Re: RFC: nfsd in a vnet jail
- In reply to: Bjoern A. Zeeb: "Re: RFC: nfsd in a vnet jail"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 22 Dec 2022 17:45:29 UTC
On Mon, Dec 19, 2022 at 9:36 AM Bjoern A. Zeeb <bz@freebsd.org> wrote: > On Mon, 19 Dec 2022, Rick Macklem wrote: > [good stuff snipped] > > Unfortunately, this does not deal with vnet'ng the kgssapi, rpcsec_gss > for > > Kerberized mounts or vnet'ng NFS-over-TLS, but those could be handled in > a > > similar manner, I think? > > Could be, yes. > > I have now created a patch for the NFS-over-TLS part of the krpc. It uses the same technique, except the macros are called KRPC_VNETxxx instead of NFSD_VNETxxx. The patches are in phabricator as: D37519 - Most of the changes. D37777 - The krpc changes for NFS-over-TLS D37741 - The vfs_mount.c changes in D37519 Although I listed a few possible reviewers, anyone is welcome to test and/or review them. The patches are also here (in a form that "patch" might prefer): https://people.freebsd.org/~rmacklem/vnet.patch https://people.freebsd.org/~rmacklem/vnetsmall-rpctls.patch rick > > > So, what do others think of this alternate plan? > > > > rick > > ps: Every use of the vnet'd variables is currently wrapped in a macro > called > > NFSD_VNET(), so the change is pretty easy to do by just re-writing > this > > macro. > > > > -- > Bjoern A. Zeeb r15:7 >