From owner-freebsd-current@freebsd.org Wed Dec 19 01:06:03 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 38A49134532D for ; Wed, 19 Dec 2018 01:06:03 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670046.outbound.protection.outlook.com [40.107.67.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 680458FE58 for ; Wed, 19 Dec 2018 01:06:01 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from YTOPR01MB0395.CANPRD01.PROD.OUTLOOK.COM (10.166.150.143) by YTOPR01MB0218.CANPRD01.PROD.OUTLOOK.COM (10.166.151.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1425.19; Wed, 19 Dec 2018 01:05:59 +0000 Received: from YTOPR01MB0395.CANPRD01.PROD.OUTLOOK.COM ([fe80::cdca:7b49:ceab:91f]) by YTOPR01MB0395.CANPRD01.PROD.OUTLOOK.COM ([fe80::cdca:7b49:ceab:91f%3]) with mapi id 15.20.1425.023; Wed, 19 Dec 2018 01:05:59 +0000 From: Rick Macklem To: "freebsd-current@FreeBSD.org" Subject: possible POLA violation for NFS server to make it Linux compatible Thread-Topic: possible POLA violation for NFS server to make it Linux compatible Thread-Index: AQHUlzZLCZ8Tsqd2GkKmM/wWP+MyUQ== Date: Wed, 19 Dec 2018 01:05:59 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; YTOPR01MB0218; 6:Tp1rqKt9QOV7mrqpRio4SeaJm/sTcqaOg9K0Tvt2k1u7eltkwXe7mwJNUAbHBUiG6/3ly9upDVdmfZ548LqC9Wl4l9EJmgIyBihK5i7JDhKDR+RIMLjK+BjveGLArAJVNJCgbj3CqEshoOsX3hJKhqT1QleXZJZEJVZXhlxIXnLaDthykjqVJWos5Fg9t7jQ2Jmnoa1jHzBMLd00ziDgLCTWm02A6ypmATCRIna01GQj4JeEmbHIjPqtj9mn/O54TwLCUIPwqGhsFHMmlVg3PB1StSz8TLOqXeQdxqqmrbFSMUygrlvHtRa3kDzI+DFe0Cz71tLSTkB9UNG/+gpkpJowShicGayCCpBQ4ObMrdQh2B/AuDZRx71HleF3hNe8Io4szllspnvgYlUK/US4annBnKLdTS0dWs/3qT6na+aztySUjiMLFsLDYAneLTzhdH71ABcX71YWNNe/AT49bQ==; 5:8nr6JIS4KKIKYHwvFVe2UIHpL4XrAht86ArGBSKLFlv0Evj/IvW6OHqqqxyHt6AQD3oQ/6wBNT38PPi8DlCzxHFqE++91js0yzeXRA0025EN5gg8UkRAt1hY7WrTD9p9nB/XSBLdMUudkEAGjM8A7NRhD1DeuP/fzd0U8A1mMFo=; 7:Sp5q3bCZYXk/Jyz4D7ZIr5WhfOsfgXqM6s4NHjYoyMbEnbxi1z2EDYSBCETjx4Lgac/Kp6TVyANCR8mS99aGiyXm3jjSsed6U9JQZJ60iwQW7ZrzU/2fmRLoTC9aKfJNh74+kmP+6sr1ZEaIx+liRg== x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: d53764e1-68cc-4bd8-e68b-08d6654e239b x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:YTOPR01MB0218; x-ms-traffictypediagnostic: YTOPR01MB0218: x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(3230021)(999002)(6040522)(2401047)(5005006)(8121501046)(3231475)(944501520)(52105112)(93006095)(93001095)(10201501046)(3002001)(148016)(149066)(150057)(6041310)(20161123562045)(20161123564045)(20161123560045)(20161123558120)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:YTOPR01MB0218; BCL:0; PCL:0; RULEID:; SRVR:YTOPR01MB0218; x-forefront-prvs: 0891BC3F3D x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39860400002)(396003)(136003)(366004)(376002)(189003)(199004)(33656002)(6436002)(5640700003)(74316002)(25786009)(2501003)(6916009)(68736007)(305945005)(46003)(9686003)(71190400001)(71200400001)(8936002)(55016002)(2906002)(2351001)(8676002)(7696005)(97736004)(81156014)(81166006)(53936002)(786003)(486006)(102836004)(6506007)(316002)(478600001)(105586002)(5660300001)(186003)(476003)(14454004)(86362001)(74482002)(99286004)(256004)(106356001)(14444005); DIR:OUT; SFP:1101; SCL:1; SRVR:YTOPR01MB0218; H:YTOPR01MB0395.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: uoguelph.ca does not designate permitted sender hosts) x-microsoft-antispam-message-info: Qk90QdeWZvD+Vlay8Qp0o+7gBerlJyqUx37upNH2okMCt8L5JvAIhD+hLsgTqipupGVrNNXIL10GIhdlACRjohsaMJ8/mwO0P6SXDJd9gmy7vOIE5oDuoAJN7RFNcgy1i97C97Eoeabjz/0AH9coOQIBrJFqTF9xikz8wUIrUy51RdGcdCWRbZ7syCcZ24UtgLj4EkMEB+zQz+PvyATrPHdBsHj4KCw8bpAMTeSGFCHdSWgUiYuRdszI2b1LeIMqEhhzU3uGY/8XmGRKHBKlZ3lVUv5qRHTylM/fWLlfzf1ayKGzhKasFW+BA9who+hu spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-Network-Message-Id: d53764e1-68cc-4bd8-e68b-08d6654e239b X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2018 01:05:59.8152 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTOPR01MB0218 X-Rspamd-Queue-Id: 680458FE58 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of rmacklem@uoguelph.ca designates 40.107.67.46 as permitted sender) smtp.mailfrom=rmacklem@uoguelph.ca X-Spamd-Result: default: False [-3.70 / 15.00]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/17]; RCVD_COUNT_THREE(0.00)[3]; MX_GOOD(-0.01)[mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com]; NEURAL_HAM_SHORT(-0.59)[-0.589,0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8075, ipnet:40.64.0.0/10, country:US]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.995,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.996,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[uoguelph.ca]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-0.81)[ipnet: 40.64.0.0/10(-1.97), asn: 8075(-2.02), country: US(-0.08)]; RCVD_IN_DNSWL_NONE(0.00)[46.67.107.40.list.dnswl.org : 127.0.3.0]; TO_DN_EQ_ADDR_ALL(0.00)[] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Dec 2018 01:06:03 -0000 It was my understanding that the NFSv4 working group believed that the requ= irement for the NFSv4 client to use a priviledged port# (< 1024) should not exist. As such, I coded the server to ignore the vfs.nfsd.nfs_privport sysctl and = allow the mount for NFSv4. PR#234106 has reported this as a compatibility issue w.r.t. the Linux NFS s= erver. The change to make the FreeBSD NFSv4 server use vfs.nfsd.nfs_privport is tr= ivial and I think being compatible with Linux is important (I see it as the defac= to standard NFS implementation these days). However, I am concerned that this change will result in a slight POLA viola= tion for sites with vfs.nfsd.nfs_privport set, but doing NFSv4 mounts that might= now fail. What do others think I should do? rick