Date: Thu, 22 Dec 2022 09:45:29 -0800 From: Rick Macklem <rick.macklem@gmail.com> To: "Bjoern A. Zeeb" <bz@freebsd.org> Cc: Konstantin Belousov <kib@freebsd.org>, James Gritton <jamie@freebsd.org>, freebsd-current@freebsd.org Subject: Re: RFC: nfsd in a vnet jail Message-ID: <CAM5tNy4Yqga00JXeWmcpt8PSU9uCX3nxpY=bj5QEKD2O-CEyuA@mail.gmail.com> In-Reply-To: <p4p1r59o-1519-o723-24s6-2rqo1p4qr0r2@serrofq.bet> References: <CAM5tNy7CQaBTRWG0m0aN6T0xG2L2zSQJGa%2BatGaH%2BmW%2BwEpdyQ@mail.gmail.com> <1955021.aDjkhKmpDe@ravel> <CAM5tNy5a9GYjJcjXLQvsjF77Gsu6yej5XR=mMTAuVKWxoNfR1A@mail.gmail.com> <8351812.Gc231LQI4k@ravel> <CAM5tNy63yE%2BL0rjfdYSs_WVwh3_gi8fmRVNiTu9BEKzNj_iYgA@mail.gmail.com> <CAM5tNy73kfEToEEbT9Mz0VAZhNLxoFwEo1FMvoyR1Sg5Xaiv8g@mail.gmail.com> <p4p1r59o-1519-o723-24s6-2rqo1p4qr0r2@serrofq.bet>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000c21b6105f06e3cdf Content-Type: text/plain; charset="UTF-8" On Mon, Dec 19, 2022 at 9:36 AM Bjoern A. Zeeb <bz@freebsd.org> wrote: > On Mon, 19 Dec 2022, Rick Macklem wrote: > [good stuff snipped] > > Unfortunately, this does not deal with vnet'ng the kgssapi, rpcsec_gss > for > > Kerberized mounts or vnet'ng NFS-over-TLS, but those could be handled in > a > > similar manner, I think? > > Could be, yes. > > I have now created a patch for the NFS-over-TLS part of the krpc. It uses the same technique, except the macros are called KRPC_VNETxxx instead of NFSD_VNETxxx. The patches are in phabricator as: D37519 - Most of the changes. D37777 - The krpc changes for NFS-over-TLS D37741 - The vfs_mount.c changes in D37519 Although I listed a few possible reviewers, anyone is welcome to test and/or review them. The patches are also here (in a form that "patch" might prefer): https://people.freebsd.org/~rmacklem/vnet.patch https://people.freebsd.org/~rmacklem/vnetsmall-rpctls.patch rick > > > So, what do others think of this alternate plan? > > > > rick > > ps: Every use of the vnet'd variables is currently wrapped in a macro > called > > NFSD_VNET(), so the change is pretty easy to do by just re-writing > this > > macro. > > > > -- > Bjoern A. Zeeb r15:7 > --000000000000c21b6105f06e3cdf Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon= t-family:monospace"><br></div></div><br><div class=3D"gmail_quote"><div dir= =3D"ltr" class=3D"gmail_attr">On Mon, Dec 19, 2022 at 9:36 AM Bjoern A. Zee= b <<a href=3D"mailto:bz@freebsd.org">bz@freebsd.org</a>> wrote:<br></= div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bor= der-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, 19 Dec 2022, = Rick Macklem wrote:<br><span class=3D"gmail_default" style=3D"font-family:m= onospace">[good stuff snipped]</span><br> > Unfortunately, this does not deal with vnet'ng the kgssapi, rpcsec= _gss for<br> > Kerberized mounts or vnet'ng NFS-over-TLS, but those could be hand= led in a<br> > similar manner, I think?<br> <br> Could be, yes.<br> <br></blockquote><div><span class=3D"gmail_default" style=3D"font-family:mo= nospace">I have now created a patch for the NFS-over-TLS part of the krpc.<= /span></div><div><span class=3D"gmail_default" style=3D"font-family:monospa= ce">It uses the same technique, except the macros are called KRPC_VNETxxx</= span></div><div><span class=3D"gmail_default" style=3D"font-family:monospac= e">instead of NFSD_VNETxxx.</span></div><div><span class=3D"gmail_default" = style=3D"font-family:monospace"><br></span></div><div><span class=3D"gmail_= default" style=3D"font-family:monospace">The patches are in phabricator as:= </span></div><div><span class=3D"gmail_default" style=3D"font-family:monosp= ace">D37519 - Most of the changes.</span></div><div><span class=3D"gmail_de= fault" style=3D"font-family:monospace">D37777 - The krpc changes for NFS-ov= er-TLS</span></div><div><span class=3D"gmail_default" style=3D"font-family:= monospace">D37741 - The vfs_mount.c changes in D37519</span></div><div><spa= n class=3D"gmail_default" style=3D"font-family:monospace">Although I listed= a few possible reviewers, anyone is welcome to test</span></div><div><span= class=3D"gmail_default" style=3D"font-family:monospace">and/or review them= .</span></div><div><span class=3D"gmail_default" style=3D"font-family:monos= pace"><br></span></div><div><span class=3D"gmail_default" style=3D"font-fam= ily:monospace">The patches are also here (in a form that "patch" = might prefer):</span></div><div><span class=3D"gmail_default" style=3D"font= -family:monospace"><a href=3D"https://people.freebsd.org/~rmacklem/vnet.pat= ch">https://people.freebsd.org/~rmacklem/vnet.patch</a></span></div><div><s= pan class=3D"gmail_default" style=3D"font-family:monospace"><a href=3D"http= s://people.freebsd.org/~rmacklem/vnetsmall-rpctls.patch">https://people.fre= ebsd.org/~rmacklem/vnetsmall-rpctls.patch</a></span></div><div><span class= =3D"gmail_default" style=3D"font-family:monospace"><br></span></div><div><s= pan class=3D"gmail_default" style=3D"font-family:monospace">rick</span></di= v><div><span class=3D"gmail_default" style=3D"font-family:monospace"></span= >=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px = 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <br> > So, what do others think of this alternate plan?<br> ><br> > rick<br> > ps: Every use of the vnet'd variables is currently wrapped in a ma= cro called<br> >=C2=A0 =C2=A0 NFSD_VNET(), so the change is pretty easy to do by just r= e-writing this<br> > macro.<br> ><br> <br> -- <br> Bjoern A. Zeeb=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r15:7<br> </blockquote></div></div> --000000000000c21b6105f06e3cdf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM5tNy4Yqga00JXeWmcpt8PSU9uCX3nxpY=bj5QEKD2O-CEyuA>