From: "J. Bruce Fields" <[email protected]>
As with security flavors and "secure" ports, we tried to code this so
that pseudofs directories would inherit root squashing from their
children, but it doesn't really work as coded and I'm not sure it's
useful.
Let's just not root squash. The risk is pretty low since the pseudofs
is readonly, and we'd rather not risk failing a mount unnecessarily.
Signed-off-by: J. Bruce Fields <[email protected]>
---
utils/mountd/v4root.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index 39dd87a94e59..c42ba72380ea 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -34,7 +34,7 @@ static nfs_export pseudo_root = {
.m_export = {
.e_hostname = "*",
.e_path = "/",
- .e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
+ .e_flags = NFSEXP_READONLY
| NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
| NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT,
.e_anonuid = 65534,
@@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo)
struct flav_info *flav;
int i;
- if ((flags & NFSEXP_ROOTSQUASH) == 0)
- pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
struct sec_entry *new;
--
2.28.0
On 12/2/20 8:14 PM, [email protected] wrote:
> From: "J. Bruce Fields" <[email protected]>
>
> As with security flavors and "secure" ports, we tried to code this so
> that pseudofs directories would inherit root squashing from their
> children, but it doesn't really work as coded and I'm not sure it's
> useful.
>
> Let's just not root squash. The risk is pretty low since the pseudofs
> is readonly, and we'd rather not risk failing a mount unnecessarily.
>
> Signed-off-by: J. Bruce Fields <[email protected]>
My apologies for taking so long to get to this... I lost it in the weeds ;-)
Both patches Committed!
steved.
> ---
> utils/mountd/v4root.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> index 39dd87a94e59..c42ba72380ea 100644
> --- a/utils/mountd/v4root.c
> +++ b/utils/mountd/v4root.c
> @@ -34,7 +34,7 @@ static nfs_export pseudo_root = {
> .m_export = {
> .e_hostname = "*",
> .e_path = "/",
> - .e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
> + .e_flags = NFSEXP_READONLY
> | NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
> | NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT,
> .e_anonuid = 65534,
> @@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo)
> struct flav_info *flav;
> int i;
>
> - if ((flags & NFSEXP_ROOTSQUASH) == 0)
> - pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
> for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
> struct sec_entry *new;
>
>