[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-nfs
Subject:    Re: [PATCH 2/2] mountd: never root squash on the pseudofs
From:       Steve Dickson <SteveD () RedHat ! com>
Date:       2020-12-26 19:32:56
Message-ID: c8356607-57b7-ef02-be19-6eeb76789731 () RedHat ! com
[Download RAW message or body]



On 12/2/20 8:14 PM, bfields@fieldses.org wrote:
> From: "J. Bruce Fields" <bfields@redhat.com>
> 
> As with security flavors and "secure" ports, we tried to code this so
> that pseudofs directories would inherit root squashing from their
> children, but it doesn't really work as coded and I'm not sure it's
> useful.
> 
> Let's just not root squash.  The risk is pretty low since the pseudofs
> is readonly, and we'd rather not risk failing a mount unnecessarily.
> 
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
My apologies for taking so long to get to this... I lost it in the weeds ;-)

Both patches Committed!

steved. 
> ---
>  utils/mountd/v4root.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> index 39dd87a94e59..c42ba72380ea 100644
> --- a/utils/mountd/v4root.c
> +++ b/utils/mountd/v4root.c
> @@ -34,7 +34,7 @@ static nfs_export pseudo_root = {
>  	.m_export = {
>  		.e_hostname = "*",
>  		.e_path = "/",
> -		.e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
> +		.e_flags = NFSEXP_READONLY
>  				| NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
>  				| NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT,
>  		.e_anonuid = 65534,
> @@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo)
>  	struct flav_info *flav;
>  	int i;
>  
> -	if ((flags & NFSEXP_ROOTSQUASH) == 0)
> -		pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
>  	for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
>  		struct sec_entry *new;
>  
> 

[prev in list] [next in list] [prev in thread] [next in thread]