tech-kern: Re: MNT_NOSHARE for non-exportable fs [was: Removing tmpfs' experimental status

Subject: Re: MNT_NOSHARE for non-exportable fs [was: Removing tmpfs' experimental status
To: Julio M. Merino Vidal <jmmv84@gmail.com>
From: M J Fleming <mjf@netbsd.org>
List: tech-kern
Date: 11/01/2006 22:48:32
--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Oct 30, 2006 at 06:24:49PM +0100, Julio M. Merino Vidal wrote:
> On 10/30/06, M J Fleming <mjf@netbsd.org> wrote:
> >On Mon, Oct 30, 2006 at 03:15:32PM +0200, Elad Efrat wrote:
> >> Steven M. Bellovin wrote:
> >> > On Mon, 30 Oct 2006 14:57:52 +0200, Elad Efrat <elad@NetBSD.org> wrote:
> >> >
> >> >> off-list
> >>
> >> heh, thought I got rid of that bad habit :)
> >>
> >> >>
> >> >> YAMAMOTO Takashi wrote:
> >> >>> can you consider to revert the change?
> >> >> was there really a consensus against it?
> >> >>
> >> >> the last mail on this thread is mine:
> >> >>
> >> >> http://mail-index.netbsd.org/tech-kern/2006/10/25/0028.html
> >> >>
> >> >> and there's an open question in it (to smb@)...
> >> >>
> >> > Sorry, I thought I'd answered.
> >> >
> >> > No, I don't have an answer I'm happy with; I regard it as a research
> >> > question.
> >>
> >> we can address that using fileassoc(9), or at least that'd be a start..
> >>
> >> > I stand by the main point in the note of mine you were
> >> > responding to: "no export" as a security flag is a bad idea.
> >>
> >> are we using it as a security flag?
> >>
> >
> >jmmv, are you ok with the solution I've used to solve the export and tmpfs
> >problem? If not, I'll revert my changes. If yes, the discussion in this 
> >thread
> >should continue, anyway.
> 
> I don't like this.  This "noexport" flag is something that the admin
> has to set manually.  And if he has to do that, he can just as well
> avoid adding that specific file system to exports.  I mean, the file
> system is exported because the admin wants to, not because something
> out of his control decides to do it.
> 
> However, it'd be different if this noexport option was set by the file
> system driver itself (I think this is what others suggested and is
> what I had in mind a long time ago during the rototill).  This way,
> tmpfs (or any other file system that wanted to for whatever reason)
> could say "hey, I don't want to be exported", and then you could not
> export it in any way.
> 

Attached is a patch that I hope is closer to what you wanted, jmmv. In this
patch tmpfs declares that it cannot be exported.

Matt

--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="noexport.diff"

Index: sys/fs/tmpfs/tmpfs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/tmpfs/tmpfs_vfsops.c,v
retrieving revision 1.15
diff -u -r1.15 tmpfs_vfsops.c
--- sys/fs/tmpfs/tmpfs_vfsops.c	12 Oct 2006 01:32:14 -0000	1.15
+++ sys/fs/tmpfs/tmpfs_vfsops.c	1 Nov 2006 15:32:43 -0000
@@ -181,6 +181,7 @@
 
 	mp->mnt_data = tmp;
 	mp->mnt_flag |= MNT_LOCAL;
+	mp->mnt_iflag |= IMNT_NOEXPORT;
 	mp->mnt_stat.f_namemax = MAXNAMLEN;
 	vfs_getnewfsid(mp);
 
Index: sys/kern/vfs_syscalls.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.276
diff -u -r1.276 vfs_syscalls.c
--- sys/kern/vfs_syscalls.c	1 Nov 2006 10:17:59 -0000	1.276
+++ sys/kern/vfs_syscalls.c	1 Nov 2006 15:32:45 -0000
@@ -181,6 +181,11 @@
 	 * lock this vnode again, so make the lock recursive.
 	 */
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_SETRECURSE);
+	if ((SCARG(uap, flags) & MNT_EXPORT) &&
+	    (vp->v_mount->mnt_iflag & IMNT_NOEXPORT)) {
+		vput(vp);
+		return (EPERM);
+	}
 	if (SCARG(uap, flags) & (MNT_UPDATE | MNT_GETARGS)) {
 		if ((vp->v_flag & VROOT) == 0) {
 			vput(vp);
Index: sys/sys/fstypes.h
===================================================================
RCS file: /cvsroot/src/sys/sys/fstypes.h,v
retrieving revision 1.16
diff -u -r1.16 fstypes.h
--- sys/sys/fstypes.h	31 Oct 2006 08:12:46 -0000	1.16
+++ sys/sys/fstypes.h	1 Nov 2006 15:32:45 -0000
@@ -207,6 +207,7 @@
 #define	IMNT_SUSPENDLOW	0x00000010	/* request lower write suspension */
 #define	IMNT_SUSPENDED	0x00000020	/* write operations are suspended */
 #define	IMNT_DTYPE	0x00000040	/* returns d_type fields */
+#define	IMNT_NOEXPORT	0x00000080	/* cannot export filesystem */
 
 #define __MNT_FLAGS \
 	__MNT_BASIC_FLAGS \
@@ -251,6 +252,7 @@
 
 #define __IMNT_FLAG_BITS \
 	"\20" \
+	"\10IMNT_NOEXPORT" \
 	"\07IMNT_DTYPE" \
 	"\06IMNT_SUSPENDED" \
 	"\05IMNT_SUSPENDLOW" \
Index: sys/nfs/nfs_export.c
===================================================================
RCS file: /cvsroot/src/sys/nfs/nfs_export.c,v
retrieving revision 1.21
diff -u -r1.21 nfs_export.c
--- sys/nfs/nfs_export.c	31 Oct 2006 08:12:46 -0000	1.21
+++ sys/nfs/nfs_export.c	1 Nov 2006 15:32:45 -0000
@@ -705,6 +705,8 @@
 	int error;
 
 	if (argp->ex_flags & MNT_EXPORTED) {
+		if (mp->mnt_iflag & IMNT_NOEXPORT)
+			return (EPERM);
 		if (argp->ex_flags & MNT_EXPUBLIC) {
 			if ((error = setpublicfs(mp, nep, argp)) != 0)
 				return error;

--RnlQjJ0d97Da+TV1--