From: Steve Dickson <steved@redhat.com>
To: Chuck Lever <cel@kernel.org>
Cc: linux-nfs@vger.kernel.org, rick.macklem@gmail.com,
kernel-tls-handshake@lists.linux.dev
Subject: Re: [PATCH v2 0/4] nfs-utils changes for RPC-with-TLS
Date: Wed, 5 Apr 2023 12:40:13 -0400 [thread overview]
Message-ID: <1c59beaf-63b6-ee39-b339-339a0c7e72b9@redhat.com> (raw)
In-Reply-To: <168009806320.2522.10415374334827613451.stgit@manet.1015granger.net>
Hey Chuck,
On 3/29/23 10:08 AM, Chuck Lever wrote:
> Hi Steve-
>
> This is client- and server-side nfs-utils support for RPC-with-TLS.
> The client side support at this point is only a man page update
> since the kernel handles mount option processing itself.
>
> The server implementation can support both the opportunistic use of
> transport layer security (it will be used if the client cares to),
> and the required use of transport layer security (the server
> requires the client to use it to access a particular export).
>
> Without any other user space componentry, this implementation is
> able to handle clients that request the use of RPC-with-TLS. To
> support security policies that restrict access to exports based on
> the client's use of TLS, modifications to exportfs and mountd are
> needed. These are contained in this post, and can also be found
> here:
>
> git://git.linux-nfs.org/projects/cel/nfs-utils.git
>
> The kernel patches, along with the handshake upcall, are carried in
> the topic-rpc-with-tls-upcall branch available from:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git
Just wondering if these patch should wait until the kernel
patches reach mainline (aka rawhide)?
steved.
>
> Soon I hope to compose a new man page in Section 7 that will provide
> an overview and quick set-up guidance for NFS's use of RPC-with-TLS.
>
>
> Changes since v1:
> - Addressed Jeff's review comments
> - Updated nfs.man as well
>
> ---
>
> Chuck Lever (4):
> libexports: Fix whitespace damage in support/nfs/exports.c
> exports: Add an xprtsec= export option
> exports(5): Describe the xprtsec= export option
> nfs(5): Document the new "xprtsec=" mount option
>
>
> support/export/cache.c | 15 ++++++
> support/include/nfs/export.h | 14 +++++
> support/include/nfslib.h | 14 +++++
> support/nfs/exports.c | 100 ++++++++++++++++++++++++++++++++---
> utils/exportfs/exportfs.c | 1 +
> utils/exportfs/exports.man | 51 +++++++++++++++++-
> utils/mount/nfs.man | 34 +++++++++++-
> 7 files changed, 219 insertions(+), 10 deletions(-)
>
> --
> Chuck Lever
>
next prev parent reply other threads:[~2023-04-05 16:40 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-29 14:08 [PATCH v2 0/4] nfs-utils changes for RPC-with-TLS Chuck Lever
2023-03-29 14:08 ` [PATCH v2 1/4] libexports: Fix whitespace damage in support/nfs/exports.c Chuck Lever
2023-03-29 14:08 ` [PATCH v2 2/4] exports: Add an xprtsec= export option Chuck Lever
2023-03-29 14:08 ` [PATCH v2 3/4] exports(5): Describe the " Chuck Lever
2023-03-29 14:08 ` [PATCH v2 4/4] nfs(5): Document the new "xprtsec=" mount option Chuck Lever
2023-04-05 16:40 ` Steve Dickson [this message]
2023-04-05 16:45 ` [PATCH v2 0/4] nfs-utils changes for RPC-with-TLS Chuck Lever III
2023-04-05 20:09 ` Steve Dickson
2023-04-15 17:57 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1c59beaf-63b6-ee39-b339-339a0c7e72b9@redhat.com \
--to=steved@redhat.com \
--cc=cel@kernel.org \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=linux-nfs@vger.kernel.org \
--cc=rick.macklem@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).