Pseudofilesystem improvements

From Linux NFS

(Difference between revisions)
Jump to: navigation, search
(Solving the problem in mountd)
Line 31: Line 31:
One possible solution can be implemented entirely in mountd, without changing the kernel or any interfaces:
One possible solution can be implemented entirely in mountd, without changing the kernel or any interfaces:
 +
 +
First, if we find "fsid=0" in the /etc/exports file anywhere, then we fall back on the current behavior, to preserve backwards compatibility.
 +
 +
If the file lacks any "fsid=0", then we automatically construct a pseudofilesystem in mountd:
 +
 +
* Create a separate namespace  (see "CLONE_NEWNS" in "man 2 clone")
 +
* Mount a new filesystem there to use as a pseudofilesystem; you'll probably need to loopback-mount a file so the user doesn't have to set aside a separate partition for this.
 +
* For each export in the export file, create a corresponding path under the pseudofilesystem.
 +
* Create a new fsid=0,ro export for the pseudofilesystem.
 +
* For each export in the export file, create a corresponding export for the path under the pseudofilesystem, with the same client and the same options.
 +
* Mark all of these automatically created exports specially so that mountd knows to use them only for answer upcalls from the kernel, and not for responding to mountd requests.
 +
 +
The end result is an automatically-built filesystem and a set of "shadow" exports that are visible to NFSv4 but not to anyone (NFSv2/3 clients or automounters) using the MOUNT protocol, which have the effect of allowing everyone to see the same export paths.

Revision as of 20:45, 17 August 2006

The Problem

See also This bugzilla bug report.

While NFSv2 and NFSv3 use a separate mount protocol to discover a server's exported filesystems, NFSv4 uses the same standard filesystem protocol (lookup, readdir, etc.) that is used to traverse within filesystems.

This gives the impression that these filesystems are all mounted on top of a top-level "pseudofilesystem".

Rather than constructing the pseudofilesystem from the list of exports in the /etc/exports file, the nfsd server just uses a real filesystem as the pseudofilesystem, and the administrator to export filesystems mounted underneath it. So that the server knows which exported filesystem to use as the pseudofilesystem (the filesystem that NFSv4 clients will see as "/"), that filesystem is marked with the export option "fsid=0".

This system was relatively simple to implement, but has lead to severe problems for automount users, or for anyone attempting to migrate from NFSv2/v3 to v4, because v4 clients see different paths than mountd clients.

For example, to quote Trond:

the current system means that if your export file
looks like this:
  /export/home myclient(rw,sync,no_subtree_check,fsid=0)
then that means that an NFSv4 fstab entry on 'myclient' will look like
  myserver:/              /mnt    nfs4    rw,hard,intr    0 0
whereas an NFSv3 entry would look like
  myserver:/export/home   /mnt    nfs     rw,hard,intr 0 0
This difference in path semantics means that there is no way we could
have 'mount' try NFSv4 first, then automatically fall back to NFSv3 if
the server doesn't support NFSv4.
What we ought to do (what Solaris, Netapp,... all do) is for the NFSv4
server to have a pseudo-fs that contains the entries '/', '/export', and
'/export/home' so that the NFSv4 client can mount the
directory /export/home instead of '/'."

Solving the problem in mountd

One possible solution can be implemented entirely in mountd, without changing the kernel or any interfaces:

First, if we find "fsid=0" in the /etc/exports file anywhere, then we fall back on the current behavior, to preserve backwards compatibility.

If the file lacks any "fsid=0", then we automatically construct a pseudofilesystem in mountd:

  • Create a separate namespace (see "CLONE_NEWNS" in "man 2 clone")
  • Mount a new filesystem there to use as a pseudofilesystem; you'll probably need to loopback-mount a file so the user doesn't have to set aside a separate partition for this.
  • For each export in the export file, create a corresponding path under the pseudofilesystem.
  • Create a new fsid=0,ro export for the pseudofilesystem.
  • For each export in the export file, create a corresponding export for the path under the pseudofilesystem, with the same client and the same options.
  • Mark all of these automatically created exports specially so that mountd knows to use them only for answer upcalls from the kernel, and not for responding to mountd requests.

The end result is an automatically-built filesystem and a set of "shadow" exports that are visible to NFSv4 but not to anyone (NFSv2/3 clients or automounters) using the MOUNT protocol, which have the effect of allowing everyone to see the same export paths.

Personal tools