From: Chuck Lever <chuck.lever@xxxxxxxxxx>
On Wed, 06 Aug 2025 15:15:43 -0400, Scott Mayhew wrote:
> A while back I had reported that an NFSv3 client could successfully
> mount using '-o xprtsec=none' an export that had been exported with
> 'xprtsec=tls:mtls'. By "successfully" I mean that the mount command
> would succeed and the mount would show up in /proc/mount. Attempting to
> do anything futher with the mount would be met with NFS3ERR_ACCES.
>
> This was fixed (albeit accidentally) by bb4f07f2409c ("nfsd: Fix
> NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT") and was
> subsequently re-broken by 0813c5f01249 ("nfsd: fix access checking for
> NLM under XPRTSEC policies").
>
> [...]
Applied to nfsd-testing, thanks!
[1/1] nfsd: decouple the xprtsec policy check from check_nfsd_access()
commit: c8f9c4c2f1f28f61d073c0834f2a61521a57ad3a
--
Chuck Lever
