On Mon, Dec 19, 2022 at 9:36 AM Bjoern A. Zeeb wrote:
> On Mon, 19 Dec 2022, Rick Macklem wrote:
> [good stuff snipped]
> > Unfortunately, this does not deal with vnet'ng the kgssapi, rpcsec_gss
> for
> > Kerberized mounts or vnet'ng NFS-over-TLS, but those could be handled in
> a
> > similar man
On Mon, 19 Dec 2022, Rick Macklem wrote:
Hi,
Kostik expressed some concern w.r.t. using a non-default VNET_NFSD kernel
build option and I understand his concern, given that many prefer to use
a GENERIC kernel and binary updates.
yes, I may have hinted towards that (at least in my mind) during
Hi,
Kostik expressed some concern w.r.t. using a non-default VNET_NFSD kernel
build option and I understand his concern, given that many prefer to use
a GENERIC kernel and binary updates.
Right now there are 29 NFS variables VNET_DEFINED() and several of them
are arrays currently sized at 500. On
I think this is worthy of third party testing now.
See https://people.freebsd.org/~rmacklem/nfsd-vnet-prison-setup.txt
I still haven't tried NFSv3 and I have not ported nfsuserd into the vnet,
but most NFSv4 setups don't need it anyhow.
Good luck with it if you test it, rick
ps: Just replied to a
> To enforce it for cases where mountd/nfsd is not being run would
> definitely be a POLA violation.
I could not agree more.
Thanks for the clarification.
--
Olivier Certner
On Fri, Dec 2, 2022 at 2:03 AM Olivier Certner
wrote:
> Hi,
>
> > (snip)
> >
> > #2 - Require separate file systems and run mountd inside the jail(s).
> >
> > I think that allowing both alternatives would be too confusing
> > and it seems that most want mountd to run within the jail(s).
> > As su
On Fri, 02 Dec 2022 11:03:01 +0100
Olivier Certner wrote:
> Hi,
>
> > (snip)
> >
> > #2 - Require separate file systems and run mountd inside the
> > jail(s).
> >
> > I think that allowing both alternatives would be too confusing
> > and it seems that most want mountd to run within the jail(s).
Hi,
> (snip)
>
> #2 - Require separate file systems and run mountd inside the jail(s).
>
> I think that allowing both alternatives would be too confusing
> and it seems that most want mountd to run within the jail(s).
> As such, unless others prefer #1, I think #2 is the way to go.
Just to be sur
On 2022-12-01 17:32, Rick Macklem wrote:
On Thu, Dec 1, 2022 at 8:23 AM Chris wrote:
On 2022-11-29 16:21, Rick Macklem wrote:
> On Sun, Nov 27, 2022 at 10:04 AM Peter Eriksson
wrote:
>
>> Keep the global variables as defaults that apply to all nfsds and allow
>> (at least some subset) to be o
On Thu, Dec 1, 2022 at 8:23 AM Chris wrote:
> On 2022-11-29 16:21, Rick Macklem wrote:
> > On Sun, Nov 27, 2022 at 10:04 AM Peter Eriksson
> wrote:
> >
> >> Keep the global variables as defaults that apply to all nfsds and allow
> >> (at least some subset) to be overridden inside the net jails i
On Thu, Dec 1, 2022 at 2:01 AM Milan Obuch wrote:
> On Thu, 01 Dec 2022 10:29:25 +0100
> Alexander Leidinger wrote:
>
> > Quoting Alan Somers (from Tue, 29 Nov 2022
> > 17:28:10 -0700):
> >
> > > On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem
> > > wrote:
> >
> > >> So, what do others think of e
On Thu, Dec 1, 2022 at 1:29 AM Alexander Leidinger
wrote:
>
> Quoting Alan Somers (from Tue, 29 Nov 2022
> 17:28:10 -0700):
>
> > On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem
> wrote:
>
> >> So, what do others think of enforcing the requirement that each jail
> >> have its own file systems for
On 2022-12-01 08:37, Alan Somers wrote:
I don't care for any of it. It looks like additional overhead with the
addition of potential security risks. All for a very limited (and as yet
unknown) use case.
Here's an example of a real-world use case. I'm responsible for
supporting multiple product
> I don't care for any of it. It looks like additional overhead with the
> addition of potential security risks. All for a very limited (and as yet
> unknown) use case.
Here's an example of a real-world use case. I'm responsible for
supporting multiple products involving NFS, iSCSI, and other
pro
On 2022-11-29 16:21, Rick Macklem wrote:
On Sun, Nov 27, 2022 at 10:04 AM Peter Eriksson wrote:
Keep the global variables as defaults that apply to all nfsds and allow
(at least some subset) to be overridden inside the net jails if some things
need to be changed from the defaults?
This is pre
On Thu, Dec 1, 2022 at 2:30 AM Alexander Leidinger
wrote:
>
> Quoting Alan Somers (from Tue, 29 Nov 2022
> 17:28:10 -0700):
>
> > On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem
> wrote:
>
> >> So, what do others think of enforcing the requirement that each jail
> >> have its own file systems for
On Thu, 01 Dec 2022 10:29:25 +0100
Alexander Leidinger wrote:
> Quoting Alan Somers (from Tue, 29 Nov 2022
> 17:28:10 -0700):
>
> > On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem
> > wrote:
>
> >> So, what do others think of enforcing the requirement that each
> >> jail have its own file sy
Quoting Alan Somers (from Tue, 29 Nov 2022
17:28:10 -0700):
On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem wrote:
So, what do others think of enforcing the requirement that each jail
have its own file systems for this?
I think that's a totally reasonable requirement. Especially so for
On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem wrote:
>
>
>
> On Sun, Nov 27, 2022 at 10:04 AM Peter Eriksson wrote:
>>
>> Keep the global variables as defaults that apply to all nfsds and allow (at
>> least some subset) to be overridden inside the net jails if some things need
>> to be changed f
On Sun, Nov 27, 2022 at 10:04 AM Peter Eriksson wrote:
> Keep the global variables as defaults that apply to all nfsds and allow
> (at least some subset) to be overridden inside the net jails if some things
> need to be changed from the defaults?
>
> This is pretty much a reply to one of the post
On Fri, Nov 25, 2022 at 9:06 PM Alan Somers wrote:
>
>
> On Fri, Nov 25, 2022, 4:24 PM Rick Macklem wrote:
>
>> Hi,
>>
>> bz@ has encouraged me to fiddle with the nfsd
>> so that it works in a vnet jail.
>> I have now basically done so, specifically for
>> NFSv4, since NFSv3 presents various iss
On 11/27/22 11:13 AM, Bjoern A. Zeeb wrote:
On Sun, 27 Nov 2022, James Gritton wrote:
On 2022-11-25 15:17, Rick Macklem wrote:
Hi,
bz@ has encouraged me to fiddle with the nfsd
so that it works in a vnet jail.
I have now basically done so, specifically for
NFSv4, since NFSv3 presents various
On Sun, 27 Nov 2022, James Gritton wrote:
On 2022-11-25 15:17, Rick Macklem wrote:
Hi,
bz@ has encouraged me to fiddle with the nfsd
so that it works in a vnet jail.
I have now basically done so, specifically for
NFSv4, since NFSv3 presents various issues.
What I have not yet done is put glo
On 2022-11-25 15:17, Rick Macklem wrote:
Hi,
bz@ has encouraged me to fiddle with the nfsd
so that it works in a vnet jail.
I have now basically done so, specifically for
NFSv4, since NFSv3 presents various issues.
What I have not yet done is put global variables
in the vnet. This needs to be
Keep the global variables as defaults that apply to all nfsds and allow (at
least some subset) to be overridden inside the net jails if some things need to
be changed from the defaults?
- Peter
On Fri, Nov 25, 2022, 4:24 PM Rick Macklem mailto:rick.mack...@gmail.com>> wrote:
> Hi,
>
> bz@ has
On Fri, Nov 25, 2022, 4:24 PM Rick Macklem wrote:
> Hi,
>
> bz@ has encouraged me to fiddle with the nfsd
> so that it works in a vnet jail.
> I have now basically done so, specifically for
> NFSv4, since NFSv3 presents various issues.
>
> What I have not yet done is put global variables
> in the
Hi,
bz@ has encouraged me to fiddle with the nfsd
so that it works in a vnet jail.
I have now basically done so, specifically for
NFSv4, since NFSv3 presents various issues.
What I have not yet done is put global variables
in the vnet. This needs to be done so that the nfsd
can be run in multiple
27 matches
Mail list logo
