On Fri, Jan 22, 2016 at 10:24 AM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > On Thu, Jan 21, 2016 at 07:01:31PM -0500, Andrew W Elble wrote: >> >> > Ugh. So the client actually needs to allow random other ops in any >> > compound containing an spo_must_allow'd operation? That doesn't seem >> > right to me. >> >> Well, that's most certainly my fault. Seems like I should >> submit a patch to have the client ask for GETATTR if it's going to send >> it as a tag-along to DELEGRETURN. Is WRONGSEC really the correct way >> to enforce appropriate use of spo_must_allow here? >> >> For instance, the client could ask for just DELEGRETURN: >> >> PUTFH >> GETATTR >> DELEGRETURN >> >> ...would be successful as long as the export was done with krb5i/krb5p. > > I don't know what the right thing to do is here. > > I wonder what the GETATTR's for? Close to open cache consistency. Cheers Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html