Hi,
While working on getting mountd/nfsd to run in a vnet
prison, I came across the following lines near the
beginning of vfs_domount() in sys/kern/vfs_mount.c:
if (fsflags & MNT_EXPORTED) {
error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED);
if (error)
return (error);
}
#1 - Since MNT_EXPORTED is never set in fsflags, this code never
gets executed.
--> I am asking what to do with the above code, since that
changes for the patch that allows mountd to run in a vnet
prison.
#2 - priv_check(td, PRIV_VFS_MOUNT_EXPORTED) always returns 0
because nothing in sys/kern/kern_priv.c checks
PRIV_VFS_MOUNT_EXPORTED.
I don't know what the original author's thinking was w.r.t. this.
Setting exports already checks that the mount operation can be
done by the requestor.
So, what do you think should be done with the above code snippet?
- Consider it cruft and delete it.
- Try and figure out what PRIV_VFS_MOUNT_EXPORTED should check?
- Leave it as is. After the patch that allows mountd to run in
a vnet prison, MNT_EXPORTED will be set in fsflags, but the
priv_check() call will just return 0. (A little overhead,
but otherwise no semantics change.)
rick
