kernel-tls-handshake.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
* [PATCH v2 0/4] nfs-utils changes for RPC-with-TLS
@ 2023-03-29 14:08 Chuck Lever
  2023-03-29 14:08 ` [PATCH v2 1/4] libexports: Fix whitespace damage in support/nfs/exports.c Chuck Lever
                   ` (5 more replies)
  0 siblings, 6 replies; 9+ messages in thread
From: Chuck Lever @ 2023-03-29 14:08 UTC (permalink / raw)
  To: SteveD; +Cc: linux-nfs, rick.macklem, kernel-tls-handshake

Hi Steve-

This is client- and server-side nfs-utils support for RPC-with-TLS.
The client side support at this point is only a man page update
since the kernel handles mount option processing itself.

The server implementation can support both the opportunistic use of
transport layer security (it will be used if the client cares to),
and the required use of transport layer security (the server
requires the client to use it to access a particular export).

Without any other user space componentry, this implementation is
able to handle clients that request the use of RPC-with-TLS. To
support security policies that restrict access to exports based on
the client's use of TLS, modifications to exportfs and mountd are
needed. These are contained in this post, and can also be found
here:

git://git.linux-nfs.org/projects/cel/nfs-utils.git

The kernel patches, along with the handshake upcall, are carried in
the topic-rpc-with-tls-upcall branch available from:

https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git

Soon I hope to compose a new man page in Section 7 that will provide
an overview and quick set-up guidance for NFS's use of RPC-with-TLS.


Changes since v1:
- Addressed Jeff's review comments
- Updated nfs.man as well

---

Chuck Lever (4):
      libexports: Fix whitespace damage in support/nfs/exports.c
      exports: Add an xprtsec= export option
      exports(5): Describe the xprtsec= export option
      nfs(5): Document the new "xprtsec=" mount option


 support/export/cache.c       |  15 ++++++
 support/include/nfs/export.h |  14 +++++
 support/include/nfslib.h     |  14 +++++
 support/nfs/exports.c        | 100 ++++++++++++++++++++++++++++++++---
 utils/exportfs/exportfs.c    |   1 +
 utils/exportfs/exports.man   |  51 +++++++++++++++++-
 utils/mount/nfs.man          |  34 +++++++++++-
 7 files changed, 219 insertions(+), 10 deletions(-)

--
Chuck Lever


^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2023-04-15 17:57 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-29 14:08 [PATCH v2 0/4] nfs-utils changes for RPC-with-TLS Chuck Lever
2023-03-29 14:08 ` [PATCH v2 1/4] libexports: Fix whitespace damage in support/nfs/exports.c Chuck Lever
2023-03-29 14:08 ` [PATCH v2 2/4] exports: Add an xprtsec= export option Chuck Lever
2023-03-29 14:08 ` [PATCH v2 3/4] exports(5): Describe the " Chuck Lever
2023-03-29 14:08 ` [PATCH v2 4/4] nfs(5): Document the new "xprtsec=" mount option Chuck Lever
2023-04-05 16:40 ` [PATCH v2 0/4] nfs-utils changes for RPC-with-TLS Steve Dickson
2023-04-05 16:45   ` Chuck Lever III
2023-04-05 20:09     ` Steve Dickson
2023-04-15 17:57 ` Steve Dickson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).