client: Add client_fscrypt_as option

author Christopher Hoffman <choffman@redhat.com>

Wed, 12 Mar 2025 21:31:35 +0000 (21:31 +0000)

committer Christopher Hoffman <choffman@redhat.com>

Fri, 15 Aug 2025 16:03:30 +0000 (16:03 +0000)
author Christopher Hoffman <choffman@redhat.com>
Wed, 12 Mar 2025 21:31:35 +0000 (21:31 +0000)
committer Christopher Hoffman <choffman@redhat.com>
Fri, 15 Aug 2025 16:03:30 +0000 (16:03 +0000)
diff --git a/src/client/Client.cc b/src/client/Client.cc

index 6b4dd7f1a821900960b87a3ce74058360f0ca18a..c1b27c8244b51f2979fa12f0a88748378117f36b 100644 (file)
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -3963,7 +3963,7 @@ int Client::get_caps(Fh *fh, int need, int want, int *phave, loff_t endoff)
      if ((need & CEPH_CAP_FILE_WR) &&
          ((in->auth_cap && in->auth_cap->session->readonly) ||
          // (is locked)
-        (in->is_fscrypt_enabled() && is_inode_locked(in))))
+        (in->is_fscrypt_enabled() && is_inode_locked(in) && cct->_conf.get_val<bool>("client_fscrypt_as"))))
        return -EROFS;
  
      if (in->flags & I_CAP_DROPPED) {
@@ -6334,7 +6334,7 @@ int Client::may_open(const InodeRef& in, int flags, const UserPerm& perms)
    ldout(cct, 20) << __func__ << " " << *in << "; " << perms << dendl;
    unsigned want = 0;
  
-  if (!in->is_dir() && is_inode_locked(in))
+  if (!in->is_dir() && is_inode_locked(in) && cct->_conf.get_val<bool>("client_fscrypt_as"))
      return -ENOKEY;
  
    if ((flags & O_ACCMODE) == O_WRONLY)
@@ -6390,7 +6390,7 @@ out:
  int Client::may_create(const InodeRef& dir, const UserPerm& perms)
  {
    ldout(cct, 20) << __func__ << " " << *dir << "; " << perms << dendl;
-  if (dir->is_dir() && is_inode_locked(dir))
+  if (dir->is_dir() && is_inode_locked(dir) && cct->_conf.get_val<bool>("client_fscrypt_as"))
      return -ENOKEY;
  
    int r = _getattr_for_perm(dir, perms);
diff --git a/src/common/options/mds-client.yaml.in b/src/common/options/mds-client.yaml.in

index a35c3c76489e26cbf16aae5a7b722d14726dcc18..3223cc4e6dea2209d7554e481f668d0edd94ab6a 100644 (file)
--- a/src/common/options/mds-client.yaml.in
+++ b/src/common/options/mds-client.yaml.in
@@ -597,4 +597,14 @@ options:
    default: 16
    services:
    - mds_client
-  min: 1
-\ No newline at end of file
+  min: 1
+- name: client_fscrypt_as
+  type: bool
+  level: advanced
+  desc: Enable fscrypt access semantics
+  long_desc: Enable fscrypt access semantics for locked/unlocked states.
+  default: true
+  services:
+  - mds_client
+  flags:
+  - runtime
author	Christopher Hoffman <choffman@redhat.com>
	Wed, 12 Mar 2025 21:31:35 +0000 (21:31 +0000)
committer	Christopher Hoffman <choffman@redhat.com>
	Fri, 15 Aug 2025 16:03:30 +0000 (16:03 +0000)
src/client/Client.cc		patch \| blob \| history
src/common/options/mds-client.yaml.in		patch \| blob \| history