lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ce418800f06aa61a7f47f0d19394988f87a3da07.camel@kernel.org>
Date: Tue, 13 Jan 2026 12:06:42 -0500
From: Jeff Layton <jlayton@...nel.org>
To: Christoph Hellwig <hch@...radead.org>, Christian Brauner
	 <brauner@...nel.org>
Cc: Amir Goldstein <amir73il@...il.com>, Chuck Lever
 <chuck.lever@...cle.com>,  Jan Kara <jack@...e.cz>, Luis de Bethencourt
 <luisbg@...nel.org>, Salah Triki <salah.triki@...il.com>,  Nicolas Pitre
 <nico@...xnic.net>, Anders Larsen <al@...rsen.net>, Alexander Viro
 <viro@...iv.linux.org.uk>,  David Sterba <dsterba@...e.com>, Chris Mason
 <clm@...com>, Gao Xiang <xiang@...nel.org>, Chao Yu	 <chao@...nel.org>, Yue
 Hu <zbestahu@...il.com>, Jeffle Xu	 <jefflexu@...ux.alibaba.com>, Sandeep
 Dhavale <dhavale@...gle.com>, Hongbo Li	 <lihongbo22@...wei.com>, Chunhai
 Guo <guochunhai@...o.com>, Jan Kara	 <jack@...e.com>, Theodore Ts'o
 <tytso@....edu>, Andreas Dilger	 <adilger.kernel@...ger.ca>, Jaegeuk Kim
 <jaegeuk@...nel.org>, OGAWA Hirofumi	 <hirofumi@...l.parknet.co.jp>, David
 Woodhouse <dwmw2@...radead.org>,  Richard Weinberger	 <richard@....at>,
 Dave Kleikamp <shaggy@...nel.org>, Ryusuke Konishi	
 <konishi.ryusuke@...il.com>, Viacheslav Dubeyko <slava@...eyko.com>, 
 Konstantin Komarov <almaz.alexandrovich@...agon-software.com>, Mark Fasheh
 <mark@...heh.com>, Joel Becker	 <jlbec@...lplan.org>, Joseph Qi
 <joseph.qi@...ux.alibaba.com>, Mike Marshall	 <hubcap@...ibond.com>, Martin
 Brandenburg <martin@...ibond.com>, Miklos Szeredi	 <miklos@...redi.hu>,
 Phillip Lougher <phillip@...ashfs.org.uk>, Carlos Maiolino	
 <cem@...nel.org>, Hugh Dickins <hughd@...gle.com>, Baolin Wang	
 <baolin.wang@...ux.alibaba.com>, Andrew Morton <akpm@...ux-foundation.org>,
  Namjae Jeon <linkinjeon@...nel.org>, Sungjong Seo
 <sj1557.seo@...sung.com>, Yuezhang Mo	 <yuezhang.mo@...y.com>, Alexander
 Aring <alex.aring@...il.com>, Andreas Gruenbacher <agruenba@...hat.com>,
 Jonathan Corbet <corbet@....net>, "Matthew Wilcox (Oracle)"	
 <willy@...radead.org>, Eric Van Hensbergen <ericvh@...nel.org>, Latchesar
 Ionkov <lucho@...kov.net>, Dominique Martinet <asmadeus@...ewreck.org>,
 Christian Schoenebeck	 <linux_oss@...debyte.com>, Xiubo Li
 <xiubli@...hat.com>, Ilya Dryomov	 <idryomov@...il.com>, Trond Myklebust
 <trondmy@...nel.org>, Anna Schumaker	 <anna@...nel.org>, Steve French
 <sfrench@...ba.org>, Paulo Alcantara	 <pc@...guebit.org>, Ronnie Sahlberg
 <ronniesahlberg@...il.com>, Shyam Prasad N	 <sprasad@...rosoft.com>, Tom
 Talpey <tom@...pey.com>, Bharath SM	 <bharathsm@...rosoft.com>, Hans de
 Goede <hansg@...nel.org>, 	linux-kernel@...r.kernel.org,
 linux-fsdevel@...r.kernel.org, 	linux-btrfs@...r.kernel.org,
 linux-erofs@...ts.ozlabs.org, 	linux-ext4@...r.kernel.org,
 linux-f2fs-devel@...ts.sourceforge.net, 	linux-mtd@...ts.infradead.org,
 jfs-discussion@...ts.sourceforge.net, 	linux-nilfs@...r.kernel.org,
 ntfs3@...ts.linux.dev, ocfs2-devel@...ts.linux.dev, 
	devel@...ts.orangefs.org, linux-unionfs@...r.kernel.org, 
	linux-xfs@...r.kernel.org, linux-mm@...ck.org, gfs2@...ts.linux.dev, 
	linux-doc@...r.kernel.org, v9fs@...ts.linux.dev,
 ceph-devel@...r.kernel.org, 	linux-nfs@...r.kernel.org,
 linux-cifs@...r.kernel.org, 	samba-technical@...ts.samba.org
Subject: Re: [PATCH 00/24] vfs: require filesystems to explicitly opt-in to
 lease support

On Tue, 2026-01-13 at 06:54 -0800, Christoph Hellwig wrote:
> On Tue, Jan 13, 2026 at 09:54:15AM +0100, Christian Brauner wrote:
> > I don't think we want to expose cgroupfs via NFS that's super weird.
> > It's like remote partial resource management and it would be very
> > strange if a remote process suddenly would be able to move things around
> > in the cgroup tree. So I would prefer to not do this.
> > 
> > So my preference would be to really sever file handles from the export
> > mechanism so that we can allow stuff like pidfs and nsfs and cgroupfs to
> > use file handles via name_to_handle_at() and open_by_handle_at() without
> > making them exportable.
> 
> I don't understand this discussion.  If someone really wants to
> expose say cgroupfs to the network they'll find a way, be that using
> a userspace nfs server, samba, 9p or a custom fuse thing.  What's the
> benefit of explicitly prohibiting a knfsd export?
> 
> (not that I think any of this makes much sense to start with)

Fair point, but it's not that hard to conceive of a situation where
someone inadvertantly exports cgroupfs or some similar filesystem:

Could you end up exporting /sys if it's bind mounted into a container
somewhere? Bear in mind that exportfs does allow mountpoint crossing,
etc.

nfsd is a network service, so I think the kernel needs to be quite
conservative about what filehandles it can access.
-- 
Jeff Layton <jlayton@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ