[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-nfs
Subject: Re: [PATCH 2/2] mountd: never root squash on the pseudofs
From: Steve Dickson <SteveD () RedHat ! com>
Date: 2020-12-26 19:32:56
Message-ID: c8356607-57b7-ef02-be19-6eeb76789731 () RedHat ! com
[Download RAW message or body]
On 12/2/20 8:14 PM, bfields@fieldses.org wrote:
> From: "J. Bruce Fields" <bfields@redhat.com>
>
> As with security flavors and "secure" ports, we tried to code this so
> that pseudofs directories would inherit root squashing from their
> children, but it doesn't really work as coded and I'm not sure it's
> useful.
>
> Let's just not root squash. The risk is pretty low since the pseudofs
> is readonly, and we'd rather not risk failing a mount unnecessarily.
>
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
My apologies for taking so long to get to this... I lost it in the weeds ;-)
Both patches Committed!
steved.
> ---
> utils/mountd/v4root.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> index 39dd87a94e59..c42ba72380ea 100644
> --- a/utils/mountd/v4root.c
> +++ b/utils/mountd/v4root.c
> @@ -34,7 +34,7 @@ static nfs_export pseudo_root = {
> .m_export = {
> .e_hostname = "*",
> .e_path = "/",
> - .e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
> + .e_flags = NFSEXP_READONLY
> | NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
> | NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT,
> .e_anonuid = 65534,
> @@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo)
> struct flav_info *flav;
> int i;
>
> - if ((flags & NFSEXP_ROOTSQUASH) == 0)
> - pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
> for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
> struct sec_entry *new;
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic