Re: [PATCH v2 3/3] nfsd: implement machine credential support for some operations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jan 22, 2016 at 10:24 AM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote:
> On Thu, Jan 21, 2016 at 07:01:31PM -0500, Andrew W Elble wrote:
>>
>> > Ugh.  So the client actually needs to allow random other ops in any
>> > compound containing an spo_must_allow'd operation?  That doesn't seem
>> > right to me.
>>
>> Well, that's most certainly my fault. Seems like I should
>> submit a patch to have the client ask for GETATTR if it's going to send
>> it as a tag-along to DELEGRETURN. Is WRONGSEC really the correct way
>> to enforce appropriate use of spo_must_allow here?
>>
>> For instance, the client could ask for just DELEGRETURN:
>>
>> PUTFH
>> GETATTR
>> DELEGRETURN
>>
>> ...would be successful as long as the export was done with krb5i/krb5p.
>
> I don't know what the right thing to do is here.
>
> I wonder what the GETATTR's for?

Close to open cache consistency.

Cheers
  Trond
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux