NFSv4 exports confusion

Ben Whaley bwhaley at gmail.com
Sun Oct 23 20:25:26 UTC 2016 

Hi all,

I’m probably just misunderstanding something pretty basic here so apologies
if that’s the case.

The NFSv4 pseudo-filesystem root is not behaving the way I’d expect.
Consider the following extremely simple /etc/exports (just for example
purposes):

V4: /exports
/exports/export1 /exports/export2 -network 172.28.0.0/16

And this directory structure:

# tree /exports/
/exports/
|-- export1
|   `-- file1
|-- export2
|   `-- file2
`-- notanexport
    `— file

Now when I mount / as the NFSv4 pseudo-fs root (from an Ubuntu Xenial
client):

mount -t nfs4 server:/ /mnt

I would expect to see only export1 and export2. But in fact I see

# ls /mnt
export1 export2 notanexport

And the contents of /exports/notanexport/file are available to the client.

Why is this? The language in RFC7530 seems explicit to me:

> Portions of the server namespace that are not exported are bridged via a
“pseudo-file system” that provides a view of exported directories only.

E.g. per the spec, only exported filesystems should be visible, and the
path to get to them. The pseudo-fs only exposes directories that must be
traversed to reach all exports.

The FreeBSD exports(5) language is somewhat confusing/ambiguous. I won’t
quote it here because it’s too long, but see the third paragraph under the
description section. I can see from a few past threads (for example, this
one: https://lists.freebsd.org/pipermail/freebsd-net/2014-July/039407.html)
that some work has been done to clarify this. I’m not sure the
clarification ever made it in to the man page though.

The man page also states:

> The nfsd(8) allows a limited subset of operations to be performed on
non-exported subtrees of the local file system, so that traversal of the
tree to the exported subtrees is possible.

So this all supports my understanding of how it works. But why is
“notanexport” in my example above visible, and why can I read the file in
that directory if it isn’t exported?

The situation on Linux is not 100% clear either. If you specify fsid=0 for
a mount as instructed the Linux man pages, you’ll have the same behavior as
in FreeBSD. OTOH, if you ONLY specify the exports and do NOT have an fsid
option, eg. /etc/exports looks like:

/exports/export1
/exports/export2

Then it works as described by the RFC.

Can anyone help me to understand?

Thanks,
Ben

More information about the freebsd-net mailing list