From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: linux-nfs-owner@vger.kernel.org Received: from relay.parallels.com ([195.214.232.42]:57688 "EHLO relay.parallels.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751422Ab2EVPTh (ORCPT ); Tue, 22 May 2012 11:19:37 -0400 Message-ID: <4FBBAE81.9010708@parallels.com> Date: Tue, 22 May 2012 19:19:29 +0400 From: Stanislav Kinsbursky MIME-Version: 1.0 To: "J. Bruce Fields" CC: Simo Sorce , "bfields@redhat.com" , "linux-nfs@vger.kernel.org" Subject: Re: [PATCH 3/4] SUNRPC: Add RPC based upcall mechanism for RPCGSS auth References: <1337087550-9821-1-git-send-email-simo@redhat.com> <1337087550-9821-4-git-send-email-simo@redhat.com> <20120522124728.GB891@fieldses.org> <1337691607.16840.178.camel@willson.li.ssimo.org> <4FBB91EE.3010307@parallels.com> <1337692966.16840.181.camel@willson.li.ssimo.org> <4FBB9551.9010407@parallels.com> <20120522142035.GC891@fieldses.org> <4FBBA667.4090409@parallels.com> <20120522150748.GF891@fieldses.org> In-Reply-To: <20120522150748.GF891@fieldses.org> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Sender: linux-nfs-owner@vger.kernel.org List-ID: On 22.05.2012 19:07, J. Bruce Fields wrote: > On Tue, May 22, 2012 at 06:44:55PM +0400, Stanislav Kinsbursky wrote: >> Yep, we discussed it already. >> The problem is that connect call to unix sockets is done from rpciod >> workqueue because of selinux restrictions. >> IOW UNIX socket path will be traversed staring from rpciod kernel >> thread root. Currently this problem is existent for portmapper >> registration calls - for example LockD, started in container with >> nested root, will be registered in global rpcbind instead of local >> (container's) one. > > Thanks for the reminder! > >> One of solutions was to export set_fs_root(), but Al Viro doesn't like it. >> >> So currently I'm thinking about patching network layer - i.e. >> implementing an ability to pass desired path to unix sockets connect >> and bind calls. >> IOW, I'm talking about introducing of "bindat" and "connectat" system calls... > > So then we'd resolve the path in the right context and pass down a > (vfsmount, dentry) that rpciod could use in bindat/connectat calls? > A kind of this, yes. Of course, if community will accept the idea. Actually, bindat/connectat will be user space interfaces (they will be useful for out CRIU project and also will allow to remove UNIX socket path length limitation to 108 bytes). On kernel level I'm going to add some way to pass "struct path" to connect/bind calls. >>> In particular: the current svcgssd communication method is using one of >>> the sunrpc caches. If we convert now to this method (which uses a unix >>> socket) would there be a loss in functionality, until the unix sockets >>> problems are fixed? >>> >> >> I'm afraid, that you are right... >> This new client will connect to root daemon - not containerized one... >> How soon this new unix-socket way will become common practice? >> Maybe I'd be able to patch unix sockets before distro's will use this new version. >> But I don't know, what would be best to do... > > Ugh. > > Simo, remind me of the reasons for using a unix socket? > Just a reminder: abstract (is it the right name?) UNIX sockets (with '\0' as a first character in name) are containerized already. If UNIX socket is the only way. then maybe this "abstract" socket can be used? > --b. -- Best regards, Stanislav Kinsbursky