On Tue, May 14, 2019 at 04:41:48PM -0400, Trond Myklebust wrote: > The following patchset aims to allow the configuration of a 'chroot > jail' to rpc.nfsd, and allowing us to export a filesystem /foo (and > possibly subtrees) as '/'. This is great, thanks! Years ago I did an incomplete version that worked by just string manipulations on paths. Running part of mountd in a chrooted thread is a neat way to do it. If I understand right, the only part that's being run in a chroot is the writes to /proc/net/sunrpc/*/channel files. So that means that the path included in writes to /proc/net/sunrpc/nfsd_fh/channel will be resolved with respect to the chroot by the kernel code handling the write. That's not the only place in mountd that uses export paths, though. What about: - next_mnt(), which compares paths from the export file to paths in /etc/mtab. - is_mountpoint, which stats export paths. - match_fsid, which stats export paths. Etc. Doesn't that stuff also need to be done with respect to the chroot? Am I missing something? --b. > > Trond Myklebust (5): > mountd: Ensure we don't share cache file descriptors among processes. > Add a simple workqueue mechanism > Add a helper to write to a file through the chrooted thread > Add support for chrooted exports > Add support for chroot in exportfs > > aclocal/libpthread.m4 | 13 +- > configure.ac | 6 +- > nfs.conf | 1 + > support/include/misc.h | 11 ++ > support/misc/Makefile.am | 2 +- > support/misc/workqueue.c | 267 +++++++++++++++++++++++++++++++++++++ > systemd/nfs.conf.man | 3 +- > utils/exportfs/Makefile.am | 2 +- > utils/exportfs/exportfs.c | 31 ++++- > utils/mountd/Makefile.am | 3 +- > utils/mountd/cache.c | 39 +++++- > utils/mountd/mountd.c | 5 +- > utils/nfsd/nfsd.man | 4 + > 13 files changed, 369 insertions(+), 18 deletions(-) > create mode 100644 support/misc/workqueue.c > > -- > 2.21.0
