From: Stanislav Kinsbursky <skinsbursky@parallels.com>
To: Simo Sorce <simo@redhat.com>
Cc: "J. Bruce Fields" <bfields@fieldses.org>,
"bfields@redhat.com" <bfields@redhat.com>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH 3/4] SUNRPC: Add RPC based upcall mechanism for RPCGSS auth
Date: Tue, 22 May 2012 17:32:01 +0400 [thread overview]
Message-ID: <4FBB9551.9010407@parallels.com> (raw)
In-Reply-To: <1337692966.16840.181.camel@willson.li.ssimo.org>
On 22.05.2012 17:22, Simo Sorce wrote:
> On Tue, 2012-05-22 at 17:17 +0400, Stanislav Kinsbursky wrote:
>> On 22.05.2012 17:00, Simo Sorce wrote:
>>> On Tue, 2012-05-22 at 08:47 -0400, J. Bruce Fields wrote:
>>>> Have you and Stanislav talked about fitting this with the ongoing
>>>> container work?
>>>
>>> No, I wanted to make it work for the normal case first, I assume it will
>>> be simple enough to change the code to work with containers later.
>>> Main reason is that I have no way to test containerized stuff.
>>>
>>
>>
>> It's not that hard to "containerize" this code.
>> All you need is to bypass rqstp->rq_xprt->xpt_net to gssp_rpc_create().
>> I.e. either add net as a parameter to
>> gssp_accept_sec_context_upcall()->gssp_call()->get_clnt()->gssp_rpc_create()
>> prototypes or pass it as a part of gssp_upcall_data structure and then pass as a
>> parameter to gssp_call()->get_clnt()->gssp_rpc_create().
>>
>> This will suits you. I.e. I'm sure that you'll not experience any changes
>> comparing to current behavior.
>
> This should be easy enough.
>
>>> If I understand it correctly, all is needed is to allow attaching to
>>> different sockets for different containers ?
>>>
>>
>> Sorry, but I don't understand the sentence.
>> Starting from kernel 3.3 SUNRPC layer if fully containerized. I.e. all network
>> related resources now carefully allocated and destroyed per and with network
>> namespace.
>> And it would be really great, if the layer will remain containerized in future.
>
> I need guidance here. I need to know what it means to 'remain
> containerized', does it mean I need to do something special for the
> socket handling ?
>
It actually means, that no hard-coded init_net references should appear - and
that's all. Required network context have to be taken from currently existent
objects (like RPC client, RPC service, etc) and, if not available (it's very
rare case - like NFS mount call), from current->nsproxy->net_ns.
You don't need to do anything special except this.
There will be a problem with your patches in container, because you are using
unix socket. But this problem is not in your patches but in unix sockets
themselves. So don't worry about it.
> Keep in mind I started working on these patches before any
> containerization code was added to SUNRPC, and I have no knowledge
> whatsoever of containers and what are their constraints.
>
> Simo.
>
--
Best regards,
Stanislav Kinsbursky
next prev parent reply other threads:[~2012-05-22 13:32 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-15 13:12 [PATCH 0/4] Add support for new upcall mechanism for nfsd Simo Sorce
2012-05-15 13:12 ` [PATCH 1/4] SUNRPC: conditionally return endtime from import_sec_context Simo Sorce
2012-05-21 21:52 ` J. Bruce Fields
2012-05-15 13:12 ` [PATCH 2/4] SUNRPC: Document a bit RPCGSS handling in the NFS Server Simo Sorce
2012-05-21 21:55 ` J. Bruce Fields
2012-05-22 0:37 ` Simo Sorce
2012-05-15 13:12 ` [PATCH 3/4] SUNRPC: Add RPC based upcall mechanism for RPCGSS auth Simo Sorce
2012-05-22 12:47 ` J. Bruce Fields
2012-05-22 13:00 ` Simo Sorce
2012-05-22 13:17 ` Stanislav Kinsbursky
2012-05-22 13:22 ` Simo Sorce
2012-05-22 13:32 ` Stanislav Kinsbursky [this message]
2012-05-22 14:20 ` J. Bruce Fields
2012-05-22 14:44 ` Stanislav Kinsbursky
2012-05-22 15:07 ` J. Bruce Fields
2012-05-22 15:16 ` Simo Sorce
2012-05-22 15:31 ` J. Bruce Fields
2012-05-22 15:44 ` Simo Sorce
2012-05-22 15:19 ` Stanislav Kinsbursky
2012-05-22 18:11 ` J. Bruce Fields
2012-05-22 18:41 ` Stanislav Kinsbursky
2012-05-22 14:58 ` Simo Sorce
2012-05-22 15:10 ` Stanislav Kinsbursky
2012-05-22 15:18 ` Simo Sorce
2012-05-22 15:23 ` Stanislav Kinsbursky
2012-05-22 13:00 ` Stanislav Kinsbursky
2012-05-22 15:02 ` J. Bruce Fields
2012-05-22 15:15 ` Simo Sorce
2012-05-22 15:29 ` J. Bruce Fields
2012-05-22 15:40 ` Simo Sorce
2012-05-22 22:49 ` J. Bruce Fields
2012-05-22 22:52 ` Simo Sorce
2012-05-22 15:03 ` J. Bruce Fields
2012-05-22 15:12 ` Simo Sorce
2012-05-22 15:24 ` J. Bruce Fields
2012-05-22 15:36 ` Simo Sorce
2012-05-15 13:12 ` [PATCH 4/4] SUNRPC: Use gssproxy upcall for nfsd's RPCGSS authentication Simo Sorce
2012-05-22 22:48 ` J. Bruce Fields
2012-05-24 4:31 ` Simo Sorce
2012-05-24 11:08 ` J. Bruce Fields
2012-05-24 13:19 ` Simo Sorce
2012-05-25 14:05 ` J. Bruce Fields
2012-05-25 15:37 ` Simo Sorce
2012-05-25 22:09 [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd Simo Sorce
2012-05-25 22:09 ` [PATCH 3/4] SUNRPC: Add RPC based upcall mechanism for RPCGSS auth Simo Sorce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FBB9551.9010407@parallels.com \
--to=skinsbursky@parallels.com \
--cc=bfields@fieldses.org \
--cc=bfields@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=simo@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.