Buyer Beware: A Major Change in NFS (in Rawhide) is about to happen

Mon Nov 2 19:23:40 UTC 2009

On 11/02/2009 10:41 AM, Doug Ledford wrote:
> On 10/29/2009 11:17 AM, Steve Dickson wrote:
>>
>>
>> On 10/28/2009 03:05 PM, Roland McGrath wrote:
>>> It sounds like you are saying that there is no way to export the same
>>> host filesystems with the same client-perceived names under v4 as was
>>> being done before under v[23].  Is that really true?
>> With Pre-F12 servers... Yeah... 
>>
>> The V4 protocol requires a 'pseudo root' to be defined. Other servers simply 
>> make '/' the pseudo root which allows all exports just to work with all versions.
>> The Linux server have the feature of being able to define the pseudo root with 
>> the use of the 'fsid=0' export option. A feature none of the other servers 
>> have. 
> 
> Except that when the other servers create a pseudo root, they don't
> *also* expose that pseudo root.  I'm fairly strongly of the opinion that
> our NFS server should do the same thing: don't expose the pseudo root as
> an actual mount.
I believe the F-12 kernel does the right thing... just like the 
all the other servers do... 

> 
>> Unfortunately, there was no forethought as to what happens when a
>> pseudo root is not defined, until recently... Patches in both the
>> F-12 kernel and rpc.mountd now dynamically allocate a pseudo root
>> when one is not defined... Basically meaning '/' becomes the pseudo 
>> root when there is no fsid=0 export option.
> 
> And does this explicitly export the / filesystem?  I would certainly
> hope not as that could surprise the hell out of an admin when his /
> filesystem is now exposed when it didn't use to be.
Well the fsid=0 is documented in the man page but the answer 
to your question is yes... 

> 
>>>
>>> My old /etc/exports is:
>>>
>>> /mirror                        *(ro,insecure,sync,mp,all_squash)
>>>
>>> So clients mount server:/mirror to see my /mirror directory's contents.
>>> No other /foo directory is exported or visible at all to clients, and
>>> that's how it should stay.
>>>
>>> How do I get the same results for v4 clients?
>> Use a F-12 server or added the '/ *(ro,fsid=0)' export entry like:
>>
>> /                              *(ro,fsid=0)
>> /mirror                        *(ro,insecure,sync,mp,all_squash)
> 
> I'm perfectly fine with adding the entry to the exports file, but I
> think the fsid=0 export entry should be a non-functioning entry other
> than setting the pseudo root.  As you've described it so far, it also
> happens to be a live export and I think that's wrong and should be fixed.
I'm not sure about this... Actually I like the fact we can define a 
pseudo root other than '/'... which means you really want a live exported
directory with the fsid=0 option... If I am understanding what you are 
saying...

steved.