From: "J. Bruce Fields" <bfields@fieldses.org>
To: "Myklebust, Trond" <Trond.Myklebust@netapp.com>
Cc: Stanislav Kinsbursky <skinsbursky@parallels.com>,
Christoph Hellwig <hch@infradead.org>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"devel@openvz.org" <devel@openvz.org>,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: Re: [PATCH v3] SUNRPC: set desired file system root before connecting local transports
Date: Wed, 14 Nov 2012 16:54:26 -0500 [thread overview]
Message-ID: <20121114215426.GC539@fieldses.org> (raw)
In-Reply-To: <4FA345DA4F4AE44899BD2B03EEEC2FA9092E0AE9@SACEXCMBX04-PRD.hq.netapp.com>
On Wed, Nov 14, 2012 at 09:51:33PM +0000, Myklebust, Trond wrote:
> On Wed, 2012-11-14 at 16:42 -0500, J. Bruce Fields wrote:
> > Simo's patches use them for upcalls to svcgssd. Those will always be
> > done from server threads.
>
> Any reason why you can't set that up when you start nfsd?
Oh, right, I was thinking of the upcalls themselves--right, the connect
we should be able to do on server start, I agree.
>
> > > If not, then let's just move
> > > the AF_LOCAL connection back into the process context and out of rpciod.
> >
> > Remind me how this helps?
>
> rpciod shares the 'init' process net namespace and chroot properties.
> If, however you call bind() from the (containerised) process that was
> used to start nfsd, then you will be using filesystem root (and net
> namespace) of that container.
Got it.
--b.
>
> > --b.
> >
> > >
> > > That implies that the process needs to be privileged, but it needs
> > > privileges in order to start RPC daemons anyway.
>
> --
> Trond Myklebust
> Linux NFS client maintainer
>
> NetApp
> Trond.Myklebust@netapp.com
> www.netapp.com
next prev parent reply other threads:[~2012-11-14 21:54 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-08 10:56 [PATCH v3] SUNRPC: set desired file system root before connecting local transports Stanislav Kinsbursky
2012-10-09 19:35 ` J. Bruce Fields
2012-10-09 19:49 ` Myklebust, Trond
2012-10-09 19:49 ` Myklebust, Trond
2012-10-09 20:20 ` Eric W. Biederman
2012-10-09 22:31 ` J. Bruce Fields
2012-10-09 22:47 ` Eric W. Biederman
2012-10-10 1:23 ` J. Bruce Fields
2012-10-10 10:32 ` Stanislav Kinsbursky
2012-10-26 17:52 ` J. Bruce Fields
2012-10-10 2:00 ` Eric W. Biederman
2012-10-10 5:09 ` Stanislav Kinsbursky
2012-10-10 5:03 ` Stanislav Kinsbursky
2012-11-06 10:14 ` Stanislav Kinsbursky
2012-11-06 12:06 ` J. Bruce Fields
2012-11-06 12:11 ` Stanislav Kinsbursky
2012-11-06 13:05 ` J. Bruce Fields
2012-11-06 12:40 ` Christoph Hellwig
2012-11-06 13:07 ` J. Bruce Fields
2012-11-06 13:10 ` Christoph Hellwig
2012-11-06 13:36 ` J. Bruce Fields
2012-11-07 18:33 ` J. Bruce Fields
2012-11-12 8:37 ` Stanislav Kinsbursky
2012-11-14 21:01 ` J. Bruce Fields
2012-11-14 21:36 ` Myklebust, Trond
2012-11-14 21:36 ` Myklebust, Trond
2012-11-14 21:42 ` J. Bruce Fields
2012-11-14 21:51 ` Myklebust, Trond
2012-11-14 21:51 ` Myklebust, Trond
2012-11-14 21:54 ` J. Bruce Fields [this message]
2012-11-15 6:14 ` Eric W. Biederman
2012-11-15 13:34 ` Myklebust, Trond
2012-11-15 13:34 ` Myklebust, Trond
2012-11-15 18:58 ` J. Bruce Fields
2012-11-15 8:35 ` Stanislav Kinsbursky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121114215426.GC539@fieldses.org \
--to=bfields@fieldses.org \
--cc=Trond.Myklebust@netapp.com \
--cc=devel@openvz.org \
--cc=ebiederm@xmission.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=skinsbursky@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.