On Wed, Jul 03, 2024 at 11:00:27PM -0700, Christoph Hellwig wrote: > On Wed, Jul 03, 2024 at 01:06:51PM -0400, Jeff Layton wrote: > > The other problem with doing this is that if a server is running in a > > container, how is it to know that the client is in different container > > on the same host, and hence that it can give out a localio layout? We'd > > still need some way to detect that anyway, which would probably look a > > lot like the localio protocol. (NOTE, Jeff's message above was him stating flaws in his O_TMPFILE idea that we discussed at LSF, his idea wasn't pusued for many reasons. And Jeff has stated he believes localio better) > We'll need some way to detect that client and server are capable > of the bypass. And from all it looks that's actually the hard and > complicated part, and we'll need that for any scheme. Yes, hence the localio protocol that has wide buyin. To the point I ran with registering an NFS Program number with iana.org for the effort. My doing the localio protocol was born out of the requirement to support NFSv3. Neil's proposed refinement to add a a localio auth_domain to the nfsd_net and his proposed risk-averse handshake within the localio protocol will both improve security. > And then we need a way to bypass the server for I/O, which currently is > rather complex in the patchset and would be almost trivial with a new > pNFS layout. Some new layout misses the entire point of having localio work for NFSv3 and NFSv4. NFSv3 is very ubiquitous. And in this localio series, flexfiles is trained to use localio. (Which you apparently don't recognize or care about because nfsd doesn't have flexfiles server support). > > Can the client use its localio access to bypass that since it's not > > going across the network anymore? Maybe by using open_by_handle_at on > > the NFS share on a guessed filehandle? I think we need to ensure that > > that isn't possible. > > If a file system is shared by containers and users in containers have > the capability to use open_by_handle_at the security model is already > broken without NFS or localio involved. Containers deployed by things like podman.io and kubernetes are perfectly happy to allow containers permission to drive knfsd threads in the host kernel. That this is foreign to you is odd. An NFS client that happens to be on the host should work perfectly fine too (if it has adequate permissions). > > I wonder if it's also worthwhile to gate localio access on an export > > option, just out of an abundance of caution. > > export and mount option. We're speaking a non-standard side band > protocol here, there is no way that should be done without explicit > opt-in from both sides. That is already provided my existing controls. With both Kconfig options that default to N, and the ability to disable the use of localio entirely even if enabled in the Kconfig: echo N > /sys/module/nfs/parameters/localio_enabled And then ontop of it you have to loopback NFS mount.
