On Tue, Jan 13, 2026 at 09:54:15AM +0100, Christian Brauner wrote: > I don't think we want to expose cgroupfs via NFS that's super weird. > It's like remote partial resource management and it would be very > strange if a remote process suddenly would be able to move things around > in the cgroup tree. So I would prefer to not do this. > > So my preference would be to really sever file handles from the export > mechanism so that we can allow stuff like pidfs and nsfs and cgroupfs to > use file handles via name_to_handle_at() and open_by_handle_at() without > making them exportable.
I don't understand this discussion. If someone really wants to expose say cgroupfs to the network they'll find a way, be that using a userspace nfs server, samba, 9p or a custom fuse thing. What's the benefit of explicitly prohibiting a knfsd export? (not that I think any of this makes much sense to start with)
