On Mon, 16 Feb 2015 18:06:06 -0500 Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> wrote: > On Mon, Feb 16, 2015 at 3:17 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > > On Mon, Feb 16, 2015 at 12:21:07PM +1100, NeilBrown wrote: > >> > >> > >> - note that 'nohide' is irrelevant for NFSv4 > >> - note that children on a 'crossmnt' filesystem cannot be unexported > >> - note that 'nocrossmnt' is a valid option, but probably not useful. > >> > >> Signed-off-by: NeilBrown <neilb@xxxxxxx> > >> > >> --- > >> > >> I wonder if we should add a new option, e.g. "noaccess" so that children > >> of a "crossmnt" filesystem can be hidden. The kernel wouldn't need to > >> know about this. It would just tell mountd to refuse to export that > >> filesystem even if the parent was "crossmnt". > >> ?? > > > > Seems logical enough, but I can't recall seeing requests for it, and > > the options here already seem complicated enough. > > > > In theory something like that could also be done with namespaces. (So, > > run mountd in a separate mount namespace that lacks those children.) > > Agreed. It seems unnecessarily complicated to add yet another option > to the crossmnt/nohide saga. If the "nohide" documentation is too > complex, then we should rather aim to improve that documentation. > Yes - improving the documentation was my first step, hence this patch. Writing that documentation lead me to see that a particular configuration was impossible - hence the question. I have no strong desire for a change, and that seems to be common among others, so let's just drop it. Thanks, NeilBrown
Attachment:
pgpWICZE0mFtS.pgp
Description: OpenPGP digital signature
