[RFC] Domain of Interpretation mapping daemon

[Dave Quigley]

On Mon, 2007-12-03 at 11:19 +1100, Neil Brown wrote:
> On Friday November 30, dpquigl at tycho.nsa.gov wrote:
> > 
> > It seems odd but there are several entries in the localtoglobal cache
> > that are the same. I have pasted the output below. It seems odd to me
> > that the same label is in there several times with the only difference
> > being the expiry time. Being a cache I'd assume it would use the
> > existing entry until expiry time so there must be something wrong with
> > my code. This is a smaller list than I originally had since some of the
> > entries expired. The first time I tried this there were some entries
> > with a ref count of 2.
> > 
> > [root at moss-saturn nfs4.localtoglobal]# echo 0
> > > /proc/sys/sunrpc/rpc_debug
> > [root at moss-saturn nfs4.localtoglobal]# cat content 
> > local [global]
> > unconfined_u:object_r:default_t:s0 0s:t_tluafed:r_tcejbo:u_denifnocnu
> > unconfined_u:object_r:default_t:s0 0s:t_tluafed:r_tcejbo:u_denifnocnu
> > unconfined_u:object_r:default_t:s0 0s:t_tluafed:r_tcejbo:u_denifnocnu
> ....
> 
> Your _match function is wrong.
> 
> It should return 'true' (non-zero) if there is a match, and 'false'
> (zero) if the two are different.
> But you are returning the result of strcmp, which is exactly the
> reverse of this.
> Use
>    strcmp(...) == 0
> 
> and it should work.
> 
> NeilBrown

Thanks Neil that solved the problem and everything is working perfectly.
I just need to work on an interface similar to PAM to allow people to
develop a module to plug into the mapping daemon for their specific LSM.
Another thing that might be interesting is to rework the doimapping and
idmapping daemons into a generic mapping daemon that can have requests
sent to it from kernel space and pass them onto the appropriate mapping
modules. I don't think that I would be able to get around to that in the
near future but it would be interesting to consider the benefits and
disadvantages of such a method.

Dave