On 2014-12-10 15:17, Jeff Layton wrote:
On Wed, 10 Dec 2014 15:08:40 +0100
David Härdeman <david@xxxxxxxxxxx> wrote:
I'm not sure I follow completely...first of all, rpc.gssd is also not
namespace-aware, is it? I mean, sure, it could be run in a given
namespace, but there can still only be one rpc.gssd running?
gssd isn't namespace aware, but it doesn't have to be since it gets
started in userland. In principle you could run a gssd per
container[1].
As long as each container has its own net namespace, each gssd would
have its own set of rpc_pipefs pipes.
request-key is different. The kernel spawns a thread that execs the
program, but there's no support in that infrastructure for doing so
within a particular container.
This thread might be interesting:
https://lkml.org/lkml/2014/11/24/885
Also...the nfsidmap binary (the request-key helper) isn't
namespace-aware...is it?
No it's not. I'd consider that a bug as well.
So basically, a request-key based gssd would be possible if that "bug"
in the request-key infrastructure is fixed, right?
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
