From 948cd2fb7983a4970132a97463b7928399bc51de Mon Sep 17 00:00:00 2001 From: "J. Bruce Fields" Date: Thu, 24 Dec 2009 15:51:20 -0500 Subject: [PATCH] mountd: prefer non-V4ROOT exports. If paths A and A/B are both exported, then we have a choice of exports to return for A (or under A but still above A/B): we could return A itself, or we could return a V4ROOT export leading to B. For now, we will always prefer the non-V4ROOT export, whenever that is an option. This will allow clients to reach A/B as long as adminstrators keep to the rule that the security on a parent permits the union of the access permitted on any descendant. In the future we may support more complicated arrangements. (Note: this can't be avoided by simply not creating v4root exports with the same domain and path, because different domains may have some overlap.) Signed-off-by: J. Bruce Fields --- utils/mountd/cache.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c index 2468bc5..d63e10a 100644 --- a/utils/mountd/cache.c +++ b/utils/mountd/cache.c @@ -657,6 +657,11 @@ static nfs_export *lookup_export(char *dom, char *path, struct hostent *he) found_type = i; continue; } + + /* Always prefer non-V4ROOT mounts */ + if (found->m_export.e_flags & NFSEXP_V4ROOT) + continue; + /* If one is a CROSSMOUNT, then prefer the longest path */ if (((found->m_export.e_flags & NFSEXP_CROSSMOUNT) || (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)) && -- 2.39.2