Totally agree. I've never needed exportfs filtering. It's not in the patent. On 14/02/2016 1:27 AM, "Charles Forsyth" <charles.fors...@gmail.com> wrote:
> > On 22 December 2015 at 10:02, arisawa <aris...@ar.aichi-u.ac.jp> wrote: > >> >> The difficulty is in the pattern matching rule. >> If we want to export only /usr/glenda, then the pattern matching filer >> must pass >> /usr >> /usr/glenda >> and must not pass >> /usr/ >> > > I really wonder about the pattern-matching code being there at all. > Without it, exportfs is constrained by the authenticated user's > permissions, within the exported name space, > and that's enforced by the operating system (system calls). > To export only /usr/glenda, I'd build a name space that has only > /usr/glenda in it, and export that. > > The read-only option is enforced by exportfs itself, but at the 9P level: > it's not too hard to enumerate > the messages and options that do not cause modifications and reject all > others (although exportfs wasn't updated to include an > option added later to open). Still, that can be got right once for all by > exportfs. >
