Here is an updated version:
Template Version: @(#)sac_nextcase 1.70 03/30/10 SMI
This information is Copyright (c) 2010, Oracle and/or its affiliates. All
rights reserved.
1. Introduction
1.1. Project/Component Working Name:
NFS Instances
1.2. Name of Document Author/Supplier:
Author: Robert Gordon
1.3 Date of This Document:
23 July, 2010
4. Technical Description
Patch binding is requested; however, there are no plans to backport any of
the proposed changes.
The proposed changes are needed to support an NFS server in a non-global
zone; however, the changes are not specific to NFS. They would also be used
when enabling any file sharing protocol (ie. CIFS) server for non-global zones.
PRIV_SYS_SHARE
--------------
Establishing an NFS or CIFS share requires full root privileges; however,
within a non-global zone, full privileges are not permitted. A new system
privilege PRIV_SYS_SHARE is proposed, and is enforced in sharefs when adding
or removing shares replacing the existing usage of PRIV_SYS_CONFIG.
PRIV_SYS_SHARE can be assigned to a zone, and it is enabled by default for
root users in both global and non-global zones.
With PRIV_SYS_SHARE, a global zone administrator may allow or prohibit
sharing from any protocol (CIFS, NFS) in any zone (global or non-global).
Enforcement of the protocol-specific privileges (PRIV_SYS_NFS and
PRIV_SYS_SMB) will not be changed. To establish a share, both
PRIV_SYS_SHARE and the protocol-specific privilege are required.
VFS Share Ownership and References
----------------------------------
A file system may only be shared by a single NFS server instance.
File systems are assigned to zones with "add_dataset" and "add_fs" zone
config resources. The assigned file systems are only mounted in their zone,
and therefore can only be shared by the NFS server running in the zone.
However, a zone's root dataset is problematic because it is mounted both
within the global zone and its non-global zone. To ensure that a file
system can never be shared by multiple NFS server instances, the notion of
VFS share ownership is introduced.
Enforcement of VFS share ownership prevents the global zone from sharing a
shared non-global zone's root dataset.
Two new vfs_t fields (vfs_share_owner, vfs_share_count) are used to track
VFS shares and VFS share ownership they are managed by using the following
interfaces:
int vfs_share_ref(vfs_t *, zone_t *);
void vfs_share_unref(vfs_t *, zone_t *);
For each share, the NFS server establishes a share reference on the VFS
containing the shared object. The reference is removed when the object is
unshared. VFS share reference and VFS ownership changes are coordinated with
a new vfs_t lock: vfs_share_owner_lock.
If the zone_t * argument for vfs_share_ref() is not the current zone owner
of the VFS, EBUSY is returned, otherwise the reference count is bumped and
optionally sets ownership.
EXPORTED INTERFACES:
|Proposed |Specified |
|Stability |in what |
Interface Name |Classification |Document? | Comments
===============================================================================
| | |
PRIV_SYS_SHARE |Committed |This | Share Privilege
| |Document |
| | |
vfs_share_ref() |Consolidation |This | VFS
vfs_share_unref() |Private |Document | Share Ownership.
| | |
| | |
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
ON
6.5. ARC review type: FastTrack
6.6. ARC Exposure: open
_______________________________________________
opensolaris-arc mailing list
opensolaris-arc@opensolaris.org
