On Tue, 17 Feb 2015 20:54:32 -0500 "J. Bruce Fields" <bfields@xxxxxxxxxxxx> wrote: > On Wed, Feb 18, 2015 at 12:41:01PM +1100, NeilBrown wrote: > > On Mon, 16 Feb 2015 15:17:51 -0500 bfields@xxxxxxxxxxxx (J. Bruce Fields) > > wrote: > > > > > On Mon, Feb 16, 2015 at 12:21:07PM +1100, NeilBrown wrote: > > > > > > > > > > > > - note that 'nohide' is irrelevant for NFSv4 > > > > - note that children on a 'crossmnt' filesystem cannot be unexported > > > > - note that 'nocrossmnt' is a valid option, but probably not useful. > > > > > > > > Signed-off-by: NeilBrown <neilb@xxxxxxx> > > > > > > > > --- > > > > > > > > I wonder if we should add a new option, e.g. "noaccess" so that children > > > > of a "crossmnt" filesystem can be hidden. The kernel wouldn't need to > > > > know about this. It would just tell mountd to refuse to export that > > > > filesystem even if the parent was "crossmnt". > > > > ?? > > > > > > Seems logical enough, but I can't recall seeing requests for it, and > > > the options here already seem complicated enough. > > > > I haven't seem requests myself. Just rumours of 'nohide' not working with > > NFSv4, which seems to suggest that someone wants something like that. > > But I cannot find a clear source. > > > > Maybe: > > > > http://ubuntuforums.org/showthread.php?t=2152643 > > http://ubuntuforums.org/showthread.php?t=1603881 > > > > > > > > > > In theory something like that could also be done with namespaces. (So, > > > run mountd in a separate mount namespace that lacks those children.) > > > > Do any of the NFS man pages need to be updated to say something about > > namespaces? > > Maybe just a note in the rpc.mountd man page that export paths are all > with respect to the mount namespace rpc.mountd is running in? > I assume that implies that there can only ever be one rpc.mountd running? I haven't really been following, but I assumed we would end up with a different rpc.mountd in each of several different namespaces, each one seeing a different cache through a differently configured /proc.. And somehow there would be different nfsds in different network namespaces, each tied to a filesystem namespace ... or something. I guess that isn't want is really happening? Thanks, NeilBrown
Attachment:
pgpvXdSIHV91b.pgp
Description: OpenPGP digital signature
