Hi all, I have implemented portmap spoofing in klibc nfsmount (released as klibc-0.144) This is basically a vestigial portmap daemon which gets launched before the mount() call and then just records any transactions it gets to a file and sends back an affirmative reply. There are two ways to use it (this belongs in a README file, but it's too late at night right now): a) Set a fixed portnumber in /proc/sys/nfs/nlm_tcpport and /proc/sys/nfs/nlm_udpport before calling nfsmount; once the portmapper starts feed that fixed portnumber to pmap_set(8). In this case the pmap_file can be /dev/null. b) Allow the kernel to bind to any port and use the file produced by nfsroot to feed to pmap_set (it should be directly compatible); this means the file needs to be transferred to a place where the "real root" can find it before run-init. To use it: nfsroot -p pmap_file -o lock server:/pathname /realpath In either case, it is imperative that the real portmapper is launched before any program tries to create locks! Please let me know exactly how broken it is; I'm going to bed now. -hpa