On 5/28/19 4:31 PM, Trond Myklebust wrote: > The following patchset adds support for the "rootdir" configuration > option for nfsd in the "[exports]" section in /etc/nfs.conf. > > If a user sets this option to a valid directory path, then nfsd will > act as if it is confined to a chroot jail based on that directory. > All paths in /etc/exports and the exportfs utility are then resolved > relative to that directory. > > Trond Myklebust (11): > mountd: Ensure we don't share cache file descriptors among processes. > Add a simple workqueue mechanism > Allow callers to check mountpoint status using a custom lstat function > Add utilities for resolving nfsd paths and stat()ing them > Use xstat() with no synchronisation if available > Add helpers to read/write to a file through the chrooted thread > Add a helper to return the real path given an export entry > Add support for the "[exports] rootdir" nfs.conf option to rpc.mountd > Add support for the "[exports] rootdir" nfs.conf option to exportfs > Add a helper for resolving symlinked nfsd paths via realpath() > Fix up symlinked mount path resolution when "[exports] rootdir" is set > > aclocal/libpthread.m4 | 13 +- > configure.ac | 6 +- > nfs.conf | 3 + > support/export/export.c | 24 +++ > support/include/Makefile.am | 3 + > support/include/exportfs.h | 1 + > support/include/misc.h | 7 +- > support/include/nfsd_path.h | 21 +++ > support/include/nfslib.h | 1 + > support/include/workqueue.h | 18 +++ > support/include/xstat.h | 11 ++ > support/misc/Makefile.am | 3 +- > support/misc/mountpoint.c | 8 +- > support/misc/nfsd_path.c | 289 ++++++++++++++++++++++++++++++++++++ > support/misc/workqueue.c | 228 ++++++++++++++++++++++++++++ > support/misc/xstat.c | 105 +++++++++++++ > support/nfs/exports.c | 4 + > systemd/nfs.conf.man | 20 ++- > utils/exportfs/Makefile.am | 2 +- > utils/exportfs/exportfs.c | 11 +- > utils/mountd/Makefile.am | 3 +- > utils/mountd/cache.c | 63 +++++--- > utils/mountd/mountd.c | 24 +-- > 23 files changed, 819 insertions(+), 49 deletions(-) > create mode 100644 support/include/nfsd_path.h > create mode 100644 support/include/workqueue.h > create mode 100644 support/include/xstat.h > create mode 100644 support/misc/nfsd_path.c > create mode 100644 support/misc/workqueue.c > create mode 100644 support/misc/xstat.c > Committed! steved.