On 06/14/2018 09:32 AM, J. Bruce Fields wrote: > From: "J. Bruce Fields" <bfields@xxxxxxxxxx> > > We're changing the kernel to allow gss requests from high ports even > when "secure" is set. > > If the change gets backported to distro kernels, the kernel version may > be an imperfect predictor of the behavior, but I think it's the best we > can do. > > Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx> Committed.... steved. > --- > utils/exportfs/exports.man | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man > index 4f95f3a2197e..e3a16f6b276a 100644 > --- a/utils/exportfs/exports.man > +++ b/utils/exportfs/exports.man > @@ -131,10 +131,12 @@ this way are ro, rw, no_root_squash, root_squash, and all_squash. > understands the following export options: > .TP > .IR secure > -This option requires that requests originate on an Internet port less > -than IPPORT_RESERVED (1024). This option is on by default. To turn it > -off, specify > +This option requires that requests not using gss originate on an > +Internet port less than IPPORT_RESERVED (1024). This option is on by default. > +To turn it off, specify > .IR insecure . > +(NOTE: older kernels (before upstream kernel version 4.17) enforced this > +requirement on gss requests as well.) > .TP > .IR rw > Allow both read and write requests on this NFS volume. The > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
