> On Feb 8, 2022, at 9:29 AM, Benjamin Coddington <bcodding@xxxxxxxxxx> wrote: > > On 8 Feb 2022, at 8:45, Trond Myklebust wrote: > >>> Can't we just uniquify the namespaced NFS client ourselves, while >>> still >>> exposing /sys/fs/nfs/net/nfs_client/identifier within the namespace? >>> That >>> way if someone want to run udev or use their own method of persistent >>> id >>> its available to them within the container so they can. Then we can >>> move >>> forward because the problem of distinguishing clients between the >>> host >>> and >>> netns is automagically solved. >> >> That could be done. > > Ok, I'm eyeballing a sha1 of the init namespace uniquifier and > peernet2id_alloc(new_net, init_net).. but means the NFS client would grow a > dependency on CRYPTO and CRYPTO_SHA1. Or you could use siphash instead of SHA-1. I don't think we should be adding any more SHA-1 to the kernel -- it's deprecated for good reasons. -- Chuck Lever
