On Wed, 2020-12-02 at 17:56 -0500, J. Bruce Fields wrote:
> From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
>
> As with security flavors and "secure" ports, we tried to code this so
> that pseudofs directories would inherit root squashing from their
> children, but it doesn't really work as coded and I'm not sure it's
> useful.
>
> Just root squash always. If it turns out somebody's exporting
> directories that are only readable by root, I guess we can try to do
> something else here, but frankly that sounds like a pretty weird
> configuration.
>
> Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>
> ---
> utils/mountd/v4root.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> index 2ac4e87898c0..36543401f296 100644
> --- a/utils/mountd/v4root.c
> +++ b/utils/mountd/v4root.c
> @@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo, int
> flags)
> struct flav_info *flav;
> int i;
>
> - if ((flags & NFSEXP_ROOTSQUASH) == 0)
> - pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
> for (flav = flav_map; flav < flav_map + flav_map_size;
> flav++) {
> struct sec_entry *new;
>
Hmm... What is the harm in allowing root to be unsquashed here? Isn't
this really all about respecting lookup permissions, or could a user
actually modify something in the pseudofs? If the latter, then that
sounds like a bug (the pseudofs should always be read-only).
The consequence of not being able to look up a directory in the
pseudofs is that the NFSv4 client will be completely unable to mount
that subtree, so squashing root could make a major difference.
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@xxxxxxxxxxxxxxx
