| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Jan 2009 15:20:46 -0500 From: "J. Bruce Fields" <bfields@...ldses.org> To: "Serge E. Hallyn" <serue@...ibm.com> Cc: Matt Helsley <matthltc@...ibm.com>, Linux Containers <containers@...ts.linux-foundation.org>, linux-nfs@...r.kernel.org, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Trond Myklebust <trond.myklebust@....uio.no>, Chuck Lever <chuck.lever@...cle.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Linux Containers <containers@...ts.osdl.org>, Cedric Le Goater <clg@...ibm.com> Subject: Re: [RFC][PATCH 2/4] sunrpc: Use utsnamespaces On Tue, Jan 06, 2009 at 02:02:29PM -0600, Serge E. Hallyn wrote: > Quoting Matt Helsley (matthltc@...ibm.com): > > We can often specify the UTS namespace to use when starting an RPC client. > > However sometimes no UTS namespace is available (specifically during system > > shutdown as the last NFS mount in a container is unmounted) so fall > > back to the initial UTS namespace. > > So what happens if we take this patch and do nothing else? > > The only potential problem situation will be rpc requests > made on behalf of a container in which the last task has > exited, right? So let's say a container did an nfs mount > and then exits, causing an nfs umount request. > > That umount request will now be sent with the wrong nodename. > Does that actually cause problems, will the server use the > nodename to try and determine the client sending the request? This is just the machine name in the auth_unix credential? The linux server ignores that completely (for the purpose of auth_unix authenication, it identifies clients only by source ip address). I suspect other servers also ignore it, but I don't know. --b. > > thanks, > -serge > > > Signed-off-by: Matt Helsley <matthltc@...ibm.com> > > Cc: Cedric Le Goater <clg@...ibm.com> > > Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org> > > Cc: linux-nfs@...r.kernel.org > > Cc: Trond Myklebust <trond.myklebust@....uio.no> > > Cc: Chuck Lever <chuck.lever@...cle.com> > > Cc: Eric W. Biederman <ebiederm@...ssion.com> > > Cc: Linux Containers <containers@...ts.osdl.org> > > > > --- > > net/sunrpc/clnt.c | 7 +++++-- > > 1 file changed, 5 insertions(+), 2 deletions(-) > > > > Index: linux-2.6.28/net/sunrpc/clnt.c > > =================================================================== > > --- linux-2.6.28.orig/net/sunrpc/clnt.c > > +++ linux-2.6.28/net/sunrpc/clnt.c > > @@ -128,6 +128,7 @@ static struct rpc_clnt * rpc_new_client( > > struct rpc_version *version; > > struct rpc_clnt *clnt = NULL; > > struct rpc_auth *auth; > > + struct new_utsname *uts_ns = init_utsname(); > > int err; > > size_t len; > > > > @@ -213,10 +214,12 @@ static struct rpc_clnt * rpc_new_client( > > } > > > > /* save the nodename */ > > - clnt->cl_nodelen = strlen(init_utsname()->nodename); > > + if (current->nsproxy != NULL) > > + uts_ns = utsname(); > > + clnt->cl_nodelen = strlen(uts_ns->nodename); > > if (clnt->cl_nodelen > UNX_MAXNODENAME) > > clnt->cl_nodelen = UNX_MAXNODENAME; > > - memcpy(clnt->cl_nodename, init_utsname()->nodename, clnt->cl_nodelen); > > + memcpy(clnt->cl_nodename, uts_ns->nodename, clnt->cl_nodelen); > > rpc_register_client(clnt); > > return clnt; > > > > > > -- > > _______________________________________________ > > Containers mailing list > > Containers@...ts.linux-foundation.org > > https://lists.linux-foundation.org/mailman/listinfo/containers -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists