From owner-freebsd-fs@FreeBSD.ORG Fri Jun 17 14:47:58 2011 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9495E1065673 for ; Fri, 17 Jun 2011 14:47:58 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca [131.104.91.44]) by mx1.freebsd.org (Postfix) with ESMTP id 55FBA8FC15 for ; Fri, 17 Jun 2011 14:47:57 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ap0EAIpo+02DaFvO/2dsb2JhbABShEmjHIhzrh2QZ4Erg3KBCgSRXpAZ X-IronPort-AV: E=Sophos;i="4.65,381,1304308800"; d="scan'208";a="128212953" Received: from erie.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca) ([131.104.91.206]) by esa-jnhn-pri.mail.uoguelph.ca with ESMTP; 17 Jun 2011 10:47:57 -0400 Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1]) by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id 4F8BBB3F24; Fri, 17 Jun 2011 10:47:57 -0400 (EDT) Date: Fri, 17 Jun 2011 10:47:57 -0400 (EDT) From: Rick Macklem To: Alexander Leidinger Message-ID: <728179041.718184.1308322077278.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <20110617085732.34932j5fvh8v93vg@webmail.leidinger.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [172.17.91.201] X-Mailer: Zimbra 6.0.10_GA_2692 (ZimbraWebClient - IE7 (Win)/6.0.10_GA_2692) Cc: FreeBSD FS Subject: Re: RFC: don't allow any access to unexported mounts for NFSv4 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jun 2011 14:47:58 -0000 > Quoting Rick Macklem (from Thu, 16 Jun 2011 > 10:52:18 -0400 (EDT)): > > > As such, I think it might be better to remove the "hack" and > > simply require that all file systems from the NFSv4 root down > > be exported (which is what is needed for ZFS now, afaik). > > This does not match the behavior on Solaris. There we have > pool/not_exported_dataset/exported_dataset > and a v4 mount works (I didn't see how to verify if a mounted FS is > NFSv4, but I modified /etc/default/nfs to have NFS_CLIENT_VERSMIN=4). > Yes, one of the reasons I originally did the "hack" was that it made things "Solaris compatible". However, I found out Solaris does this by building what generally gets called a "pseudo file system" which, as I understand it, is basically a file system of empty directories that mimmics the unexported paths to the exported ones. You could build such a file system on a small volume. (My comment w.r.t. a workaround.) Isilon does have a pseudo file system, but my most recent discussion with them suggested that theirs might not be suitable for upstreaming. (I once wrote one, but it was garbage that I threw away.:-) rick