The following patchset adds support for the "rootdir" configuration
option for nfsd in the "[exports]" section in /etc/nfs.conf.
If a user sets this option to a valid directory path, then nfsd will
act as if it is confined to a chroot jail based on that directory.
All paths in /etc/exports and the exportfs utility are then resolved
relative to that directory.
Trond Myklebust (11):
mountd: Ensure we don't share cache file descriptors among processes.
Add a simple workqueue mechanism
Allow callers to check mountpoint status using a custom lstat function
Add utilities for resolving nfsd paths and stat()ing them
Use xstat() with no synchronisation if available
Add helpers to read/write to a file through the chrooted thread
Add a helper to return the real path given an export entry
Add support for the "[exports] rootdir" nfs.conf option to rpc.mountd
Add support for the "[exports] rootdir" nfs.conf option to exportfs
Add a helper for resolving symlinked nfsd paths via realpath()
Fix up symlinked mount path resolution when "[exports] rootdir" is set
aclocal/libpthread.m4 | 13 +-
configure.ac | 6 +-
nfs.conf | 3 +
support/export/export.c | 24 +++
support/include/Makefile.am | 3 +
support/include/exportfs.h | 1 +
support/include/misc.h | 7 +-
support/include/nfsd_path.h | 21 +++
support/include/nfslib.h | 1 +
support/include/workqueue.h | 18 +++
support/include/xstat.h | 11 ++
support/misc/Makefile.am | 3 +-
support/misc/mountpoint.c | 8 +-
support/misc/nfsd_path.c | 289 ++++++++++++++++++++++++++++++++++++
support/misc/workqueue.c | 228 ++++++++++++++++++++++++++++
support/misc/xstat.c | 105 +++++++++++++
support/nfs/exports.c | 4 +
systemd/nfs.conf.man | 20 ++-
utils/exportfs/Makefile.am | 2 +-
utils/exportfs/exportfs.c | 11 +-
utils/mountd/Makefile.am | 3 +-
utils/mountd/cache.c | 63 +++++---
utils/mountd/mountd.c | 24 +--
23 files changed, 819 insertions(+), 49 deletions(-)
create mode 100644 support/include/nfsd_path.h
create mode 100644 support/include/workqueue.h
create mode 100644 support/include/xstat.h
create mode 100644 support/misc/nfsd_path.c
create mode 100644 support/misc/workqueue.c
create mode 100644 support/misc/xstat.c
--
2.21.0
Sharing cache descriptors without using locking can be very bad.
Signed-off-by: Trond Myklebust <[email protected]>
---
utils/mountd/mountd.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
index fb7bba4cd390..88a207b3a85a 100644
--- a/utils/mountd/mountd.c
+++ b/utils/mountd/mountd.c
@@ -836,8 +836,6 @@ main(int argc, char **argv)
if (!foreground)
closeall(3);
- cache_open();
-
unregister_services();
if (version2()) {
listeners += nfs_svc_create("mountd", MOUNTPROG,
@@ -888,6 +886,9 @@ main(int argc, char **argv)
if (num_threads > 1)
fork_workers();
+ /* Open files now to avoid sharing descriptors among forked processes */
+ cache_open();
+
xlog(L_NOTICE, "Version " VERSION " starting");
my_svc_run();
--
2.21.0
On 5/28/19 4:31 PM, Trond Myklebust wrote:
> The following patchset adds support for the "rootdir" configuration
> option for nfsd in the "[exports]" section in /etc/nfs.conf.
>
> If a user sets this option to a valid directory path, then nfsd will
> act as if it is confined to a chroot jail based on that directory.
> All paths in /etc/exports and the exportfs utility are then resolved
> relative to that directory.
>
> Trond Myklebust (11):
> mountd: Ensure we don't share cache file descriptors among processes.
> Add a simple workqueue mechanism
> Allow callers to check mountpoint status using a custom lstat function
> Add utilities for resolving nfsd paths and stat()ing them
> Use xstat() with no synchronisation if available
> Add helpers to read/write to a file through the chrooted thread
> Add a helper to return the real path given an export entry
> Add support for the "[exports] rootdir" nfs.conf option to rpc.mountd
> Add support for the "[exports] rootdir" nfs.conf option to exportfs
> Add a helper for resolving symlinked nfsd paths via realpath()
> Fix up symlinked mount path resolution when "[exports] rootdir" is set
>
> aclocal/libpthread.m4 | 13 +-
> configure.ac | 6 +-
> nfs.conf | 3 +
> support/export/export.c | 24 +++
> support/include/Makefile.am | 3 +
> support/include/exportfs.h | 1 +
> support/include/misc.h | 7 +-
> support/include/nfsd_path.h | 21 +++
> support/include/nfslib.h | 1 +
> support/include/workqueue.h | 18 +++
> support/include/xstat.h | 11 ++
> support/misc/Makefile.am | 3 +-
> support/misc/mountpoint.c | 8 +-
> support/misc/nfsd_path.c | 289 ++++++++++++++++++++++++++++++++++++
> support/misc/workqueue.c | 228 ++++++++++++++++++++++++++++
> support/misc/xstat.c | 105 +++++++++++++
> support/nfs/exports.c | 4 +
> systemd/nfs.conf.man | 20 ++-
> utils/exportfs/Makefile.am | 2 +-
> utils/exportfs/exportfs.c | 11 +-
> utils/mountd/Makefile.am | 3 +-
> utils/mountd/cache.c | 63 +++++---
> utils/mountd/mountd.c | 24 +--
> 23 files changed, 819 insertions(+), 49 deletions(-)
> create mode 100644 support/include/nfsd_path.h
> create mode 100644 support/include/workqueue.h
> create mode 100644 support/include/xstat.h
> create mode 100644 support/misc/nfsd_path.c
> create mode 100644 support/misc/workqueue.c
> create mode 100644 support/misc/xstat.c
>
Committed!
steved.