RFC: don't allow any access to unexported mounts for NFSv4
Rick Macklem
rmacklem at uoguelph.ca
Thu Jun 16 14:52:20 UTC 2011
Hi,
I'm doing NFS interop testing this week and found out that
the Linux NFSv4 client needs to do the Access Op during mounting.
This is a one line patch, but I realized that if this exports
semantic should change, that now is seems to be the right time.
Background:
So that clients could do NFSv4 mounts using the same paths as
would be used for NFSv3, I put a "hack" in the NFSv4 server that
allowed a minimal set of non-modifying operations be done on
file systems that aren't exported so that they could be traversed
during a mount. Subsequent to this, I found out that this doesn't
work for ZFS.
So, currently...
- The semantics for UFS/FFS are not the same as for ZFS.
- Allowing this minimal set of operations introduces the potential
for a security risk because...
- This semantic is confusing to users. (Partially because the
exports.5 man page doesn't explain it well/at all.)
As such, I think it might be better to remove the "hack" and
simply require that all file systems from the NFSv4 root down
be exported (which is what is needed for ZFS now, afaik).
The downside of doing this is that the mount paths for NFSv4 are
different than for NFSv3 unless all file systems on the server
are at least exported read-only. (A work around is to build a
small file system that mimicks the directory tree above the
exported file systems with leaves that point to the mount points
and export that with the root of that being the NFSv4 root. At
least I think this works, although I haven't tested it with symlinks
for the leaves to the mount points.)
So, what to you think w.r.t. removing this "hack" for FreeBSD9?
Thanks in advance for any comments, rick
ps: Sorry this is so long, but I thought I'd better try and explain
it.
More information about the freebsd-fs
mailing list