[PATCH 00/24] vfs: require filesystems to explicitly opt-in to lease support
Jeff Layton
jlayton at kernel.org
Tue Jan 13 09:06:42 PST 2026
On Tue, 2026-01-13 at 06:54 -0800, Christoph Hellwig wrote:
> On Tue, Jan 13, 2026 at 09:54:15AM +0100, Christian Brauner wrote:
> > I don't think we want to expose cgroupfs via NFS that's super weird.
> > It's like remote partial resource management and it would be very
> > strange if a remote process suddenly would be able to move things around
> > in the cgroup tree. So I would prefer to not do this.
> >
> > So my preference would be to really sever file handles from the export
> > mechanism so that we can allow stuff like pidfs and nsfs and cgroupfs to
> > use file handles via name_to_handle_at() and open_by_handle_at() without
> > making them exportable.
>
> I don't understand this discussion. If someone really wants to
> expose say cgroupfs to the network they'll find a way, be that using
> a userspace nfs server, samba, 9p or a custom fuse thing. What's the
> benefit of explicitly prohibiting a knfsd export?
>
> (not that I think any of this makes much sense to start with)
Fair point, but it's not that hard to conceive of a situation where
someone inadvertantly exports cgroupfs or some similar filesystem:
Could you end up exporting /sys if it's bind mounted into a container
somewhere? Bear in mind that exportfs does allow mountpoint crossing,
etc.
nfsd is a network service, so I think the kernel needs to be quite
conservative about what filehandles it can access.
--
Jeff Layton <jlayton at kernel.org>
More information about the linux-mtd
mailing list