From nobody Thu Nov 21 04:00:44 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Xv4K76FSJz5f9X3 for ; Thu, 21 Nov 2024 04:00:59 +0000 (UTC) (envelope-from mike@jellydonut.org) Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Xv4K656SGz4dxb for ; Thu, 21 Nov 2024 04:00:58 +0000 (UTC) (envelope-from mike@jellydonut.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=jellydonut.org header.s=google header.b=YUqKXVZX; spf=pass (mx1.freebsd.org: domain of mike@jellydonut.org designates 2a00:1450:4864:20::435 as permitted sender) smtp.mailfrom=mike@jellydonut.org; dmarc=pass (policy=none) header.from=jellydonut.org Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-37ece998fe6so49880f8f.1 for ; Wed, 20 Nov 2024 20:00:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jellydonut.org; s=google; t=1732161656; x=1732766456; darn=freebsd.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=lDmoIfXLMo91D5TES9MOSecgz79xpBG8iqB433sY0DM=; b=YUqKXVZXLHy41IpzyPe2j8m38DzLJmtQC09ITMCfnMvZV2lHrZPLixLfZ4GxvC0UL0 LZRBK8ux1E6imei4WfP2Xa+JfydFqJKxnISjaTrZ9ao12lWjbu1tmzqrUclugvraO/bc JmZuDQFXW6R7d01dqJoBE5kGMKHto4Bz0mMyQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732161656; x=1732766456; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=lDmoIfXLMo91D5TES9MOSecgz79xpBG8iqB433sY0DM=; b=gLrgc1b7ZRf73uFZUTqHCXxUxvPH3xcyZh6lozcAJcBHDe12OO96EcC1wRKqdYGLlr CHc+1YN8CXH84KbCRmpeyxEIIIQQ4gtaanlnW48dMR7HIHl1ZTLMdK4RsAvGG5Qn5asf OLoQ5FQbjBTj2cPDPwxUYql6YW9eVHmNWxvS9br25xFbCQP7GJMWdVc5dpQgaJMfgNCV bDKV2NC4weK8zqPzNCg2p3CQ05GZgCQGQnvpsuXMRCmiwiJua5CT0APgZgCT9IWWV+c7 oI+xQOzoWuEUEYJPks/sAY1M/7C0Wx7fT6lF4UC9a6hnCfxxZ3uQ2PGbJ3LogczU/XIE k6qA== X-Gm-Message-State: AOJu0YzQCx5wx20shdUBQ352sS4nx5QN7lQxsXuxIhqMYnVunzCEd/GI PseRSJnygU14+jFmT0TqAhbnUSzXI/ApYZuQgx3CjFQko81DNQVaMS0VKEr8KOEUDhLgcmPsIDQ E8avdSwiLQpUAn6TjdqyGA6XJmOUVyoHC887lbGnczNOBw6UoCA== X-Gm-Gg: ASbGnctxw9uil7hoXfIYi2BN07fXze+XWTeetI+zQt6kZzRRRLInbb5SG4GRBx1FnTM C5cU9mP7hcX8lhyTASTbwI3DyeBGjMXGM1ZtIt8En4137Gg== X-Google-Smtp-Source: AGHT+IFemUjlRY1PFGXSMeFI9e38iO+5+qrVabI2OxXqRlv6+meXjkPVhsZUBoWDlK62fY1bSNZAzj5WNT8Wo15h/hY= X-Received: by 2002:a05:6000:18a3:b0:37d:47a4:ec2b with SMTP id ffacd0b85a97d-38254b16665mr1359136f8f.11.1732161654945; Wed, 20 Nov 2024 20:00:54 -0800 (PST) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-stable@freebsd.org Sender: owner-freebsd-stable@FreeBSD.org MIME-Version: 1.0 From: Michael Proto Date: Wed, 20 Nov 2024 23:00:44 -0500 Message-ID: Subject: 14.1 NFS / mountd : -alldirs not working as expected To: FreeBSD-STABLE Mailing List Content-Type: text/plain; charset="UTF-8" X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[jellydonut.org,none]; R_DKIM_ALLOW(-0.20)[jellydonut.org:s=google]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[mike]; MISSING_XM_UA(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::435:from]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; TO_DN_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; DKIM_TRACE(0.00)[jellydonut.org:+] X-Rspamd-Queue-Id: 4Xv4K656SGz4dxb X-Spamd-Bar: --- Hello all, Running into an issue with a 14.1 server that I think is a bug, though it may be me not interpreting documentation correctly so I wanted to ask here. Using NFSv3, with FreeBSD 14.1 as the NFS server. Based on what I see in exports(5), if I want to export conditional mounts (IE filesystem paths that are intermittently mounted locally on server) I should use -alldirs and specify the mount-point as the export. Per the manpage, this export should only be accessible when the exported directory is actually the root of a mounted filesystem. Currently if mountd is HUPed while the export isn't a filesystem mount I get the warning about exporting the filesystem "below" the export (root-FS in this case) and I can actually mount the root-FS from the client, instead of getting an error as I would expect. Using the specific example for a sometimes-mounted /cdrom in exports(5) can demonstrate this behavior. /etc/rc.conf : nfs_server_enable="YES" rpcbind_enable="YES" rpc_statd_enable="YES" rpc_lockd_enable="YES" mountd_enable="YES" /etc/exports : /cdrom -alldirs,quiet,ro -network=10.0.0.0/24 (at this time /cdrom exists as a directory but is not currently a filesystem mount point) on the server: root@zfstest1:~ # killall -HUP mountd /var/log/messages: Nov 20 22:34:56 zfstest1 mountd[27724]: Warning: exporting /cdrom exports entire / file system root@zfstest1:~ # showmount -e Exports list on localhost: /cdrom 10.0.0.0 on a client, I can now mount "/" from my server zfstest1: root@client1:~ # mount -r -t nfs zfstest1:/ /mnt root@client1:~ # mount | tail -n1 zfstest1:/ on /mnt (nfs, read-only) The root-FS of zfstest1 is indeed visible in /mnt on client1 From what I see in /usr/src/usr.sbin/mountd/mountd.c this isn't supposed to happen (I'm no C programmer but this did read something like I should receive an export error from mountd when I send a HUP): ... } else if (!strcmp(cpopt, "alldirs")) { opt_flags |= OP_ALLDIRS; ... if (opt_flags & OP_ALLDIRS) { if (errno == EINVAL) syslog(LOG_ERR, "-alldirs requested but %s is not a filesystem mountpoint", dirp); else syslog(LOG_ERR, "could not remount %s: %m", dirp); ret = 1; goto error_exit; } I suspect this code path isn't being hit since I'm getting the mountd warning I referenced above instead of this error. This appears to be a possible recurrence of a very old bug that depicts similar behavior : https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=170413 While it appears the "-sec" issue referenced in that bug is fixed in the listed PRs I didn't see anything on this -alldirs issue that's also mentioned there, maybe that's why I'm running into this now? I'd be totally unsurprised if my /etc/exports file isn't configured correctly, but I reduced my setup to just the example in the exports man page and I'm struggling to determine how to interpret that information differently. I also tried an export of /cdrom with only "-alldirs" as an option and I get the same behavior. Ideas? Thanks, Michael Proto