tech-kern: MNT_NOSHARE for non-exportable fs [was: Removing tmpfs' experimental status

Subject: MNT_NOSHARE for non-exportable fs [was: Removing tmpfs' experimental status
To: None <tech-kern@NetBSD.org>
From: M J Fleming <mjf@NetBSD.org>
List: tech-kern
Date: 10/24/2006 17:19:15
--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Whoops, patched attached.

--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="noshare.diff"

Index: include/mntopts.h
===================================================================
RCS file: /cvsroot/src/include/mntopts.h,v
retrieving revision 1.8
diff -u -r1.8 mntopts.h
--- include/mntopts.h	16 Oct 2006 03:31:27 -0000	1.8
+++ include/mntopts.h	24 Oct 2006 16:03:16 -0000
@@ -56,6 +56,7 @@
 #define MOPT_SYMPERM		{ "symperm",	0, MNT_SYMPERM, 0 }
 #define MOPT_SOFTDEP		{ "softdep",	0, MNT_SOFTDEP, 0 }
 #define MOPT_IGNORE		{ "hidden",	0, MNT_IGNORE, 0 }
+#define MOPT_NOSHARE		{ "share",	1, MNT_NOSHARE, 0 }
 
 /* Control flags. */
 #define MOPT_FORCE		{ "force",	0, MNT_FORCE, 0 }
@@ -88,7 +89,8 @@
 	MOPT_RDONLY,							\
 	MOPT_UNION,							\
 	MOPT_IGNORE,							\
-	MOPT_SYMPERM
+	MOPT_SYMPERM,							\
+	MOPT_NOSHARE
 
 __BEGIN_DECLS
 typedef struct mntoptparse *mntoptparse_t;
Index: sys/kern/vfs_syscalls.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.273
diff -u -r1.273 vfs_syscalls.c
--- sys/kern/vfs_syscalls.c	20 Oct 2006 18:58:12 -0000	1.273
+++ sys/kern/vfs_syscalls.c	24 Oct 2006 16:03:17 -0000
@@ -181,6 +181,16 @@
 	 * lock this vnode again, so make the lock recursive.
 	 */
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_SETRECURSE);
+
+	/* 
+	 * Do not allow the filesystem to be exported if MNT_NOSHARE
+	 * is set.
+	 */
+	if ((SCARG(uap, flags) & MNT_EXPORTED) &&
+	    (vp->v_mount->mnt_flag & MNT_NOSHARE)) {
+		vput(vp);
+		return (EPERM);
+	}
 	if (SCARG(uap, flags) & (MNT_UPDATE | MNT_GETARGS)) {
 		if ((vp->v_flag & VROOT) == 0) {
 			vput(vp);
@@ -274,6 +284,7 @@
 		if (vp->v_mount->mnt_flag & MNT_NOEXEC)
 			SCARG(uap, flags) |= MNT_NOEXEC;
 	}
+
 	if ((error = vinvalbuf(vp, V_SAVE, l->l_cred, l, 0, 0)) != 0) {
 		vput(vp);
 		return (error);
@@ -350,12 +361,13 @@
 		mp->mnt_flag &=
 		  ~(MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
 		    MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOCOREDUMP |
-		    MNT_NOATIME | MNT_NODEVMTIME | MNT_SYMPERM | MNT_SOFTDEP);
+		    MNT_NOATIME | MNT_NODEVMTIME | MNT_SYMPERM | MNT_SOFTDEP |
+		    MNT_NOSHARE);
 		mp->mnt_flag |= SCARG(uap, flags) &
 		   (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
 		    MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOCOREDUMP |
 		    MNT_NOATIME | MNT_NODEVMTIME | MNT_SYMPERM | MNT_SOFTDEP |
-		    MNT_IGNORE);
+		    MNT_IGNORE | MNT_NOSHARE);
 	}
 	/*
 	 * Mount the filesystem.
Index: sys/nfs/nfs_export.c
===================================================================
RCS file: /cvsroot/src/sys/nfs/nfs_export.c,v
retrieving revision 1.18
diff -u -r1.18 nfs_export.c
--- sys/nfs/nfs_export.c	22 Oct 2006 13:07:15 -0000	1.18
+++ sys/nfs/nfs_export.c	24 Oct 2006 16:03:18 -0000
@@ -705,6 +705,9 @@
 	int error;
 
 	if (argp->ex_flags & MNT_EXPORTED) {
+		if (mp->mnt_flag & MNT_NOSHARE)
+			return (EPERM);
+
 		if (argp->ex_flags & MNT_EXPUBLIC) {
 			if ((error = setpublicfs(mp, nep, argp)) != 0)
 				return error;
Index: sys/sys/fstypes.h
===================================================================
RCS file: /cvsroot/src/sys/sys/fstypes.h,v
retrieving revision 1.14
diff -u -r1.14 fstypes.h
--- sys/sys/fstypes.h	4 Aug 2006 16:29:51 -0000	1.14
+++ sys/sys/fstypes.h	24 Oct 2006 16:03:18 -0000
@@ -87,7 +87,6 @@
 #define	__MNT_UNUSED2	0x00200000
 #define	__MNT_UNUSED3	0x00800000
 #define	__MNT_UNUSED4	0x01000000
-#define	__MNT_UNUSED5	0x02000000
 
 #define	MNT_RDONLY	0x00000001	/* read only filesystem */
 #define	MNT_SYNCHRONOUS	0x00000002	/* file system written synchronously */
@@ -98,6 +97,7 @@
 #define	MNT_ASYNC	0x00000040	/* file system written asynchronously */
 #define	MNT_NOCOREDUMP	0x00008000	/* don't write core dumps to this FS */
 #define MNT_IGNORE	0x00100000	/* don't show entry in df */
+#define	MNT_NOSHARE	0x02000000	/* file-system can't be exported */
 #define MNT_NOATIME	0x04000000	/* Never update access times in fs */
 #define MNT_SYMPERM	0x20000000	/* recognize symlink permission */
 #define MNT_NODEVMTIME	0x40000000	/* Never update mod times for devs */
@@ -113,6 +113,7 @@
 	{ MNT_ASYNC,		0,	"asynchronous" }, \
 	{ MNT_NOCOREDUMP,	0,	"nocoredump" }, \
 	{ MNT_IGNORE,		0,	"hidden" }, \
+	{ MNT_NOSHARE,		0,	"noshare" }, \
 	{ MNT_NOATIME,		0,	"noatime" }, \
 	{ MNT_SYMPERM,		0,	"symperm" }, \
 	{ MNT_NODEVMTIME,	0,	"nodevmtime" }, \
@@ -163,6 +164,7 @@
      MNT_ASYNC | \
      MNT_NOCOREDUMP | \
      MNT_IGNORE | \
+     MNT_NOSHARE | \
      MNT_NOATIME | \
      MNT_SYMPERM | \
      MNT_NODEVMTIME | \
@@ -216,6 +218,7 @@
 
 #define __MNT_FLAG_BITS \
 	"\20" \
+	"\41MNT_NOSHARE" \
 	"\40MNT_SOFTDEP" \
 	"\37MNT_NODEVMTIME" \
 	"\36MNT_SYMPERM" \

--pf9I7BMVVzbSWLtt--