Date: Sun, 23 Oct 2016 13:25:24 -0700 From: Ben Whaley <bwhaley@gmail.com> To: freebsd-net@freebsd.org Subject: NFSv4 exports confusion Message-ID: <CAOfR73h=cqd5L_=We5yABoiDx7zbmu=guSQJRa8aF3L_-YW%2BfQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all,
I=E2=80=99m probably just misunderstanding something pretty basic here so a=
pologies
if that=E2=80=99s the case.
The NFSv4 pseudo-filesystem root is not behaving the way I=E2=80=99d expect=
.
Consider the following extremely simple /etc/exports (just for example
purposes):
V4: /exports
/exports/export1 /exports/export2 -network 172.28.0.0/16
And this directory structure:
# tree /exports/
/exports/
|-- export1
| `-- file1
|-- export2
| `-- file2
`-- notanexport
`=E2=80=94 file
Now when I mount / as the NFSv4 pseudo-fs root (from an Ubuntu Xenial
client):
mount -t nfs4 server:/ /mnt
I would expect to see only export1 and export2. But in fact I see
# ls /mnt
export1 export2 notanexport
And the contents of /exports/notanexport/file are available to the client.
Why is this? The language in RFC7530 seems explicit to me:
> Portions of the server namespace that are not exported are bridged via a
=E2=80=9Cpseudo-file system=E2=80=9D that provides a view of exported direc=
tories only.
E.g. per the spec, only exported filesystems should be visible, and the
path to get to them. The pseudo-fs only exposes directories that must be
traversed to reach all exports.
The FreeBSD exports(5) language is somewhat confusing/ambiguous. I won=E2=
=80=99t
quote it here because it=E2=80=99s too long, but see the third paragraph un=
der the
description section. I can see from a few past threads (for example, this
one: https://lists.freebsd.org/pipermail/freebsd-net/2014-July/039407.html)
that some work has been done to clarify this. I=E2=80=99m not sure the
clarification ever made it in to the man page though.
The man page also states:
> The nfsd(8) allows a limited subset of operations to be performed on
non-exported subtrees of the local file system, so that traversal of the
tree to the exported subtrees is possible.
So this all supports my understanding of how it works. But why is
=E2=80=9Cnotanexport=E2=80=9D in my example above visible, and why can I re=
ad the file in
that directory if it isn=E2=80=99t exported?
The situation on Linux is not 100% clear either. If you specify fsid=3D0 fo=
r
a mount as instructed the Linux man pages, you=E2=80=99ll have the same beh=
avior as
in FreeBSD. OTOH, if you ONLY specify the exports and do NOT have an fsid
option, eg. /etc/exports looks like:
/exports/export1
/exports/export2
Then it works as described by the RFC.
Can anyone help me to understand?
Thanks,
Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOfR73h=cqd5L_=We5yABoiDx7zbmu=guSQJRa8aF3L_-YW%2BfQ>