On Tue, 2026-01-13 at 06:54 -0800, Christoph Hellwig wrote: > On Tue, Jan 13, 2026 at 09:54:15AM +0100, Christian Brauner wrote: > > I don't think we want to expose cgroupfs via NFS that's super weird. > > It's like remote partial resource management and it would be very > > strange if a remote process suddenly would be able to move things around > > in the cgroup tree. So I would prefer to not do this. > > > > So my preference would be to really sever file handles from the export > > mechanism so that we can allow stuff like pidfs and nsfs and cgroupfs to > > use file handles via name_to_handle_at() and open_by_handle_at() without > > making them exportable. > > I don't understand this discussion. If someone really wants to > expose say cgroupfs to the network they'll find a way, be that using > a userspace nfs server, samba, 9p or a custom fuse thing. What's the > benefit of explicitly prohibiting a knfsd export? > > (not that I think any of this makes much sense to start with)
Fair point, but it's not that hard to conceive of a situation where someone inadvertantly exports cgroupfs or some similar filesystem: Could you end up exporting /sys if it's bind mounted into a container somewhere? Bear in mind that exportfs does allow mountpoint crossing, etc. nfsd is a network service, so I think the kernel needs to be quite conservative about what filehandles it can access. -- Jeff Layton <[email protected]>
