On Fri, 2015-04-17 at 07:14 -0400, Roland Mainz wrote:
Hi!
----
Mainly a question for testing:
Is it possible to run independent gssproxy instances in different
Linux namespaces, e.g. does creating a new namespace, run gssproxy and
mount a NFS share automagically make use that gssproxy instance ?
The ability of rpc.gssd (client nfs case if I understand you correctly)
to use gss-proxy depends on rpc.gssd being able to access the gss-proxy
socket, this can be done at the default location /run or changed (in
gss-proxy.conf and with an env var for rpc.gssd) to be found elsewhere.
For the server case instead the nfsd in-kernel thread tries to connect
to /run/gssproxy.sock, I believe always in the main filesystem
namespace, I do not think we have options to use a different namespace
in this case.
Also note, if you are trying to separate access, that the Keyring ccache
type has no namespacing support, so you may want to set other file
ccache types in a namespaced system.
Simo.
--
Simo Sorce * Red Hat, Inc * New York