Bill Studenmund writes:
> On Mon, Sep 12, 2005 at 01:08:07AM +0200, Manuel Bouyer wrote:
> > On Sun, Sep 11, 2005 at 01:20:58PM +0200, Julio M. Merino Vidal wrote:
> > > Hi everybody,
> > >=20
> > > while adding NFS support to tmpfs, I found that the current way to
> > > change NFS export information is... how could I say it... very ugly.
> > > It seems to be a bandaid over what was used in the past to mount
> > > FFS systems, which makes it confusing and difficult to extend.
> > > (Don't we aim for clean design? ;-)
> > >=20
> > > [...]
> > >=20
> > >     ftp://ftp.NetBSD.org/pub/NetBSD/misc/jmmv/export.diff
> >=20
> > Hi,
> > while you're at it, could you look at fixing a very long outstanding
> > problem ? A /etc/rc.d/mountd reload isn't atomic, there is a window
> > in which no filesystems are exported at all, and if a request comes in
> > at this time, nfsd replies with a "permission denied".
> >=20
> > At first glance, we would need to keep 2 export list in kernel and switch
> > from one to the other, much like what IPF does with the filters.
> 
> Not necessarily.
> 
> I think part of the problem is how mountd does things, though to be
> honest, I have avoided looking the code. :-) I think if mountd were
> changed to build up state then apply it, we could achieve an atomic update
> w/o multiple lists in the kernel.
> 
> > I don't ask you implement this, but as you're planning to change the
> > interface, please think about it in the new one :)
> 
> I think all that would be needed would be for there to be a way to upload=
> =20
> multiple export entries at once. That way we can say, "here, this is the=20
> new export list."
> 
> I agree that all Julio would need to do now is think about how we add=20
> multiple entries at once, and we'd be prepared for this in the future.

If we're making a "shopping list" of changes we'd like to see here... ;)

When checking to see if an NFS export is allowed, Solaris appears
to do a lookup of the IP address at the time the mount request is made, 
rather than building a table of IP addresses for the hosts at the 
time mountd is run (as NetBSD does).  Ignoring the fact that Dynamic 
DNS may be evil, this means that Solaris behaves much better with 
hosts that happen to be down (and have lost their lease) when mountd 
is restarted, than does NetBSD. (NetBSD gets incredibly unhappy 
because it can't find an IP address for the host at the time mountd 
is run, and so then refuses to run mountd, shutting all hosts out, 
not just the one that might be temporarily off-line.  This is 
arguably a security feature, but, well, if you're running NFS, you 
may have Other Security Issues anyway :-} )

But IMO it'd be way cool if NetBSD could do the same as Solaris and 
delay the lookup of the IP address until the point where the mount 
request is made... 

The last time I looked at seeing how hard it would be to make these 
changes I ran away from the code very quickly :-}  But perhaps if 
things are being overhauled anyway, and other folks think this 
would be useful behaviour, then maybe a solution can be found... 

Now... where did I leave my rock?

Later...

Greg Oster