On 12/9/24 11:30 AM, Amir Goldstein wrote:
On Mon, Dec 9, 2024 at 2:46 PM Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote:
On Mon, Dec 09, 2024 at 09:58:58AM +0100, Amir Goldstein wrote:
To be clear, exporting pidfs or internal shmem via an anonymous fd is
probably not possible with existing userspace tools, but with all the new
mount_fd and magic link apis, I can never be sure what can be made possible
to achieve when the user holds an anonymous fd.
The thinking behind adding the EXPORT_OP_LOCAL_FILE_HANDLE flag
was that when kernfs/cgroups was added exportfs support with commit
aa8188253474 ("kernfs: add exportfs operations"), there was no intention
to export cgroupfs over nfs, only local to uses, but that was never enforced,
so we thought it would be good to add this restriction and backport it to
stable kernels.
Can you please explain what the problem with exporting these file
systems over NFS is? Yes, it's not going to be very useful. But what
is actually problematic about it? Any why is it not problematic with
a userland nfs server? We really need to settle that argumet before
deciding a flag name or polarity.
I agree that it is not the end of the world and users do have to explicitly
use fsid= argument to be able to export cgroupfs via nfsd.
The idea for this patch started from the claim that Jeff wrote that cgroups
is not allowed for nfsd export, but I couldn't find where it is not allowed.
I have no issue personally with leaving cgroupfs exportable via nfsd
and changing restricting only SB_NOUSER and SB_KERNMOUNT fs.
Jeff, Chuck, what is your opinion w.r.t exportability of cgroupfs via nfsd?
We all seem to be hard-pressed to find a usage scenario where exporting
pseudo-filesystems via NFS is valuable. But maybe someone has done it
and has a good reason for it.
The issue is whether such export should be consistently and actively
prevented.
I'm not aware of any specific security issues with it.
--
Chuck Lever
