diff options
author | J. Bruce Fields <bfields@citi.umich.edu> | 2009-12-24 15:51:20 -0500 |
---|---|---|
committer | Steve Dickson <steved@redhat.com> | 2010-01-13 15:39:14 -0500 |
commit | 948cd2fb7983a4970132a97463b7928399bc51de (patch) | |
tree | 587327fe1cfc969e54e2f5f86117e2750808cd91 /utils/mountd | |
parent | 3b777b084a438f55482c8bf7508903ff4c30e1db (diff) | |
download | nfs-utils-948cd2fb7983a4970132a97463b7928399bc51de.tar.gz nfs-utils-948cd2fb7983a4970132a97463b7928399bc51de.tar.xz nfs-utils-948cd2fb7983a4970132a97463b7928399bc51de.zip |
mountd: prefer non-V4ROOT exports.
If paths A and A/B are both exported, then we have a choice of exports
to return for A (or under A but still above A/B): we could return A
itself, or we could return a V4ROOT export leading to B.
For now, we will always prefer the non-V4ROOT export, whenever that is
an option. This will allow clients to reach A/B as long as
adminstrators keep to the rule that the security on a parent permits the
union of the access permitted on any descendant.
In the future we may support more complicated arrangements.
(Note: this can't be avoided by simply not creating v4root exports with
the same domain and path, because different domains may have some
overlap.)
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Diffstat (limited to 'utils/mountd')
-rw-r--r-- | utils/mountd/cache.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c index 2468bc5..d63e10a 100644 --- a/utils/mountd/cache.c +++ b/utils/mountd/cache.c @@ -657,6 +657,11 @@ static nfs_export *lookup_export(char *dom, char *path, struct hostent *he) found_type = i; continue; } + + /* Always prefer non-V4ROOT mounts */ + if (found->m_export.e_flags & NFSEXP_V4ROOT) + continue; + /* If one is a CROSSMOUNT, then prefer the longest path */ if (((found->m_export.e_flags & NFSEXP_CROSSMOUNT) || (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)) && |