Re: filesystem namespace regions, or making mountd less bozotic

To: David Holland <dholland-tech%netbsd.org@localhost>
Subject: Re: filesystem namespace regions, or making mountd less bozotic
From: David Laight <david%l8s.co.uk@localhost>
Date: Wed, 5 Dec 2012 21:51:31 +0000

On Wed, Dec 05, 2012 at 09:29:06PM +0000, David Holland wrote:
> I am tired of PR 3019 and its many duplicates, so I'd like to see a
> scheme that allows managing arbitrary subtrees of the filesystem
> namespace in a reasonably useful manner.
> 
> The immediate application is nfs exports and mountd; however, I expect
> the resulting mechanism will also be useful for handling chroots and
> possibly also inotify-type mechanisms.

Haven't you forgotten about 'file handles'.
Since they refer to files you don't know anything about the containing
directory.

In the old days NFS had the following 'rules':
1) If you export part of a filesystem, you export all of it.
2) If you give anyone access, you give everyone access.
3) If you give anyone write access, you give everyone write access.

I suspect 2 & 3 are no longer true (in NetBSD) as nfs checks the
permissions, not just mountd.
1 is true if clients can 'fake up' valid file handles (used to be very
easy).

        David

-- 
David Laight: david%l8s.co.uk@localhost

Follow-Ups:
- Re: filesystem namespace regions, or making mountd less bozotic
  - From: Thor Lancelot Simon

References:
- filesystem namespace regions, or making mountd less bozotic
  - From: David Holland

Prev by Date: Re: core statement on fexecve, O_EXEC, and O_SEARCH
Next by Date: Re: filesystem namespace regions, or making mountd less bozotic
Previous by Thread: filesystem namespace regions, or making mountd less bozotic
Next by Thread: Re: filesystem namespace regions, or making mountd less bozotic
Indexes:

Home | Main Index | Thread Index | Old Index