Skip to content

GitLab

Switch branch/tag
  1. 28 May, 2021 1 commit
    • Andrew's avatar
      Implement NFSv41 ACLs through xattr · ea1463c5
      Andrew authored 
      
This implements NFSv41 (RFC 5661) ACLs in a manner
compatible with vfs_nfs4acl_xattr in Samba and
nfs4xdr-acl-tools.

There are three key areas of change in this commit:
1) NFSv4 ACL management through system.nfs4_acl_xdr xattr.
  Install an xattr handler for "system.nfs4_acl_xdr" that
  presents an xattr containing full NFSv41 ACL structures
  generated through rpcgen using specification from the Samba
  project. This xattr is used by userspace programs to read and
  set permissions.

2) add an i_op->permissions endpoint: zpl_permissions(). This
  is used by the VFS in Linux to determine whether to allow /
  deny an operation. Wherever possible, we try to avoid having
  to call zfs_access(). If kernel has NFSv4 patch for VFS, then
  perform more complete check of avaiable access mask.

3) add capability-based overrides to secpolicy_vnode_access2()
  there are various situations in which ACL may need to be
  overridden based on capabilities. This logic is almost directly
  copied from Linux VFS. For instance, root needs to be able to
  always read / write ACLs (otherwise admin can get locked out
  from files).

This is commit was initially inspired by work from Paul B. Henson
to implement NFSv4.0 (RFC3530) ACLs in ZFS on Linux. Key areas of
divergence are as follows:
- ACL specification, xattr format, xattr name
- Addition of handling for NFSv4 masks from Linux VFS
- Addition of ACL overrides based on capabilities
Signed-off-by: default avatarAndrew Walker <awalker@ixsystems.com>
      ea1463c5
  3. 14 Apr, 2020 1 commit
  5. 02 Dec, 2019 1 commit
  7. 01 Oct, 2019 1 commit
    • Brian Behlendorf's avatar
      Perform KABI checks in parallel · 608f8749
      Brian Behlendorf authored 
      
Reduce the time required for ./configure to perform the needed
KABI checks by allowing kbuild to compile multiple test cases in
parallel.  This was accomplished by splitting each test's source
code from the logic handling whether that code could be compiled
or not.

By introducing this split it's possible to minimize the number of
times kbuild needs to be invoked.  As importantly, it means all of
the tests can be built in parallel.  This does require a little extra
care since we expect some tests to fail, so the --keep-going (-k)
option must be provided otherwise some tests may not get compiled.
Furthermore, since a failure during the kbuild modpost phase will
result in an early exit; the final linking phase is limited to tests
which passed the initial compilation and produced an object file.

Once everything has been built the configure script proceeds as
previously.  The only significant difference is that it now merely
needs to test for the existence of a .ko file to determine the
result of a given test.  This vastly speeds up the entire process.

New test cases should use ZFS_LINUX_TEST_SRC to declare their test
source code and ZFS_LINUX_TEST_RESULT to check the result.  All of
the existing kernel-*.m4 files have been updated accordingly, see
config/kernel-current-time.m4 for a basic example.  The legacy
ZFS_LINUX_TRY_COMPILE macro has been kept to handle special cases
but it's use is not encouraged.

                  master (secs)   patched (secs)
                  -------------   ----------------
autogen.sh        61              68
configure         137             24  (~17% of current run time)
make -j $(nproc)  44              44
make rpms         287             150
Reviewed-by: default avatarTony Hutter <hutter2@llnl.gov>
Signed-off-by: default avatarBrian Behlendorf <behlendorf1@llnl.gov>
Closes #8547 
Closes #9132
Closes #9341
      608f8749
  9. 19 Aug, 2019 1 commit
  11. 25 Mar, 2019 1 commit
  13. 15 Jan, 2019 1 commit
  15. 06 Jan, 2019 1 commit
    • Brian Behlendorf's avatar
      pyzfs: python3 support (build system) · 6e72a5b9
      Brian Behlendorf authored 
      
Almost all of the Python code in the respository has been updated
to be compatibile with Python 2.6, Python 3.4, or newer.  The only
exceptions are arc_summery3.py which requires Python 3, and pyzfs
which requires at least Python 2.7.  This allows us to maintain a
single version of the code and support most default versions of
python.  This change does the following:

* Sets the default shebang for all Python scripts to python3.  If
  only Python 2 is available, then at install time scripts which
  are compatible with Python 2 will have their shebangs replaced
  with /usr/bin/python.  This is done for compatibility until
  Python 2 goes end of life.  Since only the installed versions
  are changed this means Python 3 must be installed on the system
  for test-runner when testing in-tree.

* Added --with-python=<2|3|3.4,etc> configure option which sets
  the PYTHON environment variable to target a specific python
  version.  By default the newest installed version of Python
  will be used or the preferred distribution version when
  creating pacakges.

* Fixed --enable-pyzfs configure checks so they are run when
  --enable-pyzfs=check and --enable-pyzfs=yes.

* Enabled pyzfs for Python 3.4 and newer, which is now supported.

* Renamed pyzfs package to python<VERSION>-pyzfs and updated to
  install in the appropriate site location.  For example, when
  building with --with-python=3.4 a python34-pyzfs will be
  created which installs in /usr/lib/python3.4/site-packages/.

* Renamed the following python scripts according to the Fedora
  guidance for packaging utilities in /bin

  - dbufstat.py     -> dbufstat
  - arcstat.py      -> arcstat
  - arc_summary.py  -> arc_summary
  - arc_summary3.py -> arc_summary3

* Updated python-cffi package name.  On CentOS 6, CentOS 7, and
  Amazon Linux it's called python-cffi, not python2-cffi.  For
  Python3 it's called python3-cffi or python3x-cffi.

* Install one version of arc_summary.  Depending on the version
  of Python available install either arc_summary2 or arc_summary3
  as arc_summary.  The user output is only slightly different.
Reviewed-by: default avatarJohn Ramsden <johnramsden@riseup.net>
Reviewed-by: default avatarNeal Gompa <ngompa@datto.com>
Reviewed-by: default avatarloli10K <ezomori.nozomu@gmail.com>
Signed-off-by: default avatarBrian Behlendorf <behlendorf1@llnl.gov>
Closes #8096
      6e72a5b9
  17. 29 May, 2018 1 commit
  19. 14 May, 2018 1 commit
  21. 15 Sep, 2017 1 commit
  23. 16 Aug, 2017 1 commit
    • Brian Behlendorf's avatar
      Retire legacy test infrastructure · c8f9061f
      Brian Behlendorf authored 
      
* Removed zpios kmod, utility, headers and man page.

* Removed unused scripts zpios-profile/*, zpios-test/*,
  zpool-config/*, smb.sh, zpios-sanity.sh, zpios-survey.sh,
  zpios.sh, and zpool-create.sh.

* Removed zfs-script-config.sh.in.  When building 'make' generates
  a common.sh with in-tree path information from the common.sh.in
  template.  This file and sourced by the test scripts and used
  for in-tree testing, it is not included in the packages.  When
  building packages 'make install' uses the same template to
  create a new common.sh which is appropriate for the packaging.

* Removed unused functions/variables from scripts/common.sh.in.
  Only minimal path information and configuration environment
  variables remain.

* Removed unused scripts from scripts/ directory.

* Remaining shell scripts in the scripts directory updated to
  cleanly pass shellcheck and added to checked scripts.

* Renamed tests/test-runner/cmd/ to tests/test-runner/bin/ to
  match install location name.

* Removed last traces of the --enable-debug-dmu-tx configure
  options which was retired some time ago.
Reviewed-by: default avatarGiuseppe Di Natale <dinatale2@llnl.gov>
Signed-off-by: default avatarBrian Behlendorf <behlendorf1@llnl.gov>
Closes #6509
      c8f9061f
  25. 25 May, 2017 2 commits
  27. 06 Apr, 2017 1 commit
  29. 19 Oct, 2016 1 commit
  31. 01 Aug, 2016 1 commit
  33. 20 Jul, 2016 1 commit
    • Tom Caputi's avatar
      Illumos Crypto Port module added to enable native encryption in zfs · 0b04990a
      Tom Caputi authored 
      
A port of the Illumos Crypto Framework to a Linux kernel module (found
in module/icp). This is needed to do the actual encryption work. We cannot
use the Linux kernel's built in crypto api because it is only exported to
GPL-licensed modules. Having the ICP also means the crypto code can run on
any of the other kernels under OpenZFS. I ended up porting over most of the
internals of the framework, which means that porting over other API calls (if
we need them) should be fairly easy. Specifically, I have ported over the API
functions related to encryption, digests, macs, and crypto templates. The ICP
is able to use assembly-accelerated encryption on amd64 machines and AES-NI
instructions on Intel chips that support it. There are place-holder
directories for similar assembly optimizations for other architectures
(although they have not been written).
Signed-off-by: default avatarTom Caputi <tcaputi@datto.com>
Signed-off-by: default avatarTony Hutter <hutter2@llnl.gov>
Signed-off-by: default avatarBrian Behlendorf <behlendorf1@llnl.gov>
Issue #4329
      0b04990a
  35. 24 Apr, 2013 2 commits
  37. 02 Apr, 2013 2 commits
  39. 18 Mar, 2013 2 commits
    • Brian Behlendorf's avatar
      Refresh RPM packaging · f3757573
      Brian Behlendorf authored 
      Refresh the existing RPM packaging to conform to the 'Fedora
Packaging Guidelines'.  This includes adopting the kmods2
packaging standard which is used fod kmods distributed by
rpmfusion for Fedora/RHEL.

  http://fedoraproject.org/wiki/Packaging:Guidelines
  http://rpmfusion.org/Packaging/KernelModules/Kmods2



While the spec files have been entirely rewritten from a
user perspective the only major changes are:

* The Fedora packages now have a build dependency on the
  rpmfusion repositories.  The generic kmod packages also
  have a new dependency on kmodtool-1.22 but it is bundled
  with the source rpm so no additional packages are needed.

* The kernel binary module packages have been renamed from
  zfs-modules-* to kmod-zfs-* as specificed by kmods2.

* The is now a common kmod-zfs-devel-* package in addition
  to the per-kernel devel packages.  The common package
  contains the development headers while the per-kernel
  package contains kernel specific build products.
Signed-off-by: default avatarBrian Behlendorf <behlendorf1@llnl.gov>
Closes #1341
      f3757573
    • Brian Behlendorf's avatar
      Refresh RPM packaging · 493972c8
      Brian Behlendorf authored 
      Refresh the existing RPM packaging to conform to the 'Fedora
Packaging Guidelines'.  This includes adopting the kmods2
packaging standard which is used fod kmods distributed by
rpmfusion for Fedora/RHEL.

  http://fedoraproject.org/wiki/Packaging:Guidelines
  http://rpmfusion.org/Packaging/KernelModules/Kmods2



While the spec files have been entirely rewritten from a
user perspective the only major changes are:

* The Fedora packages now have a build dependency on the
  rpmfusion repositories.  The generic kmod packages also
  have a new dependency on kmodtool-1.22 but it is bundled
  with the source rpm so no additional packages are needed.

* The kernel binary module packages have been renamed from
  spl-modules-* to kmod-spl-* as specificed by kmods2.

* The is now a common kmod-spl-devel-* package in addition
  to the per-kernel devel packages.  The common package
  contains the development headers while the per-kernel
  package contains kernel specific build products.
Signed-off-by: default avatarBrian Behlendorf <behlendorf1@llnl.gov>
Closes #222
      493972c8
  41. 06 Mar, 2013 1 commit
  43. 05 Mar, 2013 1 commit
  45. 11 Sep, 2012 2 commits
  47. 27 Aug, 2012 2 commits
  49. 23 Aug, 2012 1 commit
  51. 11 Mar, 2010 1 commit
  53. 09 Mar, 2010 1 commit
  55. 08 Jan, 2010 2 commits