Site Navigation

Date:      Sun, 27 Nov 2022 19:04:08 +0100
From:      Peter Eriksson <pen@lysator.liu.se>
To:        Rick Macklem <rick.macklem@gmail.com>
Cc:        FreeBSD CURRENT <freebsd-current@freebsd.org>, "Bjoern A. Zeeb" <bz@freebsd.org>, Alan Somers <asomers@freebsd.org>
Subject:   Re: RFC: nfsd in a vnet jail
Message-ID:  <82103A1E-9D39-47B0-9520-205583C8B680@lysator.liu.se>
In-Reply-To: <CAOtMX2hxeeNMxxdpma8NJ7ms60eRfuCWoFi7FixdSe83=qibkA@mail.gmail.com>
References:  <CAM5tNy7CQaBTRWG0m0aN6T0xG2L2zSQJGa%2BatGaH%2BmW%2BwEpdyQ@mail.gmail.com> <CAOtMX2hxeeNMxxdpma8NJ7ms60eRfuCWoFi7FixdSe83=qibkA@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--Apple-Mail=_787AA221-05D9-43E9-8A62-1E05DDA91853
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Keep the global variables as defaults that apply to all nfsds and allow =
(at least some subset) to be overridden inside the net jails if some =
things need to be changed from the defaults?

- Peter


On Fri, Nov 25, 2022, 4:24 PM Rick Macklem <rick.macklem@gmail.com =
<mailto:rick.macklem@gmail.com>> wrote:
> Hi,
>=20
> bz@ has encouraged me to fiddle with the nfsd
> so that it works in a vnet jail.
> I have now basically done so, specifically for
> NFSv4, since NFSv3 presents various issues.
>=20
> What I have not yet done is put global variables
> in the vnet. This needs to be done so that the nfsd
> can be run in multiple jail instances and/or in and
> outside of a jail.
> The problem is that there are 100s of global variables.
>=20
> I can see two approaches:
> 1 - Move them all into the vnet jail. This would imply
>     that all the sysctls need to somehow be changed,
>     which would seem to be a POLA violation.
>     It also implies a lot of stuff in the vnet.
> 2 - Just move the global variables that will always
>     differ from one nfsd to another (this would make
>     the sysctls global and apply to all nfsds).
>     This will keep the number of globals in the vnet
>     smaller.
>=20
> I am currently leaning towards #2, put what do others
> think?
>=20
> rick
> ps: Personally, I don't know what use there is of
>     running the nfsd inside a vnet jail, but bz@ has
>     some use case.


--Apple-Mail=_787AA221-05D9-43E9-8A62-1E05DDA91853
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; =
charset=3Dus-ascii"></head><body style=3D"overflow-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;">Keep the =
global variables as defaults that apply to all nfsds and allow (at least =
some subset) to be overridden inside the net jails if some things need =
to be changed from the defaults?<div><br></div><div>- =
Peter</div><div><br></div><div><br><div><div><div dir=3D"auto"><div><div =
class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Nov =
25, 2022, 4:24 PM Rick Macklem &lt;<a =
href=3D"mailto:rick.macklem@gmail.com">rick.macklem@gmail.com</a>&gt; =
wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 =
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div =
class=3D"gmail_default" style=3D"font-family:monospace">Hi,</div><div =
class=3D"gmail_default" style=3D"font-family:monospace"><br></div><div =
class=3D"gmail_default" style=3D"font-family:monospace">bz@ has =
encouraged me to fiddle with the nfsd</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">so that it works in a vnet =
jail.</div><div class=3D"gmail_default" style=3D"font-family:monospace">I =
have now basically done so, specifically for</div><div =
class=3D"gmail_default" style=3D"font-family:monospace">NFSv4, since =
NFSv3 presents various issues.</div><div class=3D"gmail_default" =
style=3D"font-family:monospace"><br></div><div class=3D"gmail_default" =
style=3D"font-family:monospace">What I have not yet done is put global =
variables</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">in the vnet. This needs to be done so =
that the nfsd</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">can be run in multiple jail instances =
and/or in and</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">outside of a jail.</div><div =
class=3D"gmail_default" style=3D"font-family:monospace">The problem is =
that there are 100s of global variables.</div><div class=3D"gmail_default"=
 style=3D"font-family:monospace"><br></div><div class=3D"gmail_default" =
style=3D"font-family:monospace">I can see two approaches:</div><div =
class=3D"gmail_default" style=3D"font-family:monospace">1 - Move them =
all into the vnet jail. This would imply</div><div class=3D"gmail_default"=
 style=3D"font-family:monospace">&nbsp; &nbsp; that all the sysctls need =
to somehow be changed,</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">&nbsp; &nbsp; which would seem to be a =
POLA violation.</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">&nbsp; &nbsp; It also implies a lot of =
stuff in the vnet.</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">2 - Just move the global variables that =
will always</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">&nbsp; &nbsp; differ from one nfsd to =
another (this would make</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">&nbsp; &nbsp; the sysctls global and =
apply to all nfsds).</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">&nbsp; &nbsp; This will keep the number =
of globals in the vnet</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">&nbsp; &nbsp; smaller.</div><div =
class=3D"gmail_default" style=3D"font-family:monospace"><br></div><div =
class=3D"gmail_default" style=3D"font-family:monospace">I am currently =
leaning towards #2, put what do others</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">think?</div><div class=3D"gmail_default" =
style=3D"font-family:monospace"><br></div><div class=3D"gmail_default" =
style=3D"font-family:monospace">rick</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">ps: Personally, I don't know what use =
there is of</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">&nbsp; &nbsp; running the nfsd inside a =
vnet jail, but bz@ has</div><div class=3D"gmail_default" =
style=3D"font-family:monospace">&nbsp; &nbsp; some use =
case.</div></div></blockquote></div></div></div></div><blockquote =
type=3D"cite"><div><div dir=3D"auto"><div><div =
class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0 =
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div =
dir=3D"ltr"></div></blockquote></div></div></div>
</div></blockquote></div><br></div></body></html>=

--Apple-Mail=_787AA221-05D9-43E9-8A62-1E05DDA91853--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?82103A1E-9D39-47B0-9520-205583C8B680>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact