Re: 14.1 NFS / mountd : -alldirs not working as expected

Reply: Rick Macklem : "Re: 14.1 NFS / mountd : -alldirs not working as expected"
In reply to: Rick Macklem : "Re: 14.1 NFS / mountd : -alldirs not working as expected"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Rick Macklem <rick.macklem_at_gmail.com>
Date: Mon, 25 Nov 2024 23:57:05 UTC
On Mon, Nov 25, 2024 at 2:55 PM Rick Macklem <rick.macklem@gmail.com> wrote:
>
> On Wed, Nov 20, 2024 at 8:01 PM Michael Proto <mike@jellydonut.org> wrote:
> >
> > Hello all,
> >
> > Running into an issue with a 14.1 server that I think is a bug, though
> > it may be me not interpreting documentation correctly so I wanted to
> > ask here.
> >
> > Using NFSv3, with FreeBSD 14.1 as the NFS server. Based on what I see
> > in exports(5), if I want to export conditional mounts (IE filesystem
> > paths that are intermittently mounted locally on server) I should use
> > -alldirs and specify the mount-point as the export. Per the manpage,
> > this export should only be accessible when the exported directory is
> > actually the root of a mounted filesystem. Currently if mountd is
> > HUPed while the export isn't a filesystem mount I get the warning
> > about exporting the filesystem "below" the export (root-FS in this
> > case) and I can actually mount the root-FS from the client, instead of
> > getting an error as I would expect. Using the specific example for a
> > sometimes-mounted /cdrom in exports(5) can demonstrate this behavior.
Just fyi, I also plan on coming up with a patch for exports(5) to make the
correct semantics of -alldirs clearer. It only explains that -alldirs
is only supposed
to work on mount points in the examples section. It took me a couple of
passes through it before I spotted it and realized this is a bug.

rick

> >
> >   /etc/rc.conf :
> > nfs_server_enable="YES"
> > rpcbind_enable="YES"
> > rpc_statd_enable="YES"
> > rpc_lockd_enable="YES"
> > mountd_enable="YES"
> >
> >   /etc/exports :
> > /cdrom -alldirs,quiet,ro -network=10.0.0.0/24
> >
> > (at this time /cdrom exists as a directory but is not currently a
> > filesystem mount point)
> > on the server:
> > root@zfstest1:~ # killall -HUP mountd
> >
> >   /var/log/messages:
> > Nov 20 22:34:56 zfstest1 mountd[27724]: Warning: exporting /cdrom
> > exports entire / file system
> I took a closer look and this is a bug. It appears that -alldirs is supposed
> to fail when a non-mountpoint is exported.
>
> It appears to have been introduced to the system long ago, although I
> haven't yet tracked down the commit.
>
> mountd.c assumes that nmount(8) will fail when the directory path
> is not a mount point, however for MNT_UPDATE (which is what is
> used to export file systems) this is not the case.
>
> Please create a bugzilla bug report for this and I will work on a patch.
>
> Btw, quiet is also broken in the sense that it will cause any nmount(8)
> failure to fail. However, since nmount(8) does not fail for this case,
> it hardly matters. I will come up with a patch for this too, since it is
> easy to fix.
>
> Thanks for reporting this, rick
>
> >
> > root@zfstest1:~ # showmount -e
> > Exports list on localhost:
> > /cdrom                             10.0.0.0
> >
> >
> > on a client, I can now mount "/" from my server zfstest1:
> >
> > root@client1:~ # mount -r -t nfs zfstest1:/ /mnt
> > root@client1:~ # mount | tail -n1
> > zfstest1:/ on /mnt (nfs, read-only)
> >
> > The root-FS of zfstest1 is indeed visible in /mnt on client1
> >
> > From what I see in /usr/src/usr.sbin/mountd/mountd.c this isn't
> > supposed to happen (I'm no C programmer but this did read something
> > like I should receive an export error from mountd when I send a HUP):
> > ...
> >                 } else if (!strcmp(cpopt, "alldirs")) {
> >                         opt_flags |= OP_ALLDIRS;
> > ...
> >                                 if (opt_flags & OP_ALLDIRS) {
> >                                         if (errno == EINVAL)
> >                                                 syslog(LOG_ERR,
> >                 "-alldirs requested but %s is not a filesystem mountpoint",
> >                                                     dirp);
> >                                         else
> >                                                 syslog(LOG_ERR,
> >                                                     "could not remount %s: %m",
> >                                                     dirp);
> >                                         ret = 1;
> >                                         goto error_exit;
> >                                 }
> >
> > I suspect this code path isn't being hit since I'm getting the mountd
> > warning I referenced above instead of this error. This appears to be a
> > possible recurrence of a very old bug that depicts similar behavior :
> > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=170413
> > While it appears the "-sec" issue referenced in that bug is fixed in
> > the listed PRs I didn't see anything on this -alldirs issue that's
> > also mentioned there, maybe that's why I'm running into this now?
> >
> > I'd be totally unsurprised if my /etc/exports file isn't configured
> > correctly, but I reduced my setup to just the example in the exports
> > man page and I'm struggling to determine how to interpret that
> > information differently. I also tried an export of /cdrom with only
> > "-alldirs" as an option and I get the same behavior. Ideas?
> >
> >
> > Thanks,
> > Michael Proto
> >