Re: RFC Labeled NFS Initial Code Review

From: Dave Quigley
Date: Wed Feb 27 2008 - 20:12:50 EST


I have prepared the nfs-utils patch for those who want to test the code.
I have attached it to this email and it applies on top of the nfs-utils
git tree at commit hash 9dd9b68c4c44f0d9102eb85ee2fa36a8b7f638e3. The
reply to this email will contain all of the kernel changes rolled into
one patch.

Dave
diff --git a/support/include/nfs/export.h b/support/include/nfs/export.h
index f7a99ba..020a599 100644
--- a/support/include/nfs/export.h
+++ b/support/include/nfs/export.h
@@ -17,7 +17,8 @@
#define NFSEXP_ALLSQUASH 0x0008
#define NFSEXP_ASYNC 0x0010
#define NFSEXP_GATHERED_WRITES 0x0020
-/* 40, 80, 100 unused */
+#define NFSEXP_SECURITY_LABEL 0x0040
+/* 80, 100 unused */
#define NFSEXP_NOHIDE 0x0200
#define NFSEXP_NOSUBTREECHECK 0x0400
#define NFSEXP_NOAUTHNLM 0x0800
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index 525e5b1..4694d02 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -237,6 +237,8 @@ putexportent(struct exportent *ep)
fprintf(fp, "%ssync,", (ep->e_flags & NFSEXP_ASYNC)? "a" : "");
fprintf(fp, "%swdelay,", (ep->e_flags & NFSEXP_GATHERED_WRITES)?
"" : "no_");
+ fprintf(fp, "%ssecurity_label,", (ep->e_flags & NFSEXP_SECURITY_LABEL)?
+ "" : "no_");
fprintf(fp, "%shide,", (ep->e_flags & NFSEXP_NOHIDE)?
"no" : "");
fprintf(fp, "%scrossmnt,", (ep->e_flags & NFSEXP_CROSSMOUNT)?
@@ -536,6 +538,10 @@ parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr)
setflags(NFSEXP_ROOTSQUASH, active, ep);
else if (!strcmp(opt, "no_root_squash"))
clearflags(NFSEXP_ROOTSQUASH, active, ep);
+ else if (!strcmp(opt, "security_label"))
+ ep->e_flags |= NFSEXP_SECURITY_LABEL;
+ else if (strcmp(opt, "no_security_label") == 0)
+ ep->e_flags &= ~NFSEXP_SECURITY_LABEL;
else if (strcmp(opt, "all_squash") == 0)
setflags(NFSEXP_ALLSQUASH, active, ep);
else if (strcmp(opt, "no_all_squash") == 0)
diff --git a/utils/exportfs/exportfs.c b/utils/exportfs/exportfs.c
index 18dfe5a..fdba2f2 100644
--- a/utils/exportfs/exportfs.c
+++ b/utils/exportfs/exportfs.c
@@ -470,6 +470,8 @@ dump(int verbose)
c = dumpopt(c, "async");
if (ep->e_flags & NFSEXP_GATHERED_WRITES)
c = dumpopt(c, "wdelay");
+ if (ep->e_flags & NFSEXP_SECURITY_LABEL)
+ c = dumpopt(c, "security_label");
if (ep->e_flags & NFSEXP_NOHIDE)
c = dumpopt(c, "nohide");
if (ep->e_flags & NFSEXP_CROSSMOUNT)