Date: Fri, 2 Dec 2022 16:04:05 -0800 From: Rick Macklem <rick.macklem@gmail.com> To: Olivier Certner <olivier.freebsd@free.fr> Cc: freebsd-current@freebsd.org Subject: Re: RFC: nfsd in a vnet jail Message-ID: <CAM5tNy63yE%2BL0rjfdYSs_WVwh3_gi8fmRVNiTu9BEKzNj_iYgA@mail.gmail.com> In-Reply-To: <8351812.Gc231LQI4k@ravel> References: <CAM5tNy7CQaBTRWG0m0aN6T0xG2L2zSQJGa%2BatGaH%2BmW%2BwEpdyQ@mail.gmail.com> <1955021.aDjkhKmpDe@ravel> <CAM5tNy5a9GYjJcjXLQvsjF77Gsu6yej5XR=mMTAuVKWxoNfR1A@mail.gmail.com> <8351812.Gc231LQI4k@ravel>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000f03aeb05eee131b9 Content-Type: text/plain; charset="UTF-8" I think this is worthy of third party testing now. See https://people.freebsd.org/~rmacklem/nfsd-vnet-prison-setup.txt I still haven't tried NFSv3 and I have not ported nfsuserd into the vnet, but most NFSv4 setups don't need it anyhow. Good luck with it if you test it, rick ps: Just replied to a random post for this. On Fri, Dec 2, 2022 at 7:41 AM Olivier Certner <olivier.freebsd@free.fr> wrote: > > To enforce it for cases where mountd/nfsd is not being run would > > definitely be a POLA violation. > > I could not agree more. > > Thanks for the clarification. > > -- > Olivier Certner > > > > --000000000000f03aeb05eee131b9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:monospac= e">I think this is worthy of third party testing now.</div><div class=3D"gm= ail_default" style=3D"font-family:monospace">See <a href=3D"https://people.= freebsd.org/~rmacklem/nfsd-vnet-prison-setup.txt">https://people.freebsd.or= g/~rmacklem/nfsd-vnet-prison-setup.txt</a></div><div class=3D"gmail_default= " style=3D"font-family:monospace"><br></div><div class=3D"gmail_default" st= yle=3D"font-family:monospace">I still haven't tried NFSv3 and I have no= t ported nfsuserd into the vnet,</div><div class=3D"gmail_default" style=3D= "font-family:monospace">but most NFSv4 setups don't need it anyhow.</di= v><div class=3D"gmail_default" style=3D"font-family:monospace"><br></div><d= iv class=3D"gmail_default" style=3D"font-family:monospace">Good luck with i= t if you test it, rick</div><div class=3D"gmail_default" style=3D"font-fami= ly:monospace">ps: Just replied to a random post for this.</div><div class= =3D"gmail_default" style=3D"font-family:monospace"></div><div class=3D"gmai= l_default" style=3D"font-family:monospace"><br></div></div><br><div class= =3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Dec 2, 2022 = at 7:41 AM Olivier Certner <<a href=3D"mailto:olivier.freebsd@free.fr">o= livier.freebsd@free.fr</a>> wrote:<br></div><blockquote class=3D"gmail_q= uote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,2= 04);padding-left:1ex">> To enforce it for cases where mountd/nfsd is not= being run would<br> > definitely be a POLA violation.<br> <br> I could not agree more.<br> <br> Thanks for the clarification.<br> <br> -- <br> Olivier Certner<br> <br> <br> <br> </blockquote></div> --000000000000f03aeb05eee131b9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM5tNy63yE%2BL0rjfdYSs_WVwh3_gi8fmRVNiTu9BEKzNj_iYgA>