Re: RFC: nfsd in a vnet jail

From: Rick Macklem <rick.macklem_at_gmail.com>
Date: Thu, 22 Dec 2022 17:45:29 UTC
On Mon, Dec 19, 2022 at 9:36 AM Bjoern A. Zeeb <bz@freebsd.org> wrote:

> On Mon, 19 Dec 2022, Rick Macklem wrote:
> [good stuff snipped]
> > Unfortunately, this does not deal with vnet'ng the kgssapi, rpcsec_gss
> for
> > Kerberized mounts or vnet'ng NFS-over-TLS, but those could be handled in
> a
> > similar manner, I think?
>
> Could be, yes.
>
> I have now created a patch for the NFS-over-TLS part of the krpc.
It uses the same technique, except the macros are called KRPC_VNETxxx
instead of NFSD_VNETxxx.

The patches are in phabricator as:
D37519 - Most of the changes.
D37777 - The krpc changes for NFS-over-TLS
D37741 - The vfs_mount.c changes in D37519
Although I listed a few possible reviewers, anyone is welcome to test
and/or review them.

The patches are also here (in a form that "patch" might prefer):
https://people.freebsd.org/~rmacklem/vnet.patch
https://people.freebsd.org/~rmacklem/vnetsmall-rpctls.patch

rick


>
> > So, what do others think of this alternate plan?
> >
> > rick
> > ps: Every use of the vnet'd variables is currently wrapped in a macro
> called
> >    NFSD_VNET(), so the change is pretty easy to do by just re-writing
> this
> > macro.
> >
>
> --
> Bjoern A. Zeeb                                                     r15:7
>