From: Christopher Hoffman <choffman@redhat.com>
Date: Wed, 12 Mar 2025 21:31:35 +0000 (+0000)
Subject: client: Add client_fscrypt_as option
X-Git-Tag: testing/wip-vshankar-testing-20260120.085915-debug^2~13^2~68
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=87d79b646384af04465e7fc221fb8808bdfc00be;p=ceph-ci.git

client: Add client_fscrypt_as option

Add option to toggle enforcement of fscrypt access semantics.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>
---

diff --git a/src/client/Client.cc b/src/client/Client.cc
index c5d741f4515..27cdf27312c 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -3988,7 +3988,7 @@ int Client::get_caps(Fh *fh, int need, int want, int *phave, loff_t endoff)
     if ((need & CEPH_CAP_FILE_WR) &&
         ((in->auth_cap && in->auth_cap->session->readonly) ||
         // (is locked)
-        (in->is_fscrypt_enabled() && is_inode_locked(in))))
+        (in->is_fscrypt_enabled() && is_inode_locked(in) && cct->_conf.get_val<bool>("client_fscrypt_as"))))
       return -EROFS;
 
     if (in->flags & I_CAP_DROPPED) {
@@ -6371,7 +6371,7 @@ int Client::may_open(const InodeRef& in, int flags, const UserPerm& perms)
   ldout(cct, 20) << __func__ << " " << *in << "; " << perms << dendl;
   unsigned want = 0;
 
-  if (!in->is_dir() && is_inode_locked(in))
+  if (!in->is_dir() && is_inode_locked(in) && cct->_conf.get_val<bool>("client_fscrypt_as"))
     return -ENOKEY;
 
   if ((flags & O_ACCMODE) == O_WRONLY)
@@ -6427,7 +6427,7 @@ out:
 int Client::may_create(const InodeRef& dir, const UserPerm& perms)
 {
   ldout(cct, 20) << __func__ << " " << *dir << "; " << perms << dendl;
-  if (dir->is_dir() && is_inode_locked(dir))
+  if (dir->is_dir() && is_inode_locked(dir) && cct->_conf.get_val<bool>("client_fscrypt_as"))
     return -ENOKEY;
 
   int r = _getattr_for_perm(dir, perms);
diff --git a/src/common/options/mds-client.yaml.in b/src/common/options/mds-client.yaml.in
index cb77a0c91ff..82e6995244e 100644
--- a/src/common/options/mds-client.yaml.in
+++ b/src/common/options/mds-client.yaml.in
@@ -618,3 +618,13 @@ options:
   services:
   - mds_client
   min: 0
+- name: client_fscrypt_as
+  type: bool
+  level: advanced
+  desc: Enable fscrypt access semantics
+  long_desc: Enable fscrypt access semantics for locked/unlocked states.
+  default: true
+  services:
+  - mds_client
+  flags:
+  - runtime