At Connectathon, I ran my FedFS-enabled client in a guest environment
with NAT networking. This made the source port for my NFS connections
unprivileged.
Attempting to access a junction on my test server failed with a
"client insecure" error on the server, even if I specified the
"insecure" export option on the parent export. I added "insecure" to
the default junction export options, and this fixed the problem.
Bruce suggested, however, that the correct way to address this is to
have junctions inherit the export options of their parent. I don't
see a direct way to do this, so I'm posting this patch as a
conversation starter.
Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
---
utils/mountd/cache.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
index ac9cdbd..35bc2e9 100644
--- a/utils/mountd/cache.c
+++ b/utils/mountd/cache.c
@@ -853,7 +853,7 @@ locations_to_options(struct jp_ops *ops, nfs_fsloc_set_t locations,
ptr += len;
} else {
if (last_path == NULL)
- len = snprintf(ptr, remaining, "refer=%s@%s",
+ len = snprintf(ptr, remaining, "insecure,refer=%s@%s",
rootpath, server);
else
len = snprintf(ptr, remaining, ":%s@%s",
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
