From owner-freebsd-fs@FreeBSD.ORG Thu Jun 16 14:52:20 2011 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 05D531065672 for ; Thu, 16 Jun 2011 14:52:20 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-annu.mail.uoguelph.ca (esa-annu.mail.uoguelph.ca [131.104.91.36]) by mx1.freebsd.org (Postfix) with ESMTP id BEA0A8FC12 for ; Thu, 16 Jun 2011 14:52:19 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ap0EAD0Y+k2DaFvO/2dsb2JhbABShEmjDqoNjkiQeYErg3KBCgSRWZAS X-IronPort-AV: E=Sophos;i="4.65,375,1304308800"; d="scan'208";a="124209774" Received: from erie.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca) ([131.104.91.206]) by esa-annu-pri.mail.uoguelph.ca with ESMTP; 16 Jun 2011 10:52:18 -0400 Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1]) by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id F2E42B3F09 for ; Thu, 16 Jun 2011 10:52:18 -0400 (EDT) Date: Thu, 16 Jun 2011 10:52:18 -0400 (EDT) From: Rick Macklem To: FreeBSD FS Message-ID: <2030796212.662722.1308235938983.JavaMail.root@erie.cs.uoguelph.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [172.17.91.202] X-Mailer: Zimbra 6.0.10_GA_2692 (ZimbraWebClient - IE7 (Win)/6.0.10_GA_2692) Subject: RFC: don't allow any access to unexported mounts for NFSv4 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2011 14:52:20 -0000 Hi, I'm doing NFS interop testing this week and found out that the Linux NFSv4 client needs to do the Access Op during mounting. This is a one line patch, but I realized that if this exports semantic should change, that now is seems to be the right time. Background: So that clients could do NFSv4 mounts using the same paths as would be used for NFSv3, I put a "hack" in the NFSv4 server that allowed a minimal set of non-modifying operations be done on file systems that aren't exported so that they could be traversed during a mount. Subsequent to this, I found out that this doesn't work for ZFS. So, currently... - The semantics for UFS/FFS are not the same as for ZFS. - Allowing this minimal set of operations introduces the potential for a security risk because... - This semantic is confusing to users. (Partially because the exports.5 man page doesn't explain it well/at all.) As such, I think it might be better to remove the "hack" and simply require that all file systems from the NFSv4 root down be exported (which is what is needed for ZFS now, afaik). The downside of doing this is that the mount paths for NFSv4 are different than for NFSv3 unless all file systems on the server are at least exported read-only. (A work around is to build a small file system that mimicks the directory tree above the exported file systems with leaves that point to the mount points and export that with the root of that being the NFSv4 root. At least I think this works, although I haven't tested it with symlinks for the leaves to the mount points.) So, what to you think w.r.t. removing this "hack" for FreeBSD9? Thanks in advance for any comments, rick ps: Sorry this is so long, but I thought I'd better try and explain it.