> Ugh. So the client actually needs to allow random other ops in any > compound containing an spo_must_allow'd operation? That doesn't seem > right to me. Well, that's most certainly my fault. Seems like I should submit a patch to have the client ask for GETATTR if it's going to send it as a tag-along to DELEGRETURN. Is WRONGSEC really the correct way to enforce appropriate use of spo_must_allow here? For instance, the client could ask for just DELEGRETURN: PUTFH GETATTR DELEGRETURN ...would be successful as long as the export was done with krb5i/krb5p. Thanks, Andy -- Andrew W. Elble aweits@xxxxxxxxxxxxxxxxxx Infrastructure Engineer, Communications Technical Lead Rochester Institute of Technology PGP: BFAD 8461 4CCF DC95 DA2C B0EB 965B 082E 863E C912 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
