[v3,00/11] Add the "[exports] rootdir" option to nfs.conf

Message ID	20190528203122.11401-1-trond.myklebust@hammerspace.com (mailing list archive)
Headers	show Return-Path: <linux-nfs-owner@kernel.org> From: Trond Myklebust <trondmy@gmail.com> To: SteveD@redhat.com Cc: linux-nfs@vger.kernel.org Subject: [PATCH v3 00/11] Add the "[exports] rootdir" option to nfs.conf Date: Tue, 28 May 2019 16:31:11 -0400 Message-Id: <20190528203122.11401-1-trond.myklebust@hammerspace.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk
Series	Add the "[exports] rootdir" option to nfs.conf \| expand [v3,00/11] Add the "[exports] rootdir" option to nfs.conf [v3,01/11] mountd: Ensure we don't share cache file descriptors among processes. [v3,02/11] Add a simple workqueue mechanism [v3,03/11] Allow callers to check mountpoint status using a custom lstat function [v3,04/11] Add utilities for resolving nfsd paths and stat()ing them [v3,05/11] Use xstat() with no synchronisation if available [v3,06/11] Add helpers to read/write to a file through the chrooted thread [v3,07/11] Add a helper to return the real path given an export entry [v3,08/11] Add support for the "[exports] rootdir" nfs.conf option to rpc.mountd [v3,09/11] Add support for the "[exports] rootdir" nfs.conf option to exportfs [v3,10/11] Add a helper for resolving symlinked nfsd paths via realpath() [v3,11/11] Fix up symlinked mount path resolution when "[exports] rootdir" is set

Message ID

20190528203122.11401-1-trond.myklebust@hammerspace.com (mailing list archive)

Headers

From: Trond Myklebust <trondmy@gmail.com>
To: SteveD@redhat.com
Cc: linux-nfs@vger.kernel.org
Subject: [PATCH v3 00/11] Add the "[exports] rootdir" option to nfs.conf
Date: Tue, 28 May 2019 16:31:11 -0400
Message-Id: <20190528203122.11401-1-trond.myklebust@hammerspace.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk

Series

Add the "[exports] rootdir" option to nfs.conf | expand

Message

Trond Myklebust May 28, 2019, 8:31 p.m. UTC

The following patchset adds support for the "rootdir" configuration
option for nfsd in the "[exports]" section in /etc/nfs.conf.

If a user sets this option to a valid directory path, then nfsd will
act as if it is confined to a chroot jail based on that directory.
All paths in /etc/exports and the exportfs utility are then resolved
relative to that directory.

Trond Myklebust (11):
  mountd: Ensure we don't share cache file descriptors among processes.
  Add a simple workqueue mechanism
  Allow callers to check mountpoint status using a custom lstat function
  Add utilities for resolving nfsd paths and stat()ing them
  Use xstat() with no synchronisation if available
  Add helpers to read/write to a file through the chrooted thread
  Add a helper to return the real path given an export entry
  Add support for the "[exports] rootdir" nfs.conf option to rpc.mountd
  Add support for the "[exports] rootdir" nfs.conf option to exportfs
  Add a helper for resolving symlinked nfsd paths via realpath()
  Fix up symlinked mount path resolution when "[exports] rootdir" is set

 aclocal/libpthread.m4       |  13 +-
 configure.ac                |   6 +-
 nfs.conf                    |   3 +
 support/export/export.c     |  24 +++
 support/include/Makefile.am |   3 +
 support/include/exportfs.h  |   1 +
 support/include/misc.h      |   7 +-
 support/include/nfsd_path.h |  21 +++
 support/include/nfslib.h    |   1 +
 support/include/workqueue.h |  18 +++
 support/include/xstat.h     |  11 ++
 support/misc/Makefile.am    |   3 +-
 support/misc/mountpoint.c   |   8 +-
 support/misc/nfsd_path.c    | 289 ++++++++++++++++++++++++++++++++++++
 support/misc/workqueue.c    | 228 ++++++++++++++++++++++++++++
 support/misc/xstat.c        | 105 +++++++++++++
 support/nfs/exports.c       |   4 +
 systemd/nfs.conf.man        |  20 ++-
 utils/exportfs/Makefile.am  |   2 +-
 utils/exportfs/exportfs.c   |  11 +-
 utils/mountd/Makefile.am    |   3 +-
 utils/mountd/cache.c        |  63 +++++---
 utils/mountd/mountd.c       |  24 +--
 23 files changed, 819 insertions(+), 49 deletions(-)
 create mode 100644 support/include/nfsd_path.h
 create mode 100644 support/include/workqueue.h
 create mode 100644 support/include/xstat.h
 create mode 100644 support/misc/nfsd_path.c
 create mode 100644 support/misc/workqueue.c
 create mode 100644 support/misc/xstat.c

Comments

Steve Dickson June 10, 2019, 1:53 p.m. UTC | #1

On 5/28/19 4:31 PM, Trond Myklebust wrote:
> The following patchset adds support for the "rootdir" configuration
> option for nfsd in the "[exports]" section in /etc/nfs.conf.
> 
> If a user sets this option to a valid directory path, then nfsd will
> act as if it is confined to a chroot jail based on that directory.
> All paths in /etc/exports and the exportfs utility are then resolved
> relative to that directory.
> 
> Trond Myklebust (11):
>   mountd: Ensure we don't share cache file descriptors among processes.
>   Add a simple workqueue mechanism
>   Allow callers to check mountpoint status using a custom lstat function
>   Add utilities for resolving nfsd paths and stat()ing them
>   Use xstat() with no synchronisation if available
>   Add helpers to read/write to a file through the chrooted thread
>   Add a helper to return the real path given an export entry
>   Add support for the "[exports] rootdir" nfs.conf option to rpc.mountd
>   Add support for the "[exports] rootdir" nfs.conf option to exportfs
>   Add a helper for resolving symlinked nfsd paths via realpath()
>   Fix up symlinked mount path resolution when "[exports] rootdir" is set
> 
>  aclocal/libpthread.m4       |  13 +-
>  configure.ac                |   6 +-
>  nfs.conf                    |   3 +
>  support/export/export.c     |  24 +++
>  support/include/Makefile.am |   3 +
>  support/include/exportfs.h  |   1 +
>  support/include/misc.h      |   7 +-
>  support/include/nfsd_path.h |  21 +++
>  support/include/nfslib.h    |   1 +
>  support/include/workqueue.h |  18 +++
>  support/include/xstat.h     |  11 ++
>  support/misc/Makefile.am    |   3 +-
>  support/misc/mountpoint.c   |   8 +-
>  support/misc/nfsd_path.c    | 289 ++++++++++++++++++++++++++++++++++++
>  support/misc/workqueue.c    | 228 ++++++++++++++++++++++++++++
>  support/misc/xstat.c        | 105 +++++++++++++
>  support/nfs/exports.c       |   4 +
>  systemd/nfs.conf.man        |  20 ++-
>  utils/exportfs/Makefile.am  |   2 +-
>  utils/exportfs/exportfs.c   |  11 +-
>  utils/mountd/Makefile.am    |   3 +-
>  utils/mountd/cache.c        |  63 +++++---
>  utils/mountd/mountd.c       |  24 +--
>  23 files changed, 819 insertions(+), 49 deletions(-)
>  create mode 100644 support/include/nfsd_path.h
>  create mode 100644 support/include/workqueue.h
>  create mode 100644 support/include/xstat.h
>  create mode 100644 support/misc/nfsd_path.c
>  create mode 100644 support/misc/workqueue.c
>  create mode 100644 support/misc/xstat.c
> 
Committed!

steved.