Site Navigation

Date:      Fri, 25 Nov 2022 22:06:44 -0700
From:      Alan Somers <asomers@freebsd.org>
To:        Rick Macklem <rick.macklem@gmail.com>
Cc:        FreeBSD CURRENT <freebsd-current@freebsd.org>, "Bjoern A. Zeeb" <bz@freebsd.org>
Subject:   Re: RFC: nfsd in a vnet jail
Message-ID:  <CAOtMX2hxeeNMxxdpma8NJ7ms60eRfuCWoFi7FixdSe83=qibkA@mail.gmail.com>
In-Reply-To: <CAM5tNy7CQaBTRWG0m0aN6T0xG2L2zSQJGa%2BatGaH%2BmW%2BwEpdyQ@mail.gmail.com>
References:  <CAM5tNy7CQaBTRWG0m0aN6T0xG2L2zSQJGa%2BatGaH%2BmW%2BwEpdyQ@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--000000000000432f6805ee589b73
Content-Type: text/plain; charset="UTF-8"

On Fri, Nov 25, 2022, 4:24 PM Rick Macklem <rick.macklem@gmail.com> wrote:

> Hi,
>
> bz@ has encouraged me to fiddle with the nfsd
> so that it works in a vnet jail.
> I have now basically done so, specifically for
> NFSv4, since NFSv3 presents various issues.
>
> What I have not yet done is put global variables
> in the vnet. This needs to be done so that the nfsd
> can be run in multiple jail instances and/or in and
> outside of a jail.
> The problem is that there are 100s of global variables.
>
> I can see two approaches:
> 1 - Move them all into the vnet jail. This would imply
>     that all the sysctls need to somehow be changed,
>     which would seem to be a POLA violation.
>     It also implies a lot of stuff in the vnet.
> 2 - Just move the global variables that will always
>     differ from one nfsd to another (this would make
>     the sysctls global and apply to all nfsds).
>     This will keep the number of globals in the vnet
>     smaller.
>
> I am currently leaning towards #2, put what do others
> think?
>
> rick
> ps: Personally, I don't know what use there is of
>     running the nfsd inside a vnet jail, but bz@ has
>     some use case.
>

This is super-awesome! Thank you so much! I've got a use case too.  I think
it would be fine to leave most of the settings global,  like max_threads.
But we should probably decide on a case by case basis .

>
>

--000000000000432f6805ee589b73
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div><br><br><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">On Fri, Nov 25, 2022, 4:24 PM Rick Macklem &lt;<a href=
=3D"mailto:rick.macklem@gmail.com">rick.macklem@gmail.com</a>&gt; wrote:<br=
></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-=
left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_=
default" style=3D"font-family:monospace">Hi,</div><div class=3D"gmail_defau=
lt" style=3D"font-family:monospace"><br></div><div class=3D"gmail_default" =
style=3D"font-family:monospace">bz@ has encouraged me to fiddle with the nf=
sd</div><div class=3D"gmail_default" style=3D"font-family:monospace">so tha=
t it works in a vnet jail.</div><div class=3D"gmail_default" style=3D"font-=
family:monospace">I have now basically done so, specifically for</div><div =
class=3D"gmail_default" style=3D"font-family:monospace">NFSv4, since NFSv3 =
presents various issues.</div><div class=3D"gmail_default" style=3D"font-fa=
mily:monospace"><br></div><div class=3D"gmail_default" style=3D"font-family=
:monospace">What I have not yet done is put global variables</div><div clas=
s=3D"gmail_default" style=3D"font-family:monospace">in the vnet. This needs=
 to be done so that the nfsd</div><div class=3D"gmail_default" style=3D"fon=
t-family:monospace">can be run in multiple jail instances and/or in and</di=
v><div class=3D"gmail_default" style=3D"font-family:monospace">outside of a=
 jail.</div><div class=3D"gmail_default" style=3D"font-family:monospace">Th=
e problem is that there are 100s of global variables.</div><div class=3D"gm=
ail_default" style=3D"font-family:monospace"><br></div><div class=3D"gmail_=
default" style=3D"font-family:monospace">I can see two approaches:</div><di=
v class=3D"gmail_default" style=3D"font-family:monospace">1 - Move them all=
 into the vnet jail. This would imply</div><div class=3D"gmail_default" sty=
le=3D"font-family:monospace">=C2=A0 =C2=A0 that all the sysctls need to som=
ehow be changed,</div><div class=3D"gmail_default" style=3D"font-family:mon=
ospace">=C2=A0 =C2=A0 which would seem to be a POLA violation.</div><div cl=
ass=3D"gmail_default" style=3D"font-family:monospace">=C2=A0 =C2=A0 It also=
 implies a lot of stuff in the vnet.</div><div class=3D"gmail_default" styl=
e=3D"font-family:monospace">2 - Just move the global variables that will al=
ways</div><div class=3D"gmail_default" style=3D"font-family:monospace">=C2=
=A0 =C2=A0 differ from one nfsd to another (this would make</div><div class=
=3D"gmail_default" style=3D"font-family:monospace">=C2=A0 =C2=A0 the sysctl=
s global and apply to all nfsds).</div><div class=3D"gmail_default" style=
=3D"font-family:monospace">=C2=A0 =C2=A0 This will keep the number of globa=
ls in the vnet</div><div class=3D"gmail_default" style=3D"font-family:monos=
pace">=C2=A0 =C2=A0 smaller.</div><div class=3D"gmail_default" style=3D"fon=
t-family:monospace"><br></div><div class=3D"gmail_default" style=3D"font-fa=
mily:monospace">I am currently leaning towards #2, put what do others</div>=
<div class=3D"gmail_default" style=3D"font-family:monospace">think?</div><d=
iv class=3D"gmail_default" style=3D"font-family:monospace"><br></div><div c=
lass=3D"gmail_default" style=3D"font-family:monospace">rick</div><div class=
=3D"gmail_default" style=3D"font-family:monospace">ps: Personally, I don&#3=
9;t know what use there is of</div><div class=3D"gmail_default" style=3D"fo=
nt-family:monospace">=C2=A0 =C2=A0 running the nfsd inside a vnet jail, but=
 bz@ has</div><div class=3D"gmail_default" style=3D"font-family:monospace">=
=C2=A0 =C2=A0 some use case.</div><div class=3D"gmail_default" style=3D"fon=
t-family:monospace"></div></div></blockquote></div></div><div dir=3D"auto">=
<div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margi=
n:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr">=
<div class=3D"gmail_default" style=3D"font-family:monospace"></div></div></=
blockquote></div></div><div dir=3D"auto"><br></div><div dir=3D"auto">This i=
s super-awesome! Thank you so much! I&#39;ve got a use case too.=C2=A0 I th=
ink it would be fine to leave most of the settings global,=C2=A0 like max_t=
hreads. But we should probably decide on a case by case basis .</div><div d=
ir=3D"auto"><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" st=
yle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div =
dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:monospace"><b=
r></div></div>
</blockquote></div></div></div>

--000000000000432f6805ee589b73--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2hxeeNMxxdpma8NJ7ms60eRfuCWoFi7FixdSe83=qibkA>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact