On Mon, 2010-09-20 at 16:35 -0400, Chuck Lever wrote: > On Sep 20, 2010, at 3:56 PM, J. Bruce Fields wrote: > > > On Mon, Sep 20, 2010 at 03:28:00PM -0400, Chuck Lever wrote: > >> > >> On Sep 20, 2010, at 3:13 PM, Pavel Emelyanov wrote: > >>> The nearest plan is > >>> > >>> 1. Prepare the sunrpc layer to work in net namespaces 2. Make > >>> rpcpipefs and nfsd filesystems be mountable multiple times 3. Make > >>> support for multiple instances of the nfsd caches 4. Make suuport > >>> for multiple instances of the nfsd_serv > >>> > >>> After this several NFSd-s can be used in containers (hopefully I > >>> didn't miss anything). > >> > >> Are you assuming NFSv4 only? Something needs to be done about NLM and > >> NSM to make this work right. > >> > >> Is there an issue for idmapper and svcgssd? Probably not, but worth > >> exploring. > >> > >> And, how about AUTH_SYS certs? These contain the host's name in them, > >> and that depends on the net namespace. NLM uses AUTH_SYS, and I > >> believe the NFS server can make NLM calls to the client. > > > > The client probably can't use the auth_sys cred on nlm callbacks in any > > sensible way, so this may not be a big deal. > > I doubt anything looks at that hostname, really. My worry is that it could leak information (like the wrong hostname) onto the network. > Which is one reason why using the utsname()->nodename at the time of mount is the correct thing to do. Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
