Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
From:   "J. Bruce Fields" <bfields@fieldses.org>
To:     Steve Dickson <steved@redhat.com>
Cc:     linux-nfs@vger.kernel.org, "J. Bruce Fields" <bfields@redhat.com>
Subject: [PATCH 2/2] mountd: always root squash on the pseudofs
Date:   Wed,  2 Dec 2020 17:56:44 -0500
Message-Id: <1606949804-31417-2-git-send-email-bfields@fieldses.org>
In-Reply-To: <1606949804-31417-1-git-send-email-bfields@fieldses.org>
References: <1606949804-31417-1-git-send-email-bfields@fieldses.org>
Precedence: bulk

From: "J. Bruce Fields" <bfields@redhat.com>

As with security flavors and "secure" ports, we tried to code this so
that pseudofs directories would inherit root squashing from their
children, but it doesn't really work as coded and I'm not sure it's
useful.

Just root squash always.  If it turns out somebody's exporting
directories that are only readable by root, I guess we can try to do
something else here, but frankly that sounds like a pretty weird
configuration.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
 utils/mountd/v4root.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index 2ac4e87898c0..36543401f296 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo, int flags)
 	struct flav_info *flav;
 	int i;
 
-	if ((flags & NFSEXP_ROOTSQUASH) == 0)
-		pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
 	for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
 		struct sec_entry *new;
 
-- 
2.28.0