Re: [PATCH 3/4] SUNRPC: Add RPC based upcall mechanism for RPCGSS auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 22.05.2012 17:22, Simo Sorce wrote:
On Tue, 2012-05-22 at 17:17 +0400, Stanislav Kinsbursky wrote:
On 22.05.2012 17:00, Simo Sorce wrote:
On Tue, 2012-05-22 at 08:47 -0400, J. Bruce Fields wrote:
Have you and Stanislav talked about fitting this with the ongoing
container work?

No, I wanted to make it work for the normal case first, I assume it will
be simple enough to change the code to work with containers later.
Main reason is that I have no way to test containerized stuff.



It's not that hard to "containerize" this code.
All you need is to bypass rqstp->rq_xprt->xpt_net to gssp_rpc_create().
I.e. either add net as a parameter to
gssp_accept_sec_context_upcall()->gssp_call()->get_clnt()->gssp_rpc_create()
prototypes or pass it as a part of gssp_upcall_data structure and then pass as a
parameter to gssp_call()->get_clnt()->gssp_rpc_create().

This will suits you. I.e. I'm sure that you'll not experience any changes
comparing to current behavior.

This should be easy enough.

If I understand it correctly, all is needed is to allow attaching to
different sockets for different containers ?


Sorry, but I don't understand the sentence.
Starting from kernel 3.3 SUNRPC layer if fully containerized. I.e. all network
related resources now carefully allocated and destroyed per and with network
namespace.
And it would be really great, if the layer will remain containerized in future.

I need guidance here. I need to know what it means to 'remain
containerized', does it mean I need to do something special for the
socket handling ?


It actually means, that no hard-coded init_net references should appear - and that's all. Required network context have to be taken from currently existent objects (like RPC client, RPC service, etc) and, if not available (it's very rare case - like NFS mount call), from current->nsproxy->net_ns.
You don't need to do anything special except this.
There will be a problem with your patches in container, because you are using unix socket. But this problem is not in your patches but in unix sockets themselves. So don't worry about it.

Keep in mind I started working on these patches before any
containerization code was added to SUNRPC, and I have no knowledge
whatsoever of containers and what are their constraints.

Simo.



--
Best regards,
Stanislav Kinsbursky
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux