On Sat, Dec 07, 2024 at 09:49:02AM +0100, Amir Goldstein wrote: > > /* file handles can be used by a process on another node */ > > #define EXPORT_OP_ALLOW_REMOTE_NODES (...) > > This has a sound of security which is incorrect IMO. > The fact that we block nfsd export of cgroups does not prevent > any type of userland file server from exporting cgroup file handles. So what is the purpose of the flag? Asking for a coherent name and description was the other bigger ask for me. > Maybe opt-out of nfsd export is a little less safer than opt-in, but > 1. opt-out is and will remain the rare exception for export_operations > 2. at least the flag name EXPORT_OP_LOCAL_FILE_HANDLE > is pretty clear IMO Even after this thread I have absolutely no idea what problem it tries to solve. Maybe that's not just the flag names fault, and not of opt-in vs out, but both certainly don't help. > Plus, as I wrote in another email, the fact that pidfs is SB_NOUSER, > so userspace is not allowed to mount it into the namespace and > userland file servers cannot export the filesystem itself. > That property itself (SB_NOUSER), is therefore a good enough indication > to deny nfsd export of this fs. So check SB_NOUSER in nfsd and be done with it?
