> On May 21, 2019, at 3:58 PM, Trond Myklebust <trondmy@xxxxxxxxxxxxxxx> wrote: > > On Tue, 2019-05-21 at 15:06 -0400, Chuck Lever wrote: >>> On May 21, 2019, at 2:17 PM, Trond Myklebust < >>> trondmy@xxxxxxxxxxxxxxx> wrote: >>> >>> On Tue, 2019-05-21 at 13:40 -0400, Chuck Lever wrote: >>>> Hi Trond - >>>> >>>>> On May 21, 2019, at 8:46 AM, Trond Myklebust <trondmy@xxxxxxxxx >>>>>> >>>>> wrote: >>>>> >>>>> The following patchset adds support for the 'root_dir' >>>>> configuration >>>>> option for nfsd in nfs.conf. If a user sets this option to a >>>>> valid >>>>> directory path, then nfsd will act as if it is confined to a >>>>> chroot >>>>> jail based on that directory. All paths in /etc/exporfs and >>>>> from >>>>> exportfs are then resolved relative to that directory. >>>> >>>> What about files under /proc that mountd might access? I assume >>>> these >>>> pathnames are not affected. >>>> >>> That's why we have 2 threads. One thread is root jailed using >>> chroot, >>> and is used to talk to knfsd. The other thread is not root jailed >>> (or >>> at least not by root_dir) and so has full access to /etc, /proc, >>> /var, >>> ... >>> >>>> Aren't there also one or two other files that maintain export >>>> state >>>> like /var/lib/nfs/rmtab? Are those affected? >>> >>> See above. They are not affected. >>> >>>> IMHO it could be less confusing to administrators to make >>>> root_dir an >>>> [exportfs] option instead of a [mountd] option, if this is not a >>>> true >>>> chroot of mountd. >>> >>> It is neither. I made in a [nfsd] option, since it governs the way >>> that >>> both exportfs and mountd talk to nfsd. >> >> My point is not about implementation, it's about how this >> functionality >> is presented to administrators. >> >> In nfs.conf, [nfsd] looks like it controls what options are passed >> via >> rpc.nfsd. That still seems like a confusing admin interface. >> >> IMO admins won't care about who is talking to whom. They will care >> about >> how the export pathnames are interpreted. That seems like it belongs >> squarely with the exportfs interface. >> > > With the exportfs interface, yes. However it is not specific to the > exportfs utility, so to me [exportfs] is more confusing than what > exists now. > > OK, so what if we put it in [general] instead, and perhaps rename it > "export_rootdir"? For the record, I prefer export_rootdir to root_dir. I haven't thought of a better choice. I also like not putting this option under [nfsd]. [general] is a better choice IMO, though I'm still not crazy about it. It might be nice to have a new section called "[exports]" (no "f"). -- Chuck Lever
