On Wed, 10 Dec 2014 15:31:34 +0100 David Härdeman <david@xxxxxxxxxxx> wrote: > On 2014-12-10 15:17, Jeff Layton wrote: > > On Wed, 10 Dec 2014 15:08:40 +0100 > > David Härdeman <david@xxxxxxxxxxx> wrote: > >> I'm not sure I follow completely...first of all, rpc.gssd is also not > >> namespace-aware, is it? I mean, sure, it could be run in a given > >> namespace, but there can still only be one rpc.gssd running? > >> > > > > gssd isn't namespace aware, but it doesn't have to be since it gets > > started in userland. In principle you could run a gssd per > > container[1]. > > As long as each container has its own net namespace, each gssd would > > have its own set of rpc_pipefs pipes. > > > > request-key is different. The kernel spawns a thread that execs the > > program, but there's no support in that infrastructure for doing so > > within a particular container. > > This thread might be interesting: > https://lkml.org/lkml/2014/11/24/885 > Nice. I wasn't aware that Ian was working on this. I'll take a look. > >> Also...the nfsidmap binary (the request-key helper) isn't > >> namespace-aware...is it? > >> > > > > No it's not. I'd consider that a bug as well. > > So basically, a request-key based gssd would be possible if that "bug" > in the request-key infrastructure is fixed, right? > Yes, I don't see why not. -- Jeff Layton <jlayton@xxxxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
