c2869 
+                  volinfo->parent_volname : volinfo->volname;
7c2869 
+
7c2869 
+
7c2869 
+        if (volname && !strcmp (volname, GLUSTER_SHARED_STORAGE) &&
7c2869 
+             client_type != GF_CLIENT_TRUSTED) {
7c2869 
+                /*
7c2869 
+                 * shared storage volume cannot be mounted from non trusted
7c2869 
+                 * nodes. So we are not creating volfiles for non-trusted
7c2869 
+                 * clients for shared volumes as well as snapshot of shared
7c2869 
+                 * volumes.
7c2869 
+                 */
7c2869 
+
7c2869 
+                ret = 0;
7c2869 
+                gf_msg_debug ("glusterd", 0, "Skipping the non-trusted volfile"
7c2869 
+                               "creation for shared storage volume. Volume %s",
7c2869 
+                               volname);
7c2869 
+                goto out;
7c2869 
+        }
7c2869 
+
7c2869 
         enumerate_transport_reqs (volinfo->transport_type, types);
7c2869 
         dict = dict_new ();
7c2869 
         if (!dict)
7c2869 
--
7c2869 
1.8.3.1
7c2869

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation