From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: References: <73CCEA09-C492-439D-9E8A-AA2BA9CB93DB@ar.aichi-u.ac.jp> <5E232682-7ABD-4564-96C1-89B1540FC4E2@ar.aichi-u.ac.jp> <23396C1E-C0AC-4DC5-B511-97B307ECB3A4@ar.aichi-u.ac.jp> Date: Sun, 14 Feb 2016 13:00:54 +1100 Message-ID: From: Prof Brucee To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: multipart/alternative; boundary=001a113db22446b99d052bb14529 Subject: Re: [9fans] bug in exportfs Topicbox-Message-UUID: 8415d298-ead9-11e9-9d60-3106f5b1d025 --001a113db22446b99d052bb14529 Content-Type: text/plain; charset=UTF-8 Totally agree. I've never needed exportfs filtering. It's not in the patent. On 14/02/2016 1:27 AM, "Charles Forsyth" wrote: > > On 22 December 2015 at 10:02, arisawa wrote: > >> >> The difficulty is in the pattern matching rule. >> If we want to export only /usr/glenda, then the pattern matching filer >> must pass >> /usr >> /usr/glenda >> and must not pass >> /usr/ >> > > I really wonder about the pattern-matching code being there at all. > Without it, exportfs is constrained by the authenticated user's > permissions, within the exported name space, > and that's enforced by the operating system (system calls). > To export only /usr/glenda, I'd build a name space that has only > /usr/glenda in it, and export that. > > The read-only option is enforced by exportfs itself, but at the 9P level: > it's not too hard to enumerate > the messages and options that do not cause modifications and reject all > others (although exportfs wasn't updated to include an > option added later to open). Still, that can be got right once for all by > exportfs. > --001a113db22446b99d052bb14529 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Totally agree. I've never needed exportfs filtering. It&= #39;s not in the patent.

On 14/02/2016 1:27 AM, "Charles Forsyth&quo= t; <charles.forsyth@gmail.c= om> wrote:

On= 22 December 2015 at 10:02, arisawa <arisawa@ar.aichi-u.ac.jp&g= t; wrote:

The difficulty is in the pattern matching rule.
If we want to export only /usr/glenda, then the pattern matching filer must= pass
/usr
/usr/glenda
and must not pass
/usr/

I really wonder about the pattern-matching = code being there at all.
Without it, export= fs is constrained by the authenticated user's permissions, within the e= xported name space,
and that's enforced= by the operating system (system calls).
To= export only /usr/glenda, I'd build a name space that has only /usr/gle= nda in it, and export that.

The read-only option is enforced by exportfs itself, = but at the 9P level: it's not too hard to enumerate
the messages and options that do not cause modifications and r= eject all others (although exportfs wasn't updated to include an
<= div class=3D"gmail_extra">option added later to open). Still, that can be g= ot right once for all by exportfs.
--001a113db22446b99d052bb14529--