diff options
author | David Teigland <teigland@redhat.com> | 2019-06-21 13:37:11 -0500 |
---|---|---|
committer | David Teigland <teigland@redhat.com> | 2019-06-25 15:39:08 -0500 |
commit | b4402bd821723067c2becaf8e2a0452d4896cfd7 (patch) | |
tree | 1627d22c3654a09f9adb4aea3b07b295cbb34c53 /tools/commands.h | |
parent | d16142f90fdcf2aef42a51ecabd0c4ff11733d7c (diff) | |
download | lvm2-b4402bd821723067c2becaf8e2a0452d4896cfd7.tar.gz |
exported vg handling
The exported VG checking/enforcement was scattered and
inconsistent. This centralizes it and makes it consistent,
following the existing approach for foreign and shared
VGs/PVs, which are very similar to exported VGs/PVs.
The access policy that now applies to foreign/shared/exported
VGs/PVs, is that if a foreign/shared/exported VG/PV is named
on the command line (i.e. explicitly requested by the user),
and the command is not permitted to operate on it because it
is foreign/shared/exported, then an access error is reported
and the command exits with an error. But, if the command is
processing all VGs/PVs, and happens to come across a
foreign/shared/exported VG/PV (that is not explicitly named on
the command line), then the command silently skips it and does
not produce an error.
A command using tags or --select handles inaccessible VGs/PVs
the same way as a command processing all VGs/PVs, and will
not report/return errors if these inaccessible VGs/PVs exist.
The new policy fixes the exit codes on a somewhat random set of
commands that previously exited with an error if they were
looking at all VGs/PVs and an exported VG existed on the system.
There should be no change to which commands are allowed/disallowed
on exported VGs/PVs.
Certain LV commands (lvs/lvdisplay/lvscan) would previously not
display LVs from an exported VG (for unknown reasons). This has
not changed. The lvm fullreport command would previously report
info about an exported VG but not about the LVs in it. This
has changed to include all info from the exported VG.
Diffstat (limited to 'tools/commands.h')
-rw-r--r-- | tools/commands.h | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/tools/commands.h b/tools/commands.h index 4006fab21..c1670ae66 100644 --- a/tools/commands.h +++ b/tools/commands.h @@ -35,7 +35,7 @@ xx(help, xx(fullreport, "Display full report", - PERMITTED_READ_ONLY | ALL_VGS_IS_DEFAULT | LOCKD_VG_SH | ALLOW_HINTS) + PERMITTED_READ_ONLY | ALL_VGS_IS_DEFAULT | LOCKD_VG_SH | ALLOW_HINTS | ALLOW_EXPORTED) xx(lastlog, "Display last command's log report", @@ -71,7 +71,7 @@ xx(lvmconfig, xx(lvmdiskscan, "List devices that may be used as physical volumes", - PERMITTED_READ_ONLY | ENABLE_ALL_DEVS) + PERMITTED_READ_ONLY | ENABLE_ALL_DEVS | ALLOW_EXPORTED) xx(lvmsadc, "Collect activity data", @@ -115,7 +115,7 @@ xx(pvresize, xx(pvck, "Check metadata on physical volumes", - LOCKD_VG_SH) + LOCKD_VG_SH | ALLOW_EXPORTED) xx(pvcreate, "Initialize physical volume(s) for use by LVM", @@ -127,7 +127,7 @@ xx(pvdata, xx(pvdisplay, "Display various attributes of physical volume(s)", - PERMITTED_READ_ONLY | ENABLE_ALL_DEVS | ENABLE_DUPLICATE_DEVS | LOCKD_VG_SH | CAN_USE_ONE_SCAN | ALLOW_HINTS) + PERMITTED_READ_ONLY | ENABLE_ALL_DEVS | ENABLE_DUPLICATE_DEVS | LOCKD_VG_SH | CAN_USE_ONE_SCAN | ALLOW_HINTS | ALLOW_EXPORTED) /* ALL_VGS_IS_DEFAULT is for polldaemon to find pvmoves in-progress using process_each_vg. */ @@ -145,11 +145,11 @@ xx(pvremove, xx(pvs, "Display information about physical volumes", - PERMITTED_READ_ONLY | ALL_VGS_IS_DEFAULT | ENABLE_ALL_DEVS | ENABLE_DUPLICATE_DEVS | LOCKD_VG_SH | CAN_USE_ONE_SCAN | ALLOW_HINTS) + PERMITTED_READ_ONLY | ALL_VGS_IS_DEFAULT | ENABLE_ALL_DEVS | ENABLE_DUPLICATE_DEVS | LOCKD_VG_SH | CAN_USE_ONE_SCAN | ALLOW_HINTS | ALLOW_EXPORTED) xx(pvscan, "List all physical volumes", - PERMITTED_READ_ONLY | LOCKD_VG_SH) + PERMITTED_READ_ONLY | LOCKD_VG_SH | ALLOW_EXPORTED) xx(segtypes, "List available segment types", @@ -165,11 +165,11 @@ xx(tags, xx(vgcfgbackup, "Backup volume group configuration(s)", - PERMITTED_READ_ONLY | ALL_VGS_IS_DEFAULT | LOCKD_VG_SH) + PERMITTED_READ_ONLY | ALL_VGS_IS_DEFAULT | LOCKD_VG_SH | ALLOW_EXPORTED) xx(vgcfgrestore, "Restore volume group configuration", - 0) + ALLOW_EXPORTED) xx(vgchange, "Change volume group attributes", @@ -189,7 +189,7 @@ xx(vgcreate, xx(vgdisplay, "Display volume group information", - PERMITTED_READ_ONLY | ALL_VGS_IS_DEFAULT | LOCKD_VG_SH | CAN_USE_ONE_SCAN | ALLOW_HINTS) + PERMITTED_READ_ONLY | ALL_VGS_IS_DEFAULT | LOCKD_VG_SH | CAN_USE_ONE_SCAN | ALLOW_HINTS | ALLOW_EXPORTED) xx(vgexport, "Unregister volume group(s) from the system", @@ -201,10 +201,11 @@ xx(vgextend, xx(vgimport, "Register exported volume group with system", - ALL_VGS_IS_DEFAULT) + ALL_VGS_IS_DEFAULT | ALLOW_EXPORTED) xx(vgimportclone, - "Import a VG from cloned PVs", 0) + "Import a VG from cloned PVs", + ALLOW_EXPORTED) xx(vgmerge, "Merge volume groups", @@ -224,15 +225,15 @@ xx(vgremove, xx(vgrename, "Rename a volume group", - ALLOW_UUID_AS_NAME) + ALLOW_UUID_AS_NAME | ALLOW_EXPORTED) xx(vgs, "Display information about volume groups", - PERMITTED_READ_ONLY | ALL_VGS_IS_DEFAULT | LOCKD_VG_SH | CAN_USE_ONE_SCAN | ALLOW_HINTS) + PERMITTED_READ_ONLY | ALL_VGS_IS_DEFAULT | LOCKD_VG_SH | CAN_USE_ONE_SCAN | ALLOW_HINTS | ALLOW_EXPORTED) xx(vgscan, "Search for all volume groups", - PERMITTED_READ_ONLY | ALL_VGS_IS_DEFAULT | LOCKD_VG_SH) + PERMITTED_READ_ONLY | ALL_VGS_IS_DEFAULT | LOCKD_VG_SH | ALLOW_EXPORTED) xx(vgsplit, "Move physical volumes into a new or existing volume group", |