diff mbox series

[2/2] mountd: never root squash on the pseudofs

Message ID 1606958097-9041-2-git-send-email-bfields@fieldses.org (mailing list archive)
State New, archived
Headers show
Series [1/2] mountd: allow high ports on all pseudofs exports | expand

Commit Message

J. Bruce Fields Dec. 3, 2020, 1:14 a.m. UTC 
From: "J. Bruce Fields" <bfields@redhat.com>

As with security flavors and "secure" ports, we tried to code this so
that pseudofs directories would inherit root squashing from their
children, but it doesn't really work as coded and I'm not sure it's
useful.

Let's just not root squash.  The risk is pretty low since the pseudofs
is readonly, and we'd rather not risk failing a mount unnecessarily.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
 utils/mountd/v4root.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

Comments

Steve Dickson Dec. 26, 2020, 7:32 p.m. UTC | #1 
On 12/2/20 8:14 PM, bfields@fieldses.org wrote:
> From: "J. Bruce Fields" <bfields@redhat.com>
> 
> As with security flavors and "secure" ports, we tried to code this so
> that pseudofs directories would inherit root squashing from their
> children, but it doesn't really work as coded and I'm not sure it's
> useful.
> 
> Let's just not root squash.  The risk is pretty low since the pseudofs
> is readonly, and we'd rather not risk failing a mount unnecessarily.
> 
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
My apologies for taking so long to get to this... I lost it in the weeds ;-)

Both patches Committed!

steved. 
> ---
>  utils/mountd/v4root.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> index 39dd87a94e59..c42ba72380ea 100644
> --- a/utils/mountd/v4root.c
> +++ b/utils/mountd/v4root.c
> @@ -34,7 +34,7 @@ static nfs_export pseudo_root = {
>  	.m_export = {
>  		.e_hostname = "*",
>  		.e_path = "/",
> -		.e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
> +		.e_flags = NFSEXP_READONLY
>  				| NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
>  				| NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT,
>  		.e_anonuid = 65534,
> @@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo)
>  	struct flav_info *flav;
>  	int i;
>  
> -	if ((flags & NFSEXP_ROOTSQUASH) == 0)
> -		pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
>  	for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
>  		struct sec_entry *new;
>  
>
diff mbox series

Patch

diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index 39dd87a94e59..c42ba72380ea 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -34,7 +34,7 @@  static nfs_export pseudo_root = {
 	.m_export = {
 		.e_hostname = "*",
 		.e_path = "/",
-		.e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
+		.e_flags = NFSEXP_READONLY
 				| NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
 				| NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT,
 		.e_anonuid = 65534,
@@ -60,8 +60,6 @@  set_pseudofs_security(struct exportent *pseudo)
 	struct flav_info *flav;
 	int i;
 
-	if ((flags & NFSEXP_ROOTSQUASH) == 0)
-		pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
 	for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
 		struct sec_entry *new;