Subject: Re: MNT_NOSHARE for non-exportable fs [was: Removing tmpfs' experimental status
To: M J Fleming <mjf@netbsd.org>
From: Julio M. Merino Vidal <jmmv84@gmail.com>
List: tech-kern
Date: 11/03/2006 18:16:45
On 11/1/06, M J Fleming <mjf@netbsd.org> wrote:
> On Mon, Oct 30, 2006 at 06:24:49PM +0100, Julio M. Merino Vidal wrote:
> > On 10/30/06, M J Fleming <mjf@netbsd.org> wrote:
> > >On Mon, Oct 30, 2006 at 03:15:32PM +0200, Elad Efrat wrote:
> > >> Steven M. Bellovin wrote:
> > >> > On Mon, 30 Oct 2006 14:57:52 +0200, Elad Efrat <elad@NetBSD.org> wrote:
> > >> >
> > >> >> off-list
> > >>
> > >> heh, thought I got rid of that bad habit :)
> > >>
> > >> >>
> > >> >> YAMAMOTO Takashi wrote:
> > >> >>> can you consider to revert the change?
> > >> >> was there really a consensus against it?
> > >> >>
> > >> >> the last mail on this thread is mine:
> > >> >>
> > >> >> http://mail-index.netbsd.org/tech-kern/2006/10/25/0028.html
> > >> >>
> > >> >> and there's an open question in it (to smb@)...
> > >> >>
> > >> > Sorry, I thought I'd answered.
> > >> >
> > >> > No, I don't have an answer I'm happy with; I regard it as a research
> > >> > question.
> > >>
> > >> we can address that using fileassoc(9), or at least that'd be a start..
> > >>
> > >> > I stand by the main point in the note of mine you were
> > >> > responding to: "no export" as a security flag is a bad idea.
> > >>
> > >> are we using it as a security flag?
> > >>
> > >
> > >jmmv, are you ok with the solution I've used to solve the export and tmpfs
> > >problem? If not, I'll revert my changes. If yes, the discussion in this
> > >thread
> > >should continue, anyway.
> >
> > I don't like this.  This "noexport" flag is something that the admin
> > has to set manually.  And if he has to do that, he can just as well
> > avoid adding that specific file system to exports.  I mean, the file
> > system is exported because the admin wants to, not because something
> > out of his control decides to do it.
> >
> > However, it'd be different if this noexport option was set by the file
> > system driver itself (I think this is what others suggested and is
> > what I had in mind a long time ago during the rototill).  This way,
> > tmpfs (or any other file system that wanted to for whatever reason)
> > could say "hey, I don't want to be exported", and then you could not
> > export it in any way.
> >
>
> Attached is a patch that I hope is closer to what you wanted, jmmv. In this
> patch tmpfs declares that it cannot be exported.

I like this.  (I'm not sure we really want to prevent people from
exporting tmpfs if they really want to, but that's a different thing.)

-- 
Julio M. Merino Vidal <jmmv84@gmail.com>
The Julipedia - http://julipedia.blogspot.com/