[PATCH 0/5] Dynamic Pseudo Root
Gabriel Barazer
gabriel at oxeva.fr
Mon Feb 18 15:17:19 EST 2008
On 02/18/2008 8:50:15 PM +0100, "J. Bruce Fields" <bfields at fieldses.org>
wrote:
> On Mon, Feb 18, 2008 at 08:41:37PM +0100, Gabriel Barazer wrote:
>> On 02/18/2008 7:58:36 PM +0100, Trond Myklebust
>> <trond.myklebust at fys.uio.no> wrote:
> ...
>>> For instance, currently with NFSv3, I can have rules like
>>>
>>> /foo/bar client1
>>> /foo/bar/baz client1, client2
>>>
>>> How can you encode this topology if you want the pseudo-fs to be a
>>> separate filesystem? You'd have to have 2 different namespaces, one for
>>> client1, and one for client2.
> ...
>> About your example:
>> pseudoroot fs contains /foo/bar only (as /foo/bar/baz is a subdirectory
>> of /foo/bar, it is supposed to already physically exist). client1 see
>> its authorized exports, as well as client2 will see /foo/bar, but will
>> only be allowed to mount /foo/bar/baz.
>
> So if client2 does a readdir on /foo/bar, what does it see?
Good question.
The right way would be to display only "baz" when doing readdir on
/foo/bar, and display only "bar" with a readdir on /foo.
Technically, we would have to check first if client2 is allowed to see
/foo/bar:
1- look for "/foo/bar" in the allowed exports for client2
-> found it: check finished
-> nothing: see #2
2- Look for exports (for client2) beginning with the "/foo/bar" prefix
-> found it/some: check finished, we list only it/them
-> nothing: permission error
Gabriel
More information about the NFSv4
mailing list