RFC: don't allow any access to unexported mounts for NFSv4
Alexander Leidinger
Alexander at Leidinger.net
Fri Jun 17 15:26:04 UTC 2011
Quoting Rick Macklem <rmacklem at uoguelph.ca> (from Fri, 17 Jun 2011
10:47:57 -0400 (EDT)):
>> Quoting Rick Macklem <rmacklem at uoguelph.ca> (from Thu, 16 Jun 2011
>> 10:52:18 -0400 (EDT)):
>>
>> > As such, I think it might be better to remove the "hack" and
>> > simply require that all file systems from the NFSv4 root down
>> > be exported (which is what is needed for ZFS now, afaik).
>>
>> This does not match the behavior on Solaris. There we have
>> pool/not_exported_dataset/exported_dataset
>> and a v4 mount works (I didn't see how to verify if a mounted FS is
>> NFSv4, but I modified /etc/default/nfs to have NFS_CLIENT_VERSMIN=4).
>>
> Yes, one of the reasons I originally did the "hack" was that it made
> things "Solaris compatible". However, I found out Solaris does this by
> building what generally gets called a "pseudo file system" which, as I
> understand it, is basically a file system of empty directories that
> mimmics the unexported paths to the exported ones. You could build such
> a file system on a small volume. (My comment w.r.t. a workaround.)
The workarounds you propose contradict everything people are used to.
They are not easy or you need to care what you put in the parent
directories of the one you want to export. It basically means that you
can only use NFSv4 on newly setup systems, upgraded or migrated ones
look out of the question (yes, I'm over-simplificating a bit).
I really hope someone can come up with a fix for this, else it would
mean I would not use NFSv4 anywhere.
Bye,
Alexander.
--
My haircut is totally traditional!
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
More information about the freebsd-fs
mailing list