Hi Trond - > On May 21, 2019, at 8:46 AM, Trond Myklebust <trondmy@xxxxxxxxx> wrote: > > The following patchset adds support for the 'root_dir' configuration > option for nfsd in nfs.conf. If a user sets this option to a valid > directory path, then nfsd will act as if it is confined to a chroot > jail based on that directory. All paths in /etc/exporfs and from > exportfs are then resolved relative to that directory. What about files under /proc that mountd might access? I assume these pathnames are not affected. Aren't there also one or two other files that maintain export state like /var/lib/nfs/rmtab? Are those affected? IMHO it could be less confusing to administrators to make root_dir an [exportfs] option instead of a [mountd] option, if this is not a true chroot of mountd. > Trond Myklebust (7): > mountd: Ensure we don't share cache file descriptors among processes. > Add a simple workqueue mechanism > Add utilities for resolving nfsd paths and stat()ing them > Add a helper to return the real path given an export entry > Add helpers to read/write to a file through the chrooted thread > Add support for the nfsd rootdir configuration option to rpc.mountd > Add support for the nfsd root directory to exportfs > > aclocal/libpthread.m4 | 13 +- > configure.ac | 6 +- > nfs.conf | 1 + > support/export/export.c | 24 +++ > support/include/Makefile.am | 2 + > support/include/exportfs.h | 1 + > support/include/nfsd_path.h | 17 ++ > support/include/nfslib.h | 1 + > support/include/workqueue.h | 22 +++ > support/misc/Makefile.am | 3 +- > support/misc/mountpoint.c | 5 +- > support/misc/nfsd_path.c | 175 +++++++++++++++++++++ > support/misc/workqueue.c | 306 ++++++++++++++++++++++++++++++++++++ > support/nfs/exports.c | 4 + > systemd/nfs.conf.man | 3 +- > utils/exportfs/Makefile.am | 2 +- > utils/exportfs/exportfs.c | 32 +++- > utils/mountd/Makefile.am | 3 +- > utils/mountd/cache.c | 79 +++++++--- > utils/mountd/mountd.c | 13 +- > utils/nfsd/nfsd.man | 6 + > 21 files changed, 676 insertions(+), 42 deletions(-) > create mode 100644 support/include/nfsd_path.h > create mode 100644 support/include/workqueue.h > create mode 100644 support/misc/nfsd_path.c > create mode 100644 support/misc/workqueue.c > > -- > 2.21.0 > -- Chuck Lever chucklever@xxxxxxxxx
