From: "Frank Filz" <ffilzlnx@mindspring.com>
To: "'Bruce Fields'" <bfields@fieldses.org>
Cc: "'Kernel NFS List'" <linux-nfs@vger.kernel.org>,
"'Ganesha NFS List'" <nfs-ganesha-devel@lists.sourceforge.net>
Subject: RE: pynfs updates
Date: Tue, 1 Oct 2013 11:42:31 -0400 [thread overview]
Message-ID: <007201cebebc$d83f4fc0$88bdef40$@mindspring.com> (raw)
In-Reply-To: <20131001143051.GH26382@fieldses.org>
> One more problem: CSID10 is failing against the Linux server with
> NFS4ERR_TOO_MANY_OPS, because each of those lookups is actually a full
> lookup from PUTROOTFH to /, resulting in 17 ops on my setup. Could we
> maybe work relative to the parent directory instead?
Sure, I'll rework that one.
> > A better test might actually be to do LOOKUP down to home and even
> > into tmp, looking for a junction, and then do the
> > SECINFO_NO_NAME(parent) on the directory handle just across the
> junction if one was found.
>
> Yeah it'd be nice to check that cross-filesystem case but I don't think
it's
> necessary (and you still have to deal with the case where a mountpoint's
not
> found).
Well, the cross file system case is actually where you would need to use
SECINFO_NO_NAME. For some reason, you just have a handle to a directory
inside the export and want to navigate back up the tree. In doing so, you
cross back over a junction to a file system that is exported with a
different security flavor.
On the other hand, generally that higher level file system should include
all the security flavors used by the lower level file systems. Unless
SECINFO_NO_NAME lets you cross a junction where the new file system doesn't
have security flavors in common with the upper level file system, but I
don't think it does. Does anyone know the rationale of SECINFO_NO_NAME
(parent)? In fact is there really any use of SECINFO_NO_NAME other than to
get the secinfo for the root or public file handle? I guess it does also
allow a client to recover from the security flavors for a given file system
being changed on the fly (or perhaps after a migration event).
> If tests at mountpoints were useful perhaps we could pass in a mountpoint
> on the commandline. Or add some sort of export-configuration interface to
> the serverhelper script and let pynfs setup exports itself.
Frank
next prev parent reply other threads:[~2013-10-01 15:42 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-30 18:17 pynfs updates Frank Filz
2013-09-30 22:11 ` Bruce Fields
2013-09-30 23:54 ` Frank Filz
2013-10-01 14:26 ` 'Bruce Fields'
2013-10-01 14:30 ` 'Bruce Fields'
2013-10-01 15:42 ` Frank Filz [this message]
2013-10-01 19:05 ` Frank Filz
2013-10-02 11:36 ` 'Bruce Fields'
2013-10-02 15:58 ` Frank Filz
2013-10-01 18:21 ` Frank Filz
2013-10-01 18:45 ` 'Bruce Fields'
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='007201cebebc$d83f4fc0$88bdef40$@mindspring.com' \
--to=ffilzlnx@mindspring.com \
--cc=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
--cc=nfs-ganesha-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).