Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 17 Jun 2011 17:25:45 +0200
From:      Alexander Leidinger <Alexander@Leidinger.net>
To:        Rick Macklem <rmacklem@uoguelph.ca>
Cc:        FreeBSD FS <freebsd-fs@freebsd.org>
Subject:   Re: RFC: don't allow any access to unexported mounts for NFSv4
Message-ID:  <20110617172545.175366za32r42gvt@webmail.leidinger.net>
In-Reply-To: <728179041.718184.1308322077278.JavaMail.root@erie.cs.uoguelph.ca>
References:  <728179041.718184.1308322077278.JavaMail.root@erie.cs.uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
Quoting Rick Macklem <rmacklem@uoguelph.ca> (from Fri, 17 Jun 2011  
10:47:57 -0400 (EDT)):

>> Quoting Rick Macklem <rmacklem@uoguelph.ca> (from Thu, 16 Jun 2011
>> 10:52:18 -0400 (EDT)):
>>
>> > As such, I think it might be better to remove the "hack" and
>> > simply require that all file systems from the NFSv4 root down
>> > be exported (which is what is needed for ZFS now, afaik).
>>
>> This does not match the behavior on Solaris. There we have
>> pool/not_exported_dataset/exported_dataset
>> and a v4 mount works (I didn't see how to verify if a mounted FS is
>> NFSv4, but I modified /etc/default/nfs to have NFS_CLIENT_VERSMIN=4).
>>
> Yes, one of the reasons I originally did the "hack" was that it made
> things "Solaris compatible". However, I found out Solaris does this by
> building what generally gets called a "pseudo file system" which, as I
> understand it, is basically a file system of empty directories that
> mimmics the unexported paths to the exported ones. You could build such
> a file system on a small volume. (My comment w.r.t. a workaround.)

The workarounds you propose contradict everything people are used to.  
They are not easy or you need to care what you put in the parent  
directories of the one you want to export. It basically means that you  
can only use NFSv4 on newly setup systems, upgraded or migrated ones  
look out of the question (yes, I'm over-simplificating a bit).

I really hope someone can come up with a fix for this, else it would  
mean I would not use NFSv4 anywhere.

Bye,
Alexander.

-- 
My haircut is totally traditional!

http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID = 72077137

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110617172545.175366za32r42gvt>