client: Add client_fscrypt_as option

author Christopher Hoffman <choffman@redhat.com>

Wed, 12 Mar 2025 21:31:35 +0000 (21:31 +0000)

committer Christopher Hoffman <choffman@redhat.com>

Wed, 5 Nov 2025 13:59:35 +0000 (13:59 +0000)
author Christopher Hoffman <choffman@redhat.com>
Wed, 12 Mar 2025 21:31:35 +0000 (21:31 +0000)
committer Christopher Hoffman <choffman@redhat.com>
Wed, 5 Nov 2025 13:59:35 +0000 (13:59 +0000)
diff --git a/src/client/Client.cc b/src/client/Client.cc

index c5d741f451531fe193d401b2fb8d0f66195af9ee..27cdf27312c9dc08c9996116429d0b3bc5006df6 100644 (file)
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -3988,7 +3988,7 @@ int Client::get_caps(Fh *fh, int need, int want, int *phave, loff_t endoff)
      if ((need & CEPH_CAP_FILE_WR) &&
          ((in->auth_cap && in->auth_cap->session->readonly) ||
          // (is locked)
-        (in->is_fscrypt_enabled() && is_inode_locked(in))))
+        (in->is_fscrypt_enabled() && is_inode_locked(in) && cct->_conf.get_val<bool>("client_fscrypt_as"))))
        return -EROFS;
  
      if (in->flags & I_CAP_DROPPED) {
@@ -6371,7 +6371,7 @@ int Client::may_open(const InodeRef& in, int flags, const UserPerm& perms)
    ldout(cct, 20) << __func__ << " " << *in << "; " << perms << dendl;
    unsigned want = 0;
  
-  if (!in->is_dir() && is_inode_locked(in))
+  if (!in->is_dir() && is_inode_locked(in) && cct->_conf.get_val<bool>("client_fscrypt_as"))
      return -ENOKEY;
  
    if ((flags & O_ACCMODE) == O_WRONLY)
@@ -6427,7 +6427,7 @@ out:
  int Client::may_create(const InodeRef& dir, const UserPerm& perms)
  {
    ldout(cct, 20) << __func__ << " " << *dir << "; " << perms << dendl;
-  if (dir->is_dir() && is_inode_locked(dir))
+  if (dir->is_dir() && is_inode_locked(dir) && cct->_conf.get_val<bool>("client_fscrypt_as"))
      return -ENOKEY;
  
    int r = _getattr_for_perm(dir, perms);
diff --git a/src/common/options/mds-client.yaml.in b/src/common/options/mds-client.yaml.in

index cb77a0c91ff2768ba888c050c50a1b19a2d3abeb..82e6995244ea73f667e31daa4014cebd088a8347 100644 (file)
--- a/src/common/options/mds-client.yaml.in
+++ b/src/common/options/mds-client.yaml.in
@@ -618,3 +618,13 @@ options:
    services:
    - mds_client
    min: 0
+- name: client_fscrypt_as
+  type: bool
+  level: advanced
+  desc: Enable fscrypt access semantics
+  long_desc: Enable fscrypt access semantics for locked/unlocked states.
+  default: true
+  services:
+  - mds_client
+  flags:
+  - runtime
author	Christopher Hoffman <choffman@redhat.com>
	Wed, 12 Mar 2025 21:31:35 +0000 (21:31 +0000)
committer	Christopher Hoffman <choffman@redhat.com>
	Wed, 5 Nov 2025 13:59:35 +0000 (13:59 +0000)
src/client/Client.cc		patch \| blob \| history
src/common/options/mds-client.yaml.in		patch \| blob \| history