Re: ZFS sharenfs broken

Reply: Shawn Webb : "Re: ZFS sharenfs broken"
In reply to: Shawn Webb : "ZFS sharenfs broken"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alan Somers <asomers_at_freebsd.org>
Date: Thu, 24 Oct 2024 20:36:47 UTC

I think that's just an exports(5) syntax error.  I don't think "="
should follow "-ro".  Try this instead:

zfs set sharenfs='-ro -alldirs 172.16.1.0/24' rpool/data/build/pub

On Thu, Oct 24, 2024 at 2:26 PM Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
>
> Hey all,
>
> I'm exposing some ZFS datasets using the `zfs set sharenfs` option.
> However, this causes mountd to complain:
>
> ==== BEGIN mountd LOG ====
> Oct 24 20:19:59 hbsd-os-build-01 mountd[89840]: bad exports list line '/data/build/pub/current  -ro'
> Oct 24 20:20:07 hbsd-os-build-01 mountd[14071]: = after op: ro
> Oct 24 20:20:07 hbsd-os-build-01 mountd[14071]: bad exports list line '/data/build/pub  -ro'
> Oct 24 20:20:07 hbsd-os-build-01 mountd[14071]: = after op: ro
> Oct 24 20:20:07 hbsd-os-build-01 mountd[14071]: bad exports list line '/data/build/pub/13-stable        -ro'
> Oct 24 20:20:07 hbsd-os-build-01 mountd[14071]: = after op: ro
> Oct 24 20:20:07 hbsd-os-build-01 mountd[14071]: bad exports list line '/data/build/pub/cross-dso-cfi    -ro'
> Oct 24 20:20:07 hbsd-os-build-01 mountd[14071]: = after op: ro
> ==== END mountd LOG ====
>
> The command I ran for those datasets:
>
> zfs set sharenfs='ro=172.16.1.0/24,-alldirs' rpool/data/build/pub
>
> (Replace that last argument with the other datasets. The same exact
> command was used, just with the dataset changed.)
>
> The /etc/zfs/exports file contains:
>
> ==== BEGIN exports ====
> # !!! DO NOT EDIT THIS FILE MANUALLY !!!
>
> /data/build/pub -ro=172.16.1.0/24 -alldirs
> /data/build/pub/13-stable       -ro=172.16.1.0/24 -alldirs
> /data/build/pub/cross-dso-cfi   -ro=172.16.1.0/24 -alldirs
> /data/build/pub/current -ro=172.16.1.0/24 -alldirs
> ==== END exports ===
>
> I'm a bit unsure of what to do here. I'm not sure if the issue lies in
> ZFS or mountd or something else entirely.
>
> `uname -a` shows:
>
> FreeBSD hbsd-os-build-01 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD #0  hardened/current/master-n194236-a8e5e4e37b03: Thu Oct 24 19:49:31 UTC 2024     root@hbsd-os-build-01:/usr/obj/usr/src/amd64.amd64/sys/HARDENEDBSD amd64
>
> Thanks,
>
> --
> Shawn Webb
> Cofounder / Security Engineer
> HardenedBSD
>
> Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
> https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc