nfs xprtsec conflicting with squashing

["Patrick M." <s7mon@web.de>]

Hi there,

tried switching to nfs with kernel TLS (mTLS to be specific).
Without xprtsec i was able to use the following options on exports

"rw,async,all_squash,no_subtree_check,anonuid=1000,anongid=100,fsid=6,sec=sys"

but both the squashing/mapping-ids seems to conflict with TLS and i wanted to understand if this is by intention or a bug.
And if it is by intention of course why - because in my understanding auth and encryption of the mount itself would not contradict with the mapping functionality.

I now use "rw,async,no_subtree_check,fsid=6,sec=sys,xprtsec=mtls" and it is working. Using no_root_squash also seems to conflict.

Keeping ID-Mapping i get this on client side

	mount.nfs: Operation not permitted for server:/mnt/target on /mnt/target

And nothing i could relate as cause on server side (happy to provide specific logs if needed, even with nfsd or rpc flags with rpcdump i could not see a cause).
Tlshd showed also succes in both scenarios (handshake successfull) and i can use all options as well if i remove the xprtsec on server side.

Client:
Linux 6.11.
nfs-utils-2.7.1

Server:
Linux 6.5.52
nfs-utils-2.7.1

Sorry if i missed this in documentation, if so i'd appreciate the hint where i should look in detail
and thanks for this feature!


--
best regards
Patrick M.