On Wed, 2010-12-15 at 13:08 -0500, J. Bruce Fields wrote: > On Tue, Dec 14, 2010 at 05:56:09PM -0800, Simon Kirby wrote: > > On Tue, Dec 14, 2010 at 05:10:21PM -0800, Simon Kirby wrote: > > > > > On Tue, Dec 14, 2010 at 03:38:43PM -0800, Simon Kirby wrote: > > > > > > > I'm just about to try > > > > 2.6.37-rc5-git3 on there plus your NFS fixes (which Linus seems to have > > > > half-merged and uploaded as -git3 but not pushed to his public git) > > > > > > Ignore this; I was just confusing myself by having the leak fixes already > > > applied. Otoh, I got this Oops while trying NFSv4. I'll check my > > > merging again. > > > > > > Do you have a git branch exposed with the "Allow the admin to turn off > > > NFSv4 uid/gid mapping" patches applied? > > > > Hm, the fixes were merged for -git4, and it seems to work fine there. > > > > As for the nfs4 uid/gid mapping patch, it seems the server side support > > for this is still neded? > > I'm not convinced that this behavior should depend on the security > flavor, so I'm assuming that something like steved's libnfsidmap patches > should do the job. Don't assume. Those patches do not fix the problem that if uid(name@server) != uid(name@client), then the client will be creating files with the 'wrong username' on the server. In that case, everything from setuid applications through open(O_CREAT) to 'chown' will be broken because your authentication and authorisation models do not match up. Trond -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@xxxxxxxxxx www.netapp.com -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
