lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:	Thu, 31 Mar 2011 02:46:44 -0500
From:	Rob Landley <rlandley@...allels.com>
To:	<linux-kernel@...r.kernel.org>, <linux-nfs@...r.kernel.org>,
	<containers@...ts.linux-foundation.org>,
	Trond Myklebust <Trond.Myklebust@...app.com>,
	Tim Spriggs <tims@...irise.org>,
	Kir Kolyshkin <kir@...allels.com>,
	Pavel Emelyanov <xemul@...allels.com>
Subject: [PATCH 0/3] Fix NFSv3 to work with network namespaces.

This patch series makes NFSv3 work inside an lxc container that uses a
different network namespace than the host.

The series contains three patches.  The first adds network namespace
information to the NFSv3 code under fs/nfs (copying the network context
from the mount process during options parsing, saving it with
appropriate reference counting in the persistent nfs_client struct, and
supplying it to the RPC functions).  The second and third patches add
additional network namespace information to the sunrpc code under
net/sunrpc (which already had partial support for network namespaces).

1) Add network context to struct nfs_client and make NFSv3 use it.
2) Supply network namespace to rpcbind.
3) Compare network namespace in auth_unix cache address checks.

My containers test environment setup is described at:

  http://landley.net/lxc

I exported the NFS share from the "Laptop" layer using knfsd with the
/etc/exports line:

  /home/landley/nfs 192.168.254.2(rw,no_root_squash,insecure)

And the mount command I ran in the container is:

  mount -t nfs -o nfsvers=3 10.0.2.2:/home/landley/nfs nfstest

(You don't need the -o if you haven't compiled NFSv4 support into your
kernel.)

I've tested NFSv2 and NFSv3 with UDP and TCP transports.  This series
does not address using NFSv4, pNFS, or knfsd from container context.
I haven't fixed lockd or kerberos authentication yet.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ