Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp1616569pxp; Mon, 21 Mar 2022 00:35:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxF2wtfG2xrtPXfcDatZgBpKL3OdtGfEqnxo3glqhnXRe9H9MztC2E/dHEbj0VrFdLhCw3t X-Received: by 2002:a17:907:c00b:b0:6df:cd40:afc4 with SMTP id ss11-20020a170907c00b00b006dfcd40afc4mr10237503ejc.629.1647848101138; Mon, 21 Mar 2022 00:35:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647848101; cv=none; d=google.com; s=arc-20160816; b=ZjWHRteJSCPMJZNtrCuA8X65IsKEQO4YYYVs+DFzCcQVqFuYxT8GOTVk6ZydHv8LwR 1wVZ6iMzKkpqhnoXrOsbFQNqkx237nMwU3v4v+lSZMAqomRKTJI1e4Yr0Iex6W4SOOLI OstV2oIfJI1K4w3FGmQDWtxIsRlWW2mo5y/A7em95zfYzVEbtN7QYrz+39mpsI0LHeYc jeR5NrxFtq0l2rT/gNloBzg4KJPsrh60Z2wZw13o1dGDExHPkQTlACEjkEfuPbLFhbki y1kaGASTOuNH6bxu1PhWZrYgXBXCRQ5A7fwmVEC3ZDfiRJFuUfv5YwjbmETKtxMx6AM+ QCiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:references:in-reply-to:subject :cc:to:from:mime-version:content-transfer-encoding:dkim-signature :dkim-signature; bh=AXbV/wVKDeEge03VzZeZXtVmnP3b3MHuuRfa3SrngAM=; b=CJK3mggDIJ+WQ62QrpkAptdG2UeYILD906Wq/WLRwLeSUeSQMXzV25J1x7sGee3mBo xqyskgZgYQ5KW9DFN57jFBEZRFE3O6cABJQLlHjYJUopty8LLfLJ8yvFhUdFUtcyycG1 Vbk8XR7L5oNtqXnPut9Kj5P/6K0wyoRiwKTL2ltO+dYFeSmUrSwXd3wDUHU1HFuJ26ih 8NZZXm4j9muJYrGaGvAUDkfFvBlrYVY3E5dYZV0Mm88svoACVwZV0A3qc/DJAZwairR1 hXMjrqMqNGjpTTjovzrDau84cPCP+e9+lRLsjj/nUXgvDAUgixR1VU6IJBhrzl54PPHq zY8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=znT13aiY; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s14-20020a508d0e000000b00418c2b5bdf3si8062962eds.213.2022.03.21.00.34.30; Mon, 21 Mar 2022 00:35:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=znT13aiY; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344144AbiCUCQC (ORCPT + 99 others); Sun, 20 Mar 2022 22:16:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40024 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232513AbiCUCQB (ORCPT ); Sun, 20 Mar 2022 22:16:01 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD8963AA6F for ; Sun, 20 Mar 2022 19:14:37 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 3B2221F37C; Mon, 21 Mar 2022 02:14:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1647828876; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AXbV/wVKDeEge03VzZeZXtVmnP3b3MHuuRfa3SrngAM=; b=znT13aiY5AB9WL+5kumKkmg3ZS7Y9FtWY8s7QGPd1jFz7ESutKBboHeM1Gs42Q77J4Twtb 6STOma9hCsi4INXWKn8pfHfb/WRuQC5mFRhb6xzCKKvYgcdUlqISAdlNyYwPEUN+/J1SQA 133IWEknCyZCs4/rBH03kc07FrkamL4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1647828876; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AXbV/wVKDeEge03VzZeZXtVmnP3b3MHuuRfa3SrngAM=; b=giGIs9l9MXQx7bhJzhKpOST1TjWf4aVazNl8E8oEplAmZklQJMgOI4drJ4sjotCGXyhTo6 j813ajGD3nr4T2BQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 24B6B133DD; Mon, 21 Mar 2022 02:14:33 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id dg+TNInfN2LdQQAAMHmgww (envelope-from ); Mon, 21 Mar 2022 02:14:33 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 From: "NeilBrown" To: "Chuck Lever III" Cc: "Benjamin Coddington" , "Steve Dickson" , "Linux NFS Mailing List" , "Trond Myklebust" Subject: Re: [PATCH v2] nfs.man: document requirements for NFSv4 identity In-reply-to: <9D0A7A61-BCF4-4A1B-B462-5F1402EE0B2E@oracle.com> References: <164721984672.11933.15475930163427511814@noble.neil.brown.name>, , <164730488811.11933.18315180827167871419@noble.neil.brown.name>, <9A7BF2ED-E125-4FEF-B984-C343C9E142F0@oracle.com>, <164756881642.24302.4153094189268832687@noble.neil.brown.name>, <9D0A7A61-BCF4-4A1B-B462-5F1402EE0B2E@oracle.com> Date: Mon, 21 Mar 2022 13:14:29 +1100 Message-id: <164782886934.24302.3305618822276162890@noble.neil.brown.name> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Sat, 19 Mar 2022, Chuck Lever III wrote: > > Here are some suggestions that might make it simpler to implement. > > 1. Ben's tool manufactures the uniqifier if the file doesn't > already exist. That seems somewhat racy. Instead, why not > make installation utilities responsible for creating the > uniquifier? We need some guarantee that when a VM is cloned, > the uniquifier is replaced, for instance; that's well > outside nfs-utils' sphere of influence. You say "the file" like that is a well defined concept. It isn't. In the context of a container we don't even know if there is *any* stable local storage. The existence of "the file" is as much out side of nfs-util's sphere of influence as the cloning of a VM is. At least the cloning of a VM is, or soon will be (https://lwn.net/Articles/887207/), within the sphere of influence of the NFS kernel module. It will be able to detect the fork and .... do something. Maybe disable access to all existing mounts and refuse new mounts until 'identity' has been set. If NFS had always required identity to be set in a container before allowing mounts, then the udev approach could work and we would be in a much better place. But none of us knew that then, and it is too late for that now (is it?). This conversation seems to be going around in circles and not getting anywhere. As as I have no direct interest (the SUSE bugzilla has precisely 1 bug relating to NFS and non-unique hostnames, and the customer seemed to accept the requirement of unique hostnames) I am going to bow out. I might post one more attempt at a documentation update ... or I might not. Thanks, NeilBrown