Project

General

Profile

Bug #12505

Answer KEBE question about cred in unexport()

Added by Dan McDonald 7 months ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
nfs - NFS server and client
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

There are two /* XXX KEBE */ comments in illumos-gate that arrived with the nfs-zone push. One is easy to just remove. The other, in unexport(), asks a question worth investigating:

        /*                                                                      
         * XXX KEBE ASKS --> Should CRED() instead be                           
         * exi->exi_zone->zone_kcred?                                           
         */
        if (exi == ne->exi_public) {
                ne->exi_public = ne->exi_root;

                nfslog_share_record(ne->exi_public, CRED());
        }

Files

12505.patch (2.01 KB) 12505.patch Dan McDonald, 2020-04-15 05:33 PM

Related issues

Related to illumos gate - Feature #11083: support NFS server in zoneClosed

Actions
Related to illumos gate - Bug #12278: nfs-zone needs man page changesClosed

Actions

History

#1

Updated by Marcel Telka 7 months ago

#2

Updated by Dan McDonald 6 months ago

  • Related to Bug #12278: nfs-zone needs man page changes added
#3

Updated by Dan McDonald 6 months ago

I apologize for leaving KEBE comments in illumos-gate. They are my own notation, and are supposed to be removed prior to any push.

#4

Updated by Vitaliy Gusev 6 months ago

Dan McDonald wrote:

I apologize for leaving KEBE comments in illumos-gate. They are my own notation, and are supposed to be removed prior to any push.

It can be removed by coming nfs4.1 code.

#5

Updated by Dan McDonald 6 months ago

Vitaliy Gusev wrote:

Dan McDonald wrote:

I apologize for leaving KEBE comments in illumos-gate. They are my own notation, and are supposed to be removed prior to any push.

It can be removed by coming nfs4.1 code.

I have a fix coming for review very soon. Easy enough to test and review.

#6

Updated by Yuri Pankov 6 months ago

Vitaliy Gusev wrote:

Dan McDonald wrote:

I apologize for leaving KEBE comments in illumos-gate. They are my own notation, and are supposed to be removed prior to any push.

It can be removed by coming nfs4.1 code.

Coming when/where from?

#7

Updated by Dan McDonald 6 months ago

Yuri Pankov wrote:

Coming when/where from?

I was hoping for testing later this week, but I'll have to punt to next. Attaching my first-cut patch.

#8

Updated by Dan McDonald 2 months ago

After some mailing list debate, here's what's going to happen:

- unexport() is getting a 3rd parameter, cred_t *cr.

- The syscall for unexport() is trivial to pass the callers cred_t into unexport().

- The ZSD shutdown method for a zone needs to identify the zone's kcred. Since it's a shutdown method, the zone_t itself (which holds the zone's kcred) is always there, and a call to zone_get_kcred(zoneid) will retrieve it. Then it can be passed into unexport().

Thanks Robert & Gordon for their help with this.

Tested on SmartOS with only an NGZ that does NFS sharing. Tested zone shutdown multiple ways (zoneadm, in-zone commands, system reboot, vmadm(1M)) to make sure nothing shocking or different presented to the administrator.

#9

Updated by Electric Monk 2 months ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 06260e34c28df0a3a191e42e1b51c9de745b3510

commit  06260e34c28df0a3a191e42e1b51c9de745b3510
Author: Dan McDonald <danmcd@joyent.com>
Date:   2020-08-14T22:39:21.000Z

    12505 Answer KEBE question about cred in unexport()
    Reviewed by: Gordon Ross <gordon.w.ross@gmail.com>
    Reviewed by: Evan Layton <elayton@tintri.com>
    Approved by: Robert Mustacchi <rm@fingolfin.org>

Also available in: Atom PDF