On Fri, Mar 02, 2012 at 02:54:51PM -0500, Chuck Lever wrote:
> At Connectathon, I ran my FedFS-enabled client in a guest environment
> with NAT networking. This made the source port for my NFS connections
> unprivileged.
>
> Attempting to access a junction on my test server failed with a
> "client insecure" error on the server, even if I specified the
> "insecure" export option on the parent export. I added "insecure" to
> the default junction export options, and this fixed the problem.
>
> Bruce suggested, however, that the correct way to address this is to
> have junctions inherit the export options of their parent. I don't
> see a direct way to do this, so I'm posting this patch as a
> conversation starter.
I think you want to do something like the search in
nfs-utils/utils/mountd/cache.c:lookup_export()--look for the export with
the longest matching path, and copy options from that.
--b.
>
> Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
> ---
>
> utils/mountd/cache.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
> index ac9cdbd..35bc2e9 100644
> --- a/utils/mountd/cache.c
> +++ b/utils/mountd/cache.c
> @@ -853,7 +853,7 @@ locations_to_options(struct jp_ops *ops, nfs_fsloc_set_t locations,
> ptr += len;
> } else {
> if (last_path == NULL)
> - len = snprintf(ptr, remaining, "refer=%s@%s",
> + len = snprintf(ptr, remaining, "insecure,refer=%s@%s",
> rootpath, server);
> else
> len = snprintf(ptr, remaining, ":%s@%s",
>
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
