Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp132756pxu;
        Wed, 2 Dec 2020 17:16:35 -0800 (PST)
X-Google-Smtp-Source: ABdhPJywTfniC4FHEAsPB8KO3hO3P1dwH97pDV1iJ0QAmGWr/xjHjHFk3V+zfvTwN/7Pq02CCtBb
X-Received: by 2002:a17:906:94d4:: with SMTP id d20mr444083ejy.475.1606958194823;
        Wed, 02 Dec 2020 17:16:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606958194; cv=none;
        d=google.com; s=arc-20160816;
        b=0RFkf5R/aJDXyvTnbAwD/i10iZhK5PCZ6Xe8+h1TycJqlgB3eOB5093Ln2hzTF2qGw
         8hx1vuXQZDdFDk9w4noV+9P87CJViBrIlD/Z2zRdpgYnrDQXndWyMidcBoNzv8kTBXS2
         /zhRgpixXDtcoDXOkO5L0tqssq311Qtq9h5f4iSYFMLBIy3EQcSTATM0s0DNPqQbJRrX
         XaxUn5E/6BIhIHhcy3p/aiaq2QBCzSakjTDOz+t3jBEwrLlrHa1hJeQ20+LZHAOk0Su3
         PlgWqfIOMWmW1lCb4xcRNo7VaiMYuNCJdZe/awDQbz3g+SDC6HPyFDB6T5japy5mp876
         9D+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:references:in-reply-to:message-id:date:subject
         :cc:to:from:dkim-signature:dkim-filter;
        bh=6Bi9Zq0zZLKu28AxyDSGdjngTwfi3CSIqfmJUr5KNqU=;
        b=MCLTMauifBf7VMc9z7yIIgz+s8bDh4lXEpGDsJi/M0XEvs5qkwvVlrlkwXug482lDT
         bWWJl+QLFpiEsKQmjYzhGauSFhsN2CeIw9CrnYfXxh3eo6kvv9lDt5pfQQDNPLbt0pjW
         LzMN3KMGtwlG1PvuoGxWj5zn4pbzFgGxUdJ37rspYGPkyyNBe9ew6S4AZVf1P8NLQWyK
         7BWr7U2bg+hrGW8s61rAFxoMnkkuGcl0+2agNtWQ6iJ7/FG8dzzDEcaXuYtDkUu1AmCO
         JMEPxAlqIuHEtmsWgX8PbdD5ushn9AoRwKoCB9QiTy5Y67tAwG5xtjGQp0/t5T1uECPm
         sTew==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@fieldses.org header.s=default header.b=KZkR3XsS;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id hs9si29960ejc.187.2020.12.02.17.16.08;
        Wed, 02 Dec 2020 17:16:34 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@fieldses.org header.s=default header.b=KZkR3XsS;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726839AbgLCBPt (ORCPT <rfc822;prunkdump@gmail.com> + 99 others);
        Wed, 2 Dec 2020 20:15:49 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58500 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726024AbgLCBPt (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Wed, 2 Dec 2020 20:15:49 -0500
Received: from fieldses.org (fieldses.org [IPv6:2600:3c00:e000:2f7::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 57384C0613D6
        for <linux-nfs@vger.kernel.org>; Wed,  2 Dec 2020 17:15:09 -0800 (PST)
Received: by fieldses.org (Postfix, from userid 2815)
        id EFE041BE7; Wed,  2 Dec 2020 20:15:00 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.11.0 fieldses.org EFE041BE7
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldses.org;
        s=default; t=1606958101;
        bh=6Bi9Zq0zZLKu28AxyDSGdjngTwfi3CSIqfmJUr5KNqU=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=KZkR3XsScig5HR+HgK5DHKtHAI0FJ3yYvZ1v+1FIJjDrKQ09lQfnJRqJjAav7dz9P
         PF2YwEA1iG2dzzVwpweFfTwn8a2BJyF60fyKxFlCTfZsddYlMGdmsbAYZ+RoL1PNEw
         R770Jl8KlhFJGEp0yCZor1LC5+AWdFWWEIvYDEAw=
From:   bfields@fieldses.org
To:     Steve Dickson <steved@redhat.com>
Cc:     linux-nfs@vger.kernel.org,
        Trond Myklebust <trondmy@hammerspace.com>,
        "J. Bruce Fields" <bfields@redhat.com>
Subject: [PATCH 2/2] mountd: never root squash on the pseudofs
Date:   Wed,  2 Dec 2020 20:14:57 -0500
Message-Id: <1606958097-9041-2-git-send-email-bfields@fieldses.org>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1606958097-9041-1-git-send-email-bfields@fieldses.org>
References: <20201203010546.GB348347@pick.fieldses.org>
 <1606958097-9041-1-git-send-email-bfields@fieldses.org>
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

From: "J. Bruce Fields" <bfields@redhat.com>

As with security flavors and "secure" ports, we tried to code this so
that pseudofs directories would inherit root squashing from their
children, but it doesn't really work as coded and I'm not sure it's
useful.

Let's just not root squash.  The risk is pretty low since the pseudofs
is readonly, and we'd rather not risk failing a mount unnecessarily.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
 utils/mountd/v4root.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index 39dd87a94e59..c42ba72380ea 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -34,7 +34,7 @@ static nfs_export pseudo_root = {
 	.m_export = {
 		.e_hostname = "*",
 		.e_path = "/",
-		.e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
+		.e_flags = NFSEXP_READONLY
 				| NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
 				| NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT,
 		.e_anonuid = 65534,
@@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo)
 	struct flav_info *flav;
 	int i;
 
-	if ((flags & NFSEXP_ROOTSQUASH) == 0)
-		pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
 	for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
 		struct sec_entry *new;
 
-- 
2.28.0