- add 0001-gssd-revert-commit-a5f3b7ccb01c.patch,
0002-gssd-revert-commit-513630d720bd.patch, 0003-gssd-switch-to-using-rpc_gss_seccreate.patch, 0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch, 0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch, 0006-configure-check-for-rpc_gss_seccreate.patch: fixes for libtirpc 1.3.5 - drop reenable-nfsv2.patch (poo#106679) Fix crash when rpc-gssd run with -v. - Replace references to /var/adm/fillup-templates with new options. - do not strip the binaries - mkinitrd-boot.sh: allow other mkinitrd-setup - nfs-utils-eperm-fallback.patch: mount.nfs Includes new config file: /etc/nfsmount.conf and - Kill processes on NFS mounts when unmounting bnc#442490 * fix typo in handling of "init.d/nfs status" - nfs.init: * unmount rpc_pipefs - fix sysconfig filename for changed fillup call services (gssd and idmpad have been rolled in to nfs/nfsserver). - remove svcinfo.d dir as it is provided now by filesystem - update to version 1.1.2 - uses libgssglue instead of libgssapi - add rpcbind support [fate#300607] - added gssapi to buildrequires (#116355) showmount has been removed there (#309782) - added README.NFSv4 (#182775) OBS-URL: https://build.opensuse.org/package/show/Base:System/nfs-utils?expand=0&rev=285
This commit is contained in:
commit
99d3e0d9fa
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.osc
|
167
0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch
Normal file
167
0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch
Normal file
@ -0,0 +1,167 @@
|
||||
From 40d6d58ee6e58f50d5f1aaf8c1253b2338bd7d06 Mon Sep 17 00:00:00 2001
|
||||
From: NeilBrown <neilb@suse.de>
|
||||
Date: Mon, 27 Nov 2023 10:12:19 -0500
|
||||
Subject: [PATCH] exportfs: remove warning if neither subtree_check or
|
||||
no_subtree_check is given
|
||||
|
||||
This warning was only ever intended as a transitional aid.
|
||||
It doesn't serve any purpose any longer. Let's remove it.
|
||||
|
||||
Also clean up some white-space issues.
|
||||
|
||||
Signed-off-by: NeilBrown <neilb@suse.de>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
support/export/export.c | 2 +-
|
||||
support/export/xtab.c | 2 +-
|
||||
support/include/nfslib.h | 2 +-
|
||||
support/nfs/exports.c | 43 +++++++++++++++++-----------------------
|
||||
4 files changed, 21 insertions(+), 28 deletions(-)
|
||||
|
||||
diff --git a/support/export/export.c b/support/export/export.c
|
||||
index 3e48c42def19..100912cb29c3 100644
|
||||
--- a/support/export/export.c
|
||||
+++ b/support/export/export.c
|
||||
@@ -119,7 +119,7 @@ export_read(char *fname, int ignore_hosts)
|
||||
int reexport_found = 0;
|
||||
|
||||
setexportent(fname, "r");
|
||||
- while ((eep = getexportent(0,1)) != NULL) {
|
||||
+ while ((eep = getexportent(0)) != NULL) {
|
||||
exp = export_lookup(eep->e_hostname, eep->e_path, ignore_hosts);
|
||||
if (!exp) {
|
||||
if (export_create(eep, 0))
|
||||
diff --git a/support/export/xtab.c b/support/export/xtab.c
|
||||
index e210ca99d574..282f15bc79cd 100644
|
||||
--- a/support/export/xtab.c
|
||||
+++ b/support/export/xtab.c
|
||||
@@ -47,7 +47,7 @@ xtab_read(char *xtab, char *lockfn, int is_export)
|
||||
setexportent(xtab, "r");
|
||||
if (is_export == 1)
|
||||
v4root_needed = 1;
|
||||
- while ((xp = getexportent(is_export==0, 0)) != NULL) {
|
||||
+ while ((xp = getexportent(is_export==0)) != NULL) {
|
||||
if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) &&
|
||||
!(exp = export_create(xp, is_export!=1))) {
|
||||
if(xp->e_hostname) {
|
||||
diff --git a/support/include/nfslib.h b/support/include/nfslib.h
|
||||
index bdbde78d9ebd..eff2a486307f 100644
|
||||
--- a/support/include/nfslib.h
|
||||
+++ b/support/include/nfslib.h
|
||||
@@ -111,7 +111,7 @@ struct rmtabent {
|
||||
* configuration file parsing
|
||||
*/
|
||||
void setexportent(char *fname, char *type);
|
||||
-struct exportent * getexportent(int,int);
|
||||
+struct exportent * getexportent(int);
|
||||
void secinfo_show(FILE *fp, struct exportent *ep);
|
||||
void xprtsecinfo_show(FILE *fp, struct exportent *ep);
|
||||
void putexportent(struct exportent *xep);
|
||||
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
|
||||
index 15dc574cc21a..a6816e60d62e 100644
|
||||
--- a/support/nfs/exports.c
|
||||
+++ b/support/nfs/exports.c
|
||||
@@ -59,7 +59,7 @@ static int *squids = NULL, nsquids = 0,
|
||||
|
||||
static int getexport(char *exp, int len);
|
||||
static int getpath(char *path, int len);
|
||||
-static int parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr);
|
||||
+static int parseopts(char *cp, struct exportent *ep, int *had_subtree_opt_ptr);
|
||||
static int parsesquash(char *list, int **idp, int *lenp, char **ep);
|
||||
static int parsenum(char **cpp);
|
||||
static void freesquash(void);
|
||||
@@ -109,7 +109,7 @@ static void init_exportent (struct exportent *ee, int fromkernel)
|
||||
}
|
||||
|
||||
struct exportent *
|
||||
-getexportent(int fromkernel, int fromexports)
|
||||
+getexportent(int fromkernel)
|
||||
{
|
||||
static struct exportent ee, def_ee;
|
||||
char exp[512], *hostname;
|
||||
@@ -147,7 +147,7 @@ getexportent(int fromkernel, int fromexports)
|
||||
* we're not reading from the kernel.
|
||||
*/
|
||||
if (exp[0] == '-' && !fromkernel) {
|
||||
- if (parseopts(exp + 1, &def_ee, 0, &has_default_subtree_opts) < 0)
|
||||
+ if (parseopts(exp + 1, &def_ee, &has_default_subtree_opts) < 0)
|
||||
return NULL;
|
||||
|
||||
has_default_opts = 1;
|
||||
@@ -185,20 +185,20 @@ getexportent(int fromkernel, int fromexports)
|
||||
}
|
||||
ee.e_hostname = xstrdup(hostname);
|
||||
|
||||
- if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) {
|
||||
- if(ee.e_hostname)
|
||||
- {
|
||||
- xfree(ee.e_hostname);
|
||||
- ee.e_hostname=NULL;
|
||||
- }
|
||||
- if(ee.e_uuid)
|
||||
- {
|
||||
- xfree(ee.e_uuid);
|
||||
- ee.e_uuid=NULL;
|
||||
- }
|
||||
+ if (parseopts(opt, &ee, NULL) < 0) {
|
||||
+ if(ee.e_hostname)
|
||||
+ {
|
||||
+ xfree(ee.e_hostname);
|
||||
+ ee.e_hostname=NULL;
|
||||
+ }
|
||||
+ if(ee.e_uuid)
|
||||
+ {
|
||||
+ xfree(ee.e_uuid);
|
||||
+ ee.e_uuid=NULL;
|
||||
+ }
|
||||
|
||||
return NULL;
|
||||
- }
|
||||
+ }
|
||||
/* resolve symlinks */
|
||||
if (realpath(ee.e_path, rpath) != NULL) {
|
||||
rpath[sizeof (rpath) - 1] = '\0';
|
||||
@@ -433,7 +433,7 @@ mkexportent(char *hname, char *path, char *options)
|
||||
}
|
||||
strncpy(ee.e_path, path, sizeof (ee.e_path));
|
||||
ee.e_path[sizeof (ee.e_path) - 1] = '\0';
|
||||
- if (parseopts(options, &ee, 0, NULL) < 0)
|
||||
+ if (parseopts(options, &ee, NULL) < 0)
|
||||
return NULL;
|
||||
return ⅇ
|
||||
}
|
||||
@@ -441,7 +441,7 @@ mkexportent(char *hname, char *path, char *options)
|
||||
int
|
||||
updateexportent(struct exportent *eep, char *options)
|
||||
{
|
||||
- if (parseopts(options, eep, 0, NULL) < 0)
|
||||
+ if (parseopts(options, eep, NULL) < 0)
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
@@ -632,7 +632,7 @@ void fix_pseudoflavor_flags(struct exportent *ep)
|
||||
* Parse option string pointed to by cp and set mount options accordingly.
|
||||
*/
|
||||
static int
|
||||
-parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr)
|
||||
+parseopts(char *cp, struct exportent *ep, int *had_subtree_opt_ptr)
|
||||
{
|
||||
int had_subtree_opt = 0;
|
||||
char *flname = efname?efname:"command line";
|
||||
@@ -852,13 +852,6 @@ bad_option:
|
||||
ep->e_nsqgids = nsqgids;
|
||||
|
||||
out:
|
||||
- if (warn && !had_subtree_opt)
|
||||
- xlog(L_WARNING, "%s [%d]: Neither 'subtree_check' or 'no_subtree_check' specified for export \"%s:%s\".\n"
|
||||
- " Assuming default behaviour ('no_subtree_check').\n"
|
||||
- " NOTE: this default has changed since nfs-utils version 1.0.x\n",
|
||||
-
|
||||
- flname, flline,
|
||||
- ep->e_hostname, ep->e_path);
|
||||
if (had_subtree_opt_ptr)
|
||||
*had_subtree_opt_ptr = had_subtree_opt;
|
||||
|
||||
--
|
||||
2.43.0
|
||||
|
99
0001-gssd-revert-commit-a5f3b7ccb01c.patch
Normal file
99
0001-gssd-revert-commit-a5f3b7ccb01c.patch
Normal file
@ -0,0 +1,99 @@
|
||||
From 20c0797937e9ec43a78a2f5475d4296897f8c537 Mon Sep 17 00:00:00 2001
|
||||
From: Olga Kornievskaia <kolga@netapp.com>
|
||||
Date: Mon, 11 Dec 2023 08:46:35 -0500
|
||||
Subject: [PATCH 1/6] gssd: revert commit a5f3b7ccb01c
|
||||
|
||||
In preparation for using rpc_gss_seccreate() function, revert commit
|
||||
a5f3b7ccb01c "gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user
|
||||
credentials"
|
||||
|
||||
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
|
||||
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
utils/gssd/gssd_proc.c | 2 --
|
||||
utils/gssd/krb5_util.c | 42 ------------------------------------------
|
||||
utils/gssd/krb5_util.h | 1 -
|
||||
3 files changed, 45 deletions(-)
|
||||
|
||||
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
|
||||
index a96647df..e5cc1d98 100644
|
||||
--- a/utils/gssd/gssd_proc.c
|
||||
+++ b/utils/gssd/gssd_proc.c
|
||||
@@ -419,8 +419,6 @@ create_auth_rpc_client(struct clnt_info *clp,
|
||||
if (cred == GSS_C_NO_CREDENTIAL)
|
||||
retval = gssd_refresh_krb5_machine_credential(clp->servername,
|
||||
"*", NULL, 1);
|
||||
- else
|
||||
- retval = gssd_k5_remove_bad_service_cred(clp->servername);
|
||||
if (!retval) {
|
||||
auth = authgss_create_default(rpc_clnt, tgtname,
|
||||
&sec);
|
||||
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
||||
index 6f66ef4f..f6ce1fec 100644
|
||||
--- a/utils/gssd/krb5_util.c
|
||||
+++ b/utils/gssd/krb5_util.c
|
||||
@@ -1553,48 +1553,6 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
|
||||
return ret;
|
||||
}
|
||||
|
||||
-/* Removed a service ticket for nfs/<name> from the ticket cache
|
||||
- */
|
||||
-int
|
||||
-gssd_k5_remove_bad_service_cred(char *name)
|
||||
-{
|
||||
- krb5_creds in_creds, out_creds;
|
||||
- krb5_error_code ret;
|
||||
- krb5_context context;
|
||||
- krb5_ccache cache;
|
||||
- krb5_principal principal;
|
||||
- int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
|
||||
- char srvname[1024];
|
||||
-
|
||||
- ret = krb5_init_context(&context);
|
||||
- if (ret)
|
||||
- goto out_cred;
|
||||
- ret = krb5_cc_default(context, &cache);
|
||||
- if (ret)
|
||||
- goto out_free_context;
|
||||
- ret = krb5_cc_get_principal(context, cache, &principal);
|
||||
- if (ret)
|
||||
- goto out_close_cache;
|
||||
- memset(&in_creds, 0, sizeof(in_creds));
|
||||
- in_creds.client = principal;
|
||||
- sprintf(srvname, "nfs/%s", name);
|
||||
- ret = krb5_parse_name(context, srvname, &in_creds.server);
|
||||
- if (ret)
|
||||
- goto out_free_principal;
|
||||
- ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
|
||||
- if (ret)
|
||||
- goto out_free_principal;
|
||||
- ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
|
||||
-out_free_principal:
|
||||
- krb5_free_principal(context, principal);
|
||||
-out_close_cache:
|
||||
- krb5_cc_close(context, cache);
|
||||
-out_free_context:
|
||||
- krb5_free_context(context);
|
||||
-out_cred:
|
||||
- return ret;
|
||||
-}
|
||||
-
|
||||
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
||||
/*
|
||||
* this routine obtains a credentials handle via gss_acquire_cred()
|
||||
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
|
||||
index 7ef87018..62c91a0e 100644
|
||||
--- a/utils/gssd/krb5_util.h
|
||||
+++ b/utils/gssd/krb5_util.h
|
||||
@@ -22,7 +22,6 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
|
||||
void gssd_k5_get_default_realm(char **def_realm);
|
||||
|
||||
int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
|
||||
-int gssd_k5_remove_bad_service_cred(char *srvname);
|
||||
|
||||
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
||||
extern int limit_to_legacy_enctypes;
|
||||
--
|
||||
2.46.0
|
||||
|
179
0002-conffile-don-t-report-error-from-conf_init_file.patch
Normal file
179
0002-conffile-don-t-report-error-from-conf_init_file.patch
Normal file
@ -0,0 +1,179 @@
|
||||
From ed4dc834e1722b9217fae27da1adf29ab21d6a93 Mon Sep 17 00:00:00 2001
|
||||
From: NeilBrown <neilb@suse.de>
|
||||
Date: Mon, 27 Nov 2023 10:30:43 -0500
|
||||
Subject: [PATCH] conffile: don't report error from conf_init_file()
|
||||
|
||||
conf_init_file() currently reports an error if the main config file
|
||||
doesn't exist - even if there are conf files in the conf.d directory.
|
||||
|
||||
This is only used by nfsconfcli.c. However this is not needed. If
|
||||
there is a real error, and error message is already logged.
|
||||
If it is simply that the file doesn't exist, that isn't really an error.
|
||||
|
||||
So remove the error messages and change conf_init_file() to not return
|
||||
any status.
|
||||
|
||||
Also fix up assorted nearby white-space issues.
|
||||
|
||||
Signed-off-by: NeilBrown <neilb@suse.de>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
support/include/conffile.h | 2 +-
|
||||
support/nfs/conffile.c | 32 ++++++++++++++------------------
|
||||
tools/nfsconf/nfsconfcli.c | 15 ++-------------
|
||||
3 files changed, 17 insertions(+), 32 deletions(-)
|
||||
|
||||
diff --git a/support/include/conffile.h b/support/include/conffile.h
|
||||
index c4a3ca62860e..c04cd1ec5c0c 100644
|
||||
--- a/support/include/conffile.h
|
||||
+++ b/support/include/conffile.h
|
||||
@@ -62,7 +62,7 @@ extern char *conf_get_str(const char *, const char *);
|
||||
extern char *conf_get_str_with_def(const char *, const char *, char *);
|
||||
extern char *conf_get_section(const char *, const char *, const char *);
|
||||
extern char *conf_get_entry(const char *, const char *, const char *);
|
||||
-extern int conf_init_file(const char *);
|
||||
+extern void conf_init_file(const char *);
|
||||
extern void conf_cleanup(void);
|
||||
extern int conf_match_num(const char *, const char *, int);
|
||||
extern int conf_remove(int, const char *, const char *);
|
||||
diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c
|
||||
index fd4a17ad4293..6b813dd95147 100644
|
||||
--- a/support/nfs/conffile.c
|
||||
+++ b/support/nfs/conffile.c
|
||||
@@ -658,7 +658,7 @@ conf_load_file(const char *conf_file)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static void
|
||||
+static void
|
||||
conf_init_dir(const char *conf_file)
|
||||
{
|
||||
struct dirent **namelist = NULL;
|
||||
@@ -669,14 +669,14 @@ conf_init_dir(const char *conf_file)
|
||||
dname = malloc(strlen(conf_file) + 3);
|
||||
if (dname == NULL) {
|
||||
xlog(L_WARNING, "conf_init_dir: malloc: %s", strerror(errno));
|
||||
- return;
|
||||
+ return;
|
||||
}
|
||||
sprintf(dname, "%s.d", conf_file);
|
||||
|
||||
n = scandir(dname, &namelist, NULL, versionsort);
|
||||
if (n < 0) {
|
||||
if (errno != ENOENT) {
|
||||
- xlog(L_WARNING, "conf_init_dir: scandir %s: %s",
|
||||
+ xlog(L_WARNING, "conf_init_dir: scandir %s: %s",
|
||||
dname, strerror(errno));
|
||||
}
|
||||
free(dname);
|
||||
@@ -691,7 +691,7 @@ conf_init_dir(const char *conf_file)
|
||||
for (i = 0; i < n; i++ ) {
|
||||
struct dirent *d = namelist[i];
|
||||
|
||||
- switch (d->d_type) {
|
||||
+ switch (d->d_type) {
|
||||
case DT_UNKNOWN:
|
||||
case DT_REG:
|
||||
case DT_LNK:
|
||||
@@ -701,13 +701,13 @@ conf_init_dir(const char *conf_file)
|
||||
}
|
||||
if (*d->d_name == '.')
|
||||
continue;
|
||||
-
|
||||
+
|
||||
fname_len = strlen(d->d_name);
|
||||
path_len = (fname_len + dname_len);
|
||||
if (!fname_len || path_len > PATH_MAX) {
|
||||
xlog(L_WARNING, "conf_init_dir: Too long file name: %s in %s",
|
||||
d->d_name, dname);
|
||||
- continue;
|
||||
+ continue;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -715,7 +715,7 @@ conf_init_dir(const char *conf_file)
|
||||
* that end with CONF_FILE_EXT
|
||||
*/
|
||||
if (fname_len <= CONF_FILE_EXT_LEN) {
|
||||
- xlog(D_GENERAL, "conf_init_dir: %s: name too short",
|
||||
+ xlog(D_GENERAL, "conf_init_dir: %s: name too short",
|
||||
d->d_name);
|
||||
continue;
|
||||
}
|
||||
@@ -746,31 +746,29 @@ conf_init_dir(const char *conf_file)
|
||||
free(namelist[i]);
|
||||
free(namelist);
|
||||
free(dname);
|
||||
-
|
||||
+
|
||||
return;
|
||||
}
|
||||
|
||||
-int
|
||||
+void
|
||||
conf_init_file(const char *conf_file)
|
||||
{
|
||||
unsigned int i;
|
||||
- int ret;
|
||||
|
||||
for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++)
|
||||
LIST_INIT (&conf_bindings[i]);
|
||||
|
||||
TAILQ_INIT (&conf_trans_queue);
|
||||
|
||||
- if (conf_file == NULL)
|
||||
- conf_file=NFS_CONFFILE;
|
||||
+ if (conf_file == NULL)
|
||||
+ conf_file = NFS_CONFFILE;
|
||||
|
||||
/*
|
||||
- * First parse the give config file
|
||||
- * then parse the config.conf.d directory
|
||||
+ * First parse the give config file
|
||||
+ * then parse the config.conf.d directory
|
||||
* (if it exists)
|
||||
- *
|
||||
*/
|
||||
- ret = conf_load_file(conf_file);
|
||||
+ conf_load_file(conf_file);
|
||||
|
||||
/*
|
||||
* When the same variable is set in both files
|
||||
@@ -779,8 +777,6 @@ conf_init_file(const char *conf_file)
|
||||
* have the final say.
|
||||
*/
|
||||
conf_init_dir(conf_file);
|
||||
-
|
||||
- return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
diff --git a/tools/nfsconf/nfsconfcli.c b/tools/nfsconf/nfsconfcli.c
|
||||
index b2ef96d1c600..bd9d52701aa6 100644
|
||||
--- a/tools/nfsconf/nfsconfcli.c
|
||||
+++ b/tools/nfsconf/nfsconfcli.c
|
||||
@@ -135,19 +135,8 @@ int main(int argc, char **argv)
|
||||
return 1;
|
||||
}
|
||||
|
||||
- if (mode != MODE_SET && mode != MODE_UNSET) {
|
||||
- if (conf_init_file(confpath)) {
|
||||
- /* config file was missing or had an error, warn about it */
|
||||
- if (verbose || mode != MODE_ISSET) {
|
||||
- fprintf(stderr, "Error loading config file %s\n",
|
||||
- confpath);
|
||||
- }
|
||||
-
|
||||
- /* this isnt fatal for --isset */
|
||||
- if (mode != MODE_ISSET)
|
||||
- return 1;
|
||||
- }
|
||||
- }
|
||||
+ if (mode != MODE_SET && mode != MODE_UNSET)
|
||||
+ conf_init_file(confpath);
|
||||
|
||||
/* --dump mode, output the current configuration */
|
||||
if (mode == MODE_DUMP) {
|
||||
--
|
||||
2.43.0
|
||||
|
51
0002-gssd-revert-commit-513630d720bd.patch
Normal file
51
0002-gssd-revert-commit-513630d720bd.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From f05af7d9924b5e455f4e750c1e8985c560784fce Mon Sep 17 00:00:00 2001
|
||||
From: Olga Kornievskaia <kolga@netapp.com>
|
||||
Date: Mon, 11 Dec 2023 08:50:57 -0500
|
||||
Subject: [PATCH 2/6] gssd: revert commit 513630d720bd
|
||||
|
||||
In preparation for using rpc_gss_seccreate(), revert commit 513630d720bd
|
||||
"gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials"
|
||||
|
||||
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
|
||||
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
utils/gssd/gssd_proc.c | 16 +---------------
|
||||
1 file changed, 1 insertion(+), 15 deletions(-)
|
||||
|
||||
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
|
||||
index e5cc1d98..4fb6b72d 100644
|
||||
--- a/utils/gssd/gssd_proc.c
|
||||
+++ b/utils/gssd/gssd_proc.c
|
||||
@@ -412,27 +412,13 @@ create_auth_rpc_client(struct clnt_info *clp,
|
||||
tid, tgtname);
|
||||
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
|
||||
if (!auth) {
|
||||
- if (sec.minor_status == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
|
||||
- printerr(2, "WARNING: server=%s failed context "
|
||||
- "creation with KRB5_AP_ERR_BAD_INTEGRITY\n",
|
||||
- clp->servername);
|
||||
- if (cred == GSS_C_NO_CREDENTIAL)
|
||||
- retval = gssd_refresh_krb5_machine_credential(clp->servername,
|
||||
- "*", NULL, 1);
|
||||
- if (!retval) {
|
||||
- auth = authgss_create_default(rpc_clnt, tgtname,
|
||||
- &sec);
|
||||
- if (auth)
|
||||
- goto success;
|
||||
- }
|
||||
- }
|
||||
/* Our caller should print appropriate message */
|
||||
printerr(2, "WARNING: Failed to create krb5 context for "
|
||||
"user with uid %d for server %s\n",
|
||||
uid, tgtname);
|
||||
goto out_fail;
|
||||
}
|
||||
-success:
|
||||
+
|
||||
/* Success !!! */
|
||||
rpc_clnt->cl_auth = auth;
|
||||
*clnt_return = rpc_clnt;
|
||||
--
|
||||
2.46.0
|
||||
|
188
0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch
Normal file
188
0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch
Normal file
@ -0,0 +1,188 @@
|
||||
From 6a714409b17ad2cca99d497129fc944a808eb446 Mon Sep 17 00:00:00 2001
|
||||
From: NeilBrown <neilb@suse.de>
|
||||
Date: Mon, 27 Nov 2023 10:35:56 -0500
|
||||
Subject: [PATCH] conffile: allow /usr/etc to provide any config files expected
|
||||
in /etc
|
||||
|
||||
If any config file is configured to be in /etc, also read from /usr/etc.
|
||||
This followed a growing trend of moving as much as possible out of /
|
||||
and into /usr.
|
||||
|
||||
See https://en.opensuse.org/openSUSE:Packaging_UsrEtc
|
||||
|
||||
Signed-off-by: NeilBrown <neilb@suse.de>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
support/nfs/conffile.c | 26 +++++++++++++++-----------
|
||||
support/nfsidmap/idmapd.conf.5 | 15 ++++++++++++++-
|
||||
systemd/nfs.conf.man | 23 ++++++++++++++---------
|
||||
systemd/nfs.systemd.man | 10 +++++++++-
|
||||
utils/mount/nfsmount.conf.man | 19 ++++++++++---------
|
||||
5 files changed, 62 insertions(+), 31 deletions(-)
|
||||
|
||||
--- a/support/nfs/conffile.c
|
||||
+++ b/support/nfs/conffile.c
|
||||
@@ -763,19 +763,23 @@ conf_init_file(const char *conf_file)
|
||||
if (conf_file == NULL)
|
||||
conf_file = NFS_CONFFILE;
|
||||
|
||||
- /*
|
||||
- * First parse the give config file
|
||||
- * then parse the config.conf.d directory
|
||||
- * (if it exists)
|
||||
+ /* If the config file is in /etc (normal) then check
|
||||
+ * /usr/etc first. Also check config.conf.d for files
|
||||
+ * names *.conf.
|
||||
+ *
|
||||
+ * Content or later files always over-rides earlier
|
||||
+ * files.
|
||||
*/
|
||||
- conf_load_file(conf_file);
|
||||
+ if (strncmp(conf_file, "/etc/", 5) == 0) {
|
||||
+ char *usrconf = NULL;
|
||||
|
||||
- /*
|
||||
- * When the same variable is set in both files
|
||||
- * the conf.d file will override the config file.
|
||||
- * This allows automated admin systems to
|
||||
- * have the final say.
|
||||
- */
|
||||
+ if (asprintf(&usrconf, "/usr%s", conf_file) > 0 && usrconf) {
|
||||
+ conf_load_file(usrconf);
|
||||
+ conf_init_dir(usrconf);
|
||||
+ free(usrconf);
|
||||
+ }
|
||||
+ }
|
||||
+ conf_load_file(conf_file);
|
||||
conf_init_dir(conf_file);
|
||||
}
|
||||
|
||||
--- a/support/nfsidmap/idmapd.conf.5
|
||||
+++ b/support/nfsidmap/idmapd.conf.5
|
||||
@@ -37,7 +37,7 @@ Configuration file for libnfsidmap. Use
|
||||
.SH DESCRIPTION
|
||||
The
|
||||
.B idmapd.conf
|
||||
-configuration file consists of several sections, initiated by strings of the
|
||||
+configuration files consists of several sections, initiated by strings of the
|
||||
form [General] and [Mapping]. Each section may contain lines of the form
|
||||
.nf
|
||||
variable = value
|
||||
@@ -398,6 +398,19 @@ LDAP_base = dc=org,dc=domain
|
||||
.\" Additional sections
|
||||
.\" -------------------------------------------------------------------
|
||||
.\"
|
||||
+.SH FILES
|
||||
+.I /usr/etc/idmapd.conf
|
||||
+.br
|
||||
+.I /usr/etc/idmapd.conf.d/*.conf
|
||||
+.br
|
||||
+.I /etc/idmapd.conf
|
||||
+.br
|
||||
+.I /etc/idmapd.conf.d/*.conf
|
||||
+.br
|
||||
+.IP
|
||||
+Files are read in the order listed. Later settings override earlier
|
||||
+settings.
|
||||
+
|
||||
.SH SEE ALSO
|
||||
.BR idmapd (8)
|
||||
.BR svcgssd (8)
|
||||
--- a/systemd/nfs.conf.man
|
||||
+++ b/systemd/nfs.conf.man
|
||||
@@ -2,10 +2,13 @@
|
||||
.SH NAME
|
||||
nfs.conf \- general configuration for NFS daemons and tools
|
||||
.SH SYNOPSIS
|
||||
+.I /usr/etc/nfs.conf
|
||||
+.I /usr/etc/nfs.conf.d/
|
||||
.I /etc/nfs.conf
|
||||
+.I /etc/nfs.conf.d/
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
-This file contains site-specific configuration for various NFS daemons
|
||||
+These files contain site-specific configuration for various NFS daemons
|
||||
and other processes. Most configuration can also be passed to
|
||||
processes via command line arguments, but it can be more convenient to
|
||||
have a central file. In particular, this encourages consistent
|
||||
@@ -314,15 +317,17 @@ See
|
||||
for deatils.
|
||||
|
||||
.SH FILES
|
||||
-.TP 10n
|
||||
+.I /usr/etc/nfs.conf
|
||||
+.br
|
||||
+.I /usr/etc/nfs.conf.d/*.conf
|
||||
+.br
|
||||
.I /etc/nfs.conf
|
||||
-Default NFS client configuration file
|
||||
-.TP 10n
|
||||
-.I /etc/nfs.conf.d
|
||||
-When this directory exists and files ending
|
||||
-with ".conf" exist, those files will be
|
||||
-used to set configuration variables. These
|
||||
-files will override variables set in /etc/nfs.conf
|
||||
+.br
|
||||
+.I /etc/nfs.conf.d/*.conf
|
||||
+.br
|
||||
+.IP
|
||||
+Various configuration files read in order. Later settings override
|
||||
+earlier settings.
|
||||
.SH SEE ALSO
|
||||
.BR nfsdcltrack (8),
|
||||
.BR rpc.nfsd (8),
|
||||
--- a/systemd/nfs.systemd.man
|
||||
+++ b/systemd/nfs.systemd.man
|
||||
@@ -27,7 +27,9 @@ any command line arguments to daemons so
|
||||
behavior. In many case such configuration can be performed by making
|
||||
changes to
|
||||
.I /etc/nfs.conf
|
||||
-or other configuration files. When that is not convenient, a
|
||||
+or other configuration files (see
|
||||
+.BR nfs.conf (5)).
|
||||
+When that is not convenient, a
|
||||
distribution might provide systemd "drop-in" files which replace the
|
||||
.B ExecStart=
|
||||
setting to start the program with different arguments. For example a
|
||||
@@ -171,6 +173,12 @@ running, it can be masked with
|
||||
/etc/nfsmount.conf
|
||||
.br
|
||||
/etc/idmapd.conf
|
||||
+.P
|
||||
+Also similar files in
|
||||
+.B /usr/etc
|
||||
+and in related
|
||||
+.I conf.d
|
||||
+drop-in directories.
|
||||
.SH SEE ALSO
|
||||
.BR systemd.unit (5),
|
||||
.BR nfs.conf (5),
|
||||
--- a/utils/mount/nfsmount.conf.man
|
||||
+++ b/utils/mount/nfsmount.conf.man
|
||||
@@ -115,16 +115,17 @@ All mounts to the '/export/home' export
|
||||
the background (i.e. done asynchronously).
|
||||
.RE
|
||||
.SH FILES
|
||||
-.TP 10n
|
||||
+.I /usr/etc/nfsmount.conf
|
||||
+.br
|
||||
+.I /usr/etc/nfsmount.conf.d/*.conf
|
||||
+.br
|
||||
.I /etc/nfsmount.conf
|
||||
-Default NFS mount configuration file
|
||||
-.TP 10n
|
||||
-.I /etc/nfsmount.conf.d
|
||||
-When this directory exists and files ending
|
||||
-with ".conf" exist, those files will be
|
||||
-used to set configuration variables. These
|
||||
-files will override variables set
|
||||
-in /etc/nfsmount.conf
|
||||
+.br
|
||||
+.I /etc/nfsmount.conf.d/*.conf
|
||||
+.br
|
||||
+.IP
|
||||
+Default NFS mount configuration files, variables set in the later file
|
||||
+over-ride those in the earlier file.
|
||||
.PD
|
||||
.SH SEE ALSO
|
||||
.BR nfs (5),
|
60
0003-gssd-switch-to-using-rpc_gss_seccreate.patch
Normal file
60
0003-gssd-switch-to-using-rpc_gss_seccreate.patch
Normal file
@ -0,0 +1,60 @@
|
||||
From 3abf6b5223af0ccf07d217d71978ee7987acce88 Mon Sep 17 00:00:00 2001
|
||||
From: Olga Kornievskaia <kolga@netapp.com>
|
||||
Date: Mon, 11 Dec 2023 08:52:47 -0500
|
||||
Subject: [PATCH 3/6] gssd: switch to using rpc_gss_seccreate()
|
||||
|
||||
If available from the libtirpc library, switch to using
|
||||
rpc_gss_seccreate() instead of authgss_create_default() which does not
|
||||
expose gss error codes.
|
||||
|
||||
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
|
||||
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
utils/gssd/gssd_proc.c | 15 +++++++++++++++
|
||||
1 file changed, 15 insertions(+)
|
||||
|
||||
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
|
||||
index 4fb6b72d..99761157 100644
|
||||
--- a/utils/gssd/gssd_proc.c
|
||||
+++ b/utils/gssd/gssd_proc.c
|
||||
@@ -70,6 +70,9 @@
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <syscall.h>
|
||||
+#ifdef HAVE_TIRPC_GSS_SECCREATE
|
||||
+#include <rpc/rpcsec_gss.h>
|
||||
+#endif
|
||||
|
||||
#include "gssd.h"
|
||||
#include "err_util.h"
|
||||
@@ -330,6 +333,11 @@ create_auth_rpc_client(struct clnt_info *clp,
|
||||
struct timeval timeout;
|
||||
struct sockaddr *addr = (struct sockaddr *) &clp->addr;
|
||||
socklen_t salen;
|
||||
+#ifdef HAVE_TIRPC_GSS_SECCREATE
|
||||
+ rpc_gss_options_req_t req;
|
||||
+ rpc_gss_options_ret_t ret;
|
||||
+ char mechanism[] = "kerberos_v5";
|
||||
+#endif
|
||||
pthread_t tid = pthread_self();
|
||||
|
||||
sec.qop = GSS_C_QOP_DEFAULT;
|
||||
@@ -410,7 +418,14 @@ create_auth_rpc_client(struct clnt_info *clp,
|
||||
|
||||
printerr(3, "create_auth_rpc_client(0x%lx): creating context with server %s\n",
|
||||
tid, tgtname);
|
||||
+#ifdef HAVE_TIRPC_GSS_SECCREATE
|
||||
+ memset(&req, 0, sizeof(req));
|
||||
+ req.my_cred = sec.cred;
|
||||
+ auth = rpc_gss_seccreate(rpc_clnt, tgtname, mechanism,
|
||||
+ rpcsec_gss_svc_none, NULL, &req, &ret);
|
||||
+#else
|
||||
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
|
||||
+#endif
|
||||
if (!auth) {
|
||||
/* Our caller should print appropriate message */
|
||||
printerr(2, "WARNING: Failed to create krb5 context for "
|
||||
--
|
||||
2.46.0
|
||||
|
115
0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch
Normal file
115
0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch
Normal file
@ -0,0 +1,115 @@
|
||||
From 46f91dc8f0d9aa31e18327cf3ad61c27551c4cfc Mon Sep 17 00:00:00 2001
|
||||
From: Ahelenia Ziemiaska <nabijaczleweli@nabijaczleweli.xyz>
|
||||
Date: Mon, 27 Nov 2023 10:41:04 -0500
|
||||
Subject: [PATCH] fsidd: call anonymous sockets by their name only, don't fill
|
||||
with NULs to 108 bytes
|
||||
|
||||
Since e00ab3c0616fe6d83ab0710d9e7d989c299088f7, ss -l looks like this:
|
||||
u_seq LISTEN 0 5 @/run/fsid.sock@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 26989379 * 0
|
||||
with fsidd pushing all the addresses to 108 bytes wide, which is deeply
|
||||
egregious if you don't filter it out and recolumnate.
|
||||
|
||||
This is because, naturally (unix(7)), "Null bytes in the name have
|
||||
no special significance": abstract addresses are binary blobs, but
|
||||
paths automatically terminate at the first NUL byte, since paths
|
||||
can't contain those.
|
||||
|
||||
So just specify the correct address length when we're using the abstract domain:
|
||||
unix(7) recommends "offsetof(struct sockaddr_un, sun_path) + strlen(sun_path) + 1"
|
||||
for paths, but we don't want to include the terminating NUL, so it's just
|
||||
"offsetof(struct sockaddr_un, sun_path) + strlen(sun_path)".
|
||||
This brings the width back to order:
|
||||
-- >8 --
|
||||
$ ss -la | grep @
|
||||
u_str ESTAB 0 0 @45208536ec96909a/bus/systemd-timesyn/bus-api-timesync 18500238 * 18501249
|
||||
u_str ESTAB 0 0 @fecc9657d2315eb7/bus/systemd-network/bus-api-network 18495452 * 18494406
|
||||
u_seq LISTEN 0 5 @/run/fsid.sock 27168796 * 0
|
||||
u_str ESTAB 0 0 @ac308f35f50797a2/bus/systemd-logind/system 19406 * 15153
|
||||
u_str ESTAB 0 0 @b6606e0dfacbae75/bus/systemd/bus-api-system 18494353 * 18495334
|
||||
u_str ESTAB 0 0 @5880653d215718a7/bus/systemd/bus-system 26930876 * 26930003
|
||||
-- >8 --
|
||||
|
||||
Fixes: e00ab3c0616fe6d83ab0710d9e7d989c299088f7 ("fsidd: provide
|
||||
better default socket name.")
|
||||
Reviewed-by: NeilBrown <neilb@suse.de>
|
||||
Signed-off-by: Ahelenia Ziemia?ska <nabijaczleweli@nabijaczleweli.xyz>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
support/reexport/fsidd.c | 9 ++++++---
|
||||
support/reexport/reexport.c | 8 ++++++--
|
||||
2 files changed, 12 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/support/reexport/fsidd.c b/support/reexport/fsidd.c
|
||||
index 3e62b3fc1370..8a70b78f6362 100644
|
||||
--- a/support/reexport/fsidd.c
|
||||
+++ b/support/reexport/fsidd.c
|
||||
@@ -147,6 +147,7 @@ int main(void)
|
||||
{
|
||||
struct event *srv_ev;
|
||||
struct sockaddr_un addr;
|
||||
+ socklen_t addr_len;
|
||||
char *sock_file;
|
||||
int srv;
|
||||
|
||||
@@ -161,10 +162,12 @@ int main(void)
|
||||
memset(&addr, 0, sizeof(struct sockaddr_un));
|
||||
addr.sun_family = AF_UNIX;
|
||||
strncpy(addr.sun_path, sock_file, sizeof(addr.sun_path) - 1);
|
||||
- if (addr.sun_path[0] == '@')
|
||||
+ addr_len = sizeof(struct sockaddr_un);
|
||||
+ if (addr.sun_path[0] == '@') {
|
||||
/* "abstract" socket namespace */
|
||||
+ addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path);
|
||||
addr.sun_path[0] = 0;
|
||||
- else
|
||||
+ } else
|
||||
unlink(sock_file);
|
||||
|
||||
srv = socket(AF_UNIX, SOCK_SEQPACKET | SOCK_NONBLOCK, 0);
|
||||
@@ -173,7 +176,7 @@ int main(void)
|
||||
return 1;
|
||||
}
|
||||
|
||||
- if (bind(srv, (const struct sockaddr *)&addr, sizeof(struct sockaddr_un)) == -1) {
|
||||
+ if (bind(srv, (const struct sockaddr *)&addr, addr_len) == -1) {
|
||||
xlog(L_WARNING, "Unable to bind %s: %m\n", sock_file);
|
||||
return 1;
|
||||
}
|
||||
diff --git a/support/reexport/reexport.c b/support/reexport/reexport.c
|
||||
index 78516586b98e..0fb49a46723c 100644
|
||||
--- a/support/reexport/reexport.c
|
||||
+++ b/support/reexport/reexport.c
|
||||
@@ -21,6 +21,7 @@ static int fsidd_srv = -1;
|
||||
static bool connect_fsid_service(void)
|
||||
{
|
||||
struct sockaddr_un addr;
|
||||
+ socklen_t addr_len;
|
||||
char *sock_file;
|
||||
int ret;
|
||||
int s;
|
||||
@@ -33,9 +34,12 @@ static bool connect_fsid_service(void)
|
||||
memset(&addr, 0, sizeof(struct sockaddr_un));
|
||||
addr.sun_family = AF_UNIX;
|
||||
strncpy(addr.sun_path, sock_file, sizeof(addr.sun_path) - 1);
|
||||
- if (addr.sun_path[0] == '@')
|
||||
+ addr_len = sizeof(struct sockaddr_un);
|
||||
+ if (addr.sun_path[0] == '@') {
|
||||
/* "abstract" socket namespace */
|
||||
+ addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path);
|
||||
addr.sun_path[0] = 0;
|
||||
+ }
|
||||
|
||||
s = socket(AF_UNIX, SOCK_SEQPACKET, 0);
|
||||
if (s == -1) {
|
||||
@@ -43,7 +47,7 @@ static bool connect_fsid_service(void)
|
||||
return false;
|
||||
}
|
||||
|
||||
- ret = connect(s, (const struct sockaddr *)&addr, sizeof(struct sockaddr_un));
|
||||
+ ret = connect(s, (const struct sockaddr *)&addr, addr_len);
|
||||
if (ret == -1) {
|
||||
xlog(L_WARNING, "Unable to connect %s: %m, is fsidd running?\n", sock_file);
|
||||
return false;
|
||||
--
|
||||
2.43.0
|
||||
|
@ -0,0 +1,62 @@
|
||||
From 2bfb59c6f50eb86c21f8e0c33bbf32ec53480fb8 Mon Sep 17 00:00:00 2001
|
||||
From: Olga Kornievskaia <kolga@netapp.com>
|
||||
Date: Mon, 11 Dec 2023 08:55:35 -0500
|
||||
Subject: [PATCH 4/6] gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine
|
||||
credentials
|
||||
|
||||
During context establishment, when the client received
|
||||
KRB5_AP_ERR_BAD_INTEGRITY error, it might be due to the server
|
||||
updating its key material. To handle such error, get a new
|
||||
service ticket and re-try the AP_REQ.
|
||||
|
||||
This functionality relies on the new API in libtirpc that
|
||||
exposes the gss errors.
|
||||
|
||||
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
|
||||
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
utils/gssd/gssd_proc.c | 21 ++++++++++++++++++++-
|
||||
1 file changed, 20 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
|
||||
index 99761157..29600a3f 100644
|
||||
--- a/utils/gssd/gssd_proc.c
|
||||
+++ b/utils/gssd/gssd_proc.c
|
||||
@@ -427,13 +427,32 @@ create_auth_rpc_client(struct clnt_info *clp,
|
||||
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
|
||||
#endif
|
||||
if (!auth) {
|
||||
+#ifdef HAVE_TIRPC_GSS_SECCREATE
|
||||
+ if (ret.minor_status == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
|
||||
+ printerr(2, "WARNING: server=%s failed context "
|
||||
+ "creation with KRB5_AP_ERR_BAD_INTEGRITY\n",
|
||||
+ clp->servername);
|
||||
+ if (cred == GSS_C_NO_CREDENTIAL)
|
||||
+ retval = gssd_refresh_krb5_machine_credential(clp->servername,
|
||||
+ "*", NULL, 1);
|
||||
+ if (!retval) {
|
||||
+ auth = rpc_gss_seccreate(rpc_clnt, tgtname,
|
||||
+ mechanism, rpcsec_gss_svc_none,
|
||||
+ NULL, &req, &ret);
|
||||
+ if (auth)
|
||||
+ goto success;
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
/* Our caller should print appropriate message */
|
||||
printerr(2, "WARNING: Failed to create krb5 context for "
|
||||
"user with uid %d for server %s\n",
|
||||
uid, tgtname);
|
||||
goto out_fail;
|
||||
}
|
||||
-
|
||||
+#ifdef HAVE_TIRPC_GSS_SECCREATE
|
||||
+success:
|
||||
+#endif
|
||||
/* Success !!! */
|
||||
rpc_clnt->cl_auth = auth;
|
||||
*clnt_return = rpc_clnt;
|
||||
--
|
||||
2.46.0
|
||||
|
101
0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch
Normal file
101
0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch
Normal file
@ -0,0 +1,101 @@
|
||||
From 15cd566633b1546f0808d0694ede094b4c99752d Mon Sep 17 00:00:00 2001
|
||||
From: Olga Kornievskaia <kolga@netapp.com>
|
||||
Date: Mon, 11 Dec 2023 08:57:28 -0500
|
||||
Subject: [PATCH 5/6] gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user
|
||||
credentials
|
||||
|
||||
Unlike the machine credential case, we can't throw away the ticket
|
||||
cache and use the keytab to renew the credentials. Instead, we
|
||||
need to remove the service ticket for the server that returned
|
||||
KRB5_AP_ERR_BAD_INTEGRITY and try again.
|
||||
|
||||
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
|
||||
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
utils/gssd/gssd_proc.c | 2 ++
|
||||
utils/gssd/krb5_util.c | 42 ++++++++++++++++++++++++++++++++++++++++++
|
||||
utils/gssd/krb5_util.h | 1 +
|
||||
3 files changed, 45 insertions(+)
|
||||
|
||||
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
|
||||
index 29600a3f..7629de0b 100644
|
||||
--- a/utils/gssd/gssd_proc.c
|
||||
+++ b/utils/gssd/gssd_proc.c
|
||||
@@ -435,6 +435,8 @@ create_auth_rpc_client(struct clnt_info *clp,
|
||||
if (cred == GSS_C_NO_CREDENTIAL)
|
||||
retval = gssd_refresh_krb5_machine_credential(clp->servername,
|
||||
"*", NULL, 1);
|
||||
+ else
|
||||
+ retval = gssd_k5_remove_bad_service_cred(clp->servername);
|
||||
if (!retval) {
|
||||
auth = rpc_gss_seccreate(rpc_clnt, tgtname,
|
||||
mechanism, rpcsec_gss_svc_none,
|
||||
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
||||
index f6ce1fec..6f66ef4f 100644
|
||||
--- a/utils/gssd/krb5_util.c
|
||||
+++ b/utils/gssd/krb5_util.c
|
||||
@@ -1553,6 +1553,48 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
|
||||
return ret;
|
||||
}
|
||||
|
||||
+/* Removed a service ticket for nfs/<name> from the ticket cache
|
||||
+ */
|
||||
+int
|
||||
+gssd_k5_remove_bad_service_cred(char *name)
|
||||
+{
|
||||
+ krb5_creds in_creds, out_creds;
|
||||
+ krb5_error_code ret;
|
||||
+ krb5_context context;
|
||||
+ krb5_ccache cache;
|
||||
+ krb5_principal principal;
|
||||
+ int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
|
||||
+ char srvname[1024];
|
||||
+
|
||||
+ ret = krb5_init_context(&context);
|
||||
+ if (ret)
|
||||
+ goto out_cred;
|
||||
+ ret = krb5_cc_default(context, &cache);
|
||||
+ if (ret)
|
||||
+ goto out_free_context;
|
||||
+ ret = krb5_cc_get_principal(context, cache, &principal);
|
||||
+ if (ret)
|
||||
+ goto out_close_cache;
|
||||
+ memset(&in_creds, 0, sizeof(in_creds));
|
||||
+ in_creds.client = principal;
|
||||
+ sprintf(srvname, "nfs/%s", name);
|
||||
+ ret = krb5_parse_name(context, srvname, &in_creds.server);
|
||||
+ if (ret)
|
||||
+ goto out_free_principal;
|
||||
+ ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
|
||||
+ if (ret)
|
||||
+ goto out_free_principal;
|
||||
+ ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
|
||||
+out_free_principal:
|
||||
+ krb5_free_principal(context, principal);
|
||||
+out_close_cache:
|
||||
+ krb5_cc_close(context, cache);
|
||||
+out_free_context:
|
||||
+ krb5_free_context(context);
|
||||
+out_cred:
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
||||
/*
|
||||
* this routine obtains a credentials handle via gss_acquire_cred()
|
||||
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
|
||||
index 62c91a0e..7ef87018 100644
|
||||
--- a/utils/gssd/krb5_util.h
|
||||
+++ b/utils/gssd/krb5_util.h
|
||||
@@ -22,6 +22,7 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
|
||||
void gssd_k5_get_default_realm(char **def_realm);
|
||||
|
||||
int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
|
||||
+int gssd_k5_remove_bad_service_cred(char *srvname);
|
||||
|
||||
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
||||
extern int limit_to_legacy_enctypes;
|
||||
--
|
||||
2.46.0
|
||||
|
35
0006-configure-check-for-rpc_gss_seccreate.patch
Normal file
35
0006-configure-check-for-rpc_gss_seccreate.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 49567e7d03a5605c590be2135a24d4de8345fa3c Mon Sep 17 00:00:00 2001
|
||||
From: Olga Kornievskaia <kolga@netapp.com>
|
||||
Date: Mon, 11 Dec 2023 08:59:43 -0500
|
||||
Subject: [PATCH 6/6] configure: check for rpc_gss_seccreate
|
||||
|
||||
If we have rpc_gss_sccreate in tirpc library define
|
||||
HAVE_TIRPC_GSS_SECCREATE, which would allow us to handle bad_integrity
|
||||
errors.
|
||||
|
||||
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
|
||||
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
aclocal/libtirpc.m4 | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4
|
||||
index bddae022..ef48a2ae 100644
|
||||
--- a/aclocal/libtirpc.m4
|
||||
+++ b/aclocal/libtirpc.m4
|
||||
@@ -26,6 +26,11 @@ AC_DEFUN([AC_LIBTIRPC], [
|
||||
[Define to 1 if your tirpc library provides libtirpc_set_debug])],,
|
||||
[${LIBS}])])
|
||||
|
||||
+ AS_IF([test -n "${LIBTIRPC}"],
|
||||
+ [AC_CHECK_LIB([tirpc], [rpc_gss_seccreate],
|
||||
+ [AC_DEFINE([HAVE_TIRPC_GSS_SECCREATE], [1],
|
||||
+ [Define to 1 if your tirpc library provides rpc_gss_seccreate])],,
|
||||
+ [${LIBS}])])
|
||||
AC_SUBST([AM_CPPFLAGS])
|
||||
AC_SUBST(LIBTIRPC)
|
||||
|
||||
--
|
||||
2.46.0
|
||||
|
10
idmapd.conf
Normal file
10
idmapd.conf
Normal file
@ -0,0 +1,10 @@
|
||||
[General]
|
||||
|
||||
Verbosity = 0
|
||||
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
|
||||
Domain = localdomain
|
||||
|
||||
[Mapping]
|
||||
|
||||
Nobody-User = nobody
|
||||
Nobody-Group = nobody
|
5
nfs-kernel-server.tmpfiles.conf
Normal file
5
nfs-kernel-server.tmpfiles.conf
Normal file
@ -0,0 +1,5 @@
|
||||
# See tmpfiles.d(5) for details
|
||||
#Type Path Mode UID GID Age Argument
|
||||
d /var/lib/nfs
|
||||
f /var/lib/nfs/etab
|
||||
f /var/lib/nfs/rmtab
|
4
nfs-mountd.options.conf
Normal file
4
nfs-mountd.options.conf
Normal file
@ -0,0 +1,4 @@
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/sysconfig/nfs
|
||||
ExecStart=
|
||||
ExecStart=-/usr/sbin/rpc.mountd $MOUNTD_OPTIONS
|
4
nfs-server.options.conf
Normal file
4
nfs-server.options.conf
Normal file
@ -0,0 +1,4 @@
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/sysconfig/nfs
|
||||
ExecStart=
|
||||
ExecStart=-/usr/sbin/rpc.nfsd $NFSD_OPTIONS
|
19
nfs-utils-1.0.7-bind-syntax.patch
Normal file
19
nfs-utils-1.0.7-bind-syntax.patch
Normal file
@ -0,0 +1,19 @@
|
||||
support/export/export.c | 2
|
||||
support/include/misc.h | 3
|
||||
support/include/nfslib.h | 1
|
||||
================================================================================
|
||||
---
|
||||
support/nfs/exports.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
--- a/support/nfs/exports.c
|
||||
+++ b/support/nfs/exports.c
|
||||
@@ -684,6 +684,8 @@ bad_option:
|
||||
} else if (strncmp(opt, "replicas=", 9) == 0) {
|
||||
ep->e_fslocmethod = FSLOC_REPLICA;
|
||||
ep->e_fslocdata = strdup(opt+9);
|
||||
+ } else if (strncmp(opt, "bind=/", 6) == 0) {
|
||||
+ /* ignore this for now */
|
||||
} else if (strncmp(opt, "sec=", 4) == 0) {
|
||||
active = parse_flavors(opt+4, ep);
|
||||
if (!active)
|
3
nfs-utils-2.6.4.tar.xz
Normal file
3
nfs-utils-2.6.4.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:01b3b0fb9c7d0bbabf5114c736542030748c788ec2fd9734744201e9b0a1119d
|
||||
size 728280
|
2337
nfs-utils.changes
Normal file
2337
nfs-utils.changes
Normal file
File diff suppressed because it is too large
Load Diff
2
nfs-utils.rpmlintrc
Normal file
2
nfs-utils.rpmlintrc
Normal file
@ -0,0 +1,2 @@
|
||||
# /var/lib/nfs/sm.bak is a valid directory needed by sm-notify
|
||||
addFilter("suse-filelist-forbidden-backup-file.*sm.bak")
|
404
nfs-utils.spec
Normal file
404
nfs-utils.spec
Normal file
@ -0,0 +1,404 @@
|
||||
#
|
||||
# spec file for package nfs-utils
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
#Compat macro for new _fillupdir macro introduced in Nov 2017
|
||||
%if ! %{defined _fillupdir}
|
||||
%define _fillupdir /var/adm/fillup-templates
|
||||
%endif
|
||||
|
||||
Name: nfs-utils
|
||||
Version: 2.6.4
|
||||
Release: 0
|
||||
Summary: Support Utilities for Kernel nfsd
|
||||
License: GPL-2.0-or-later
|
||||
Group: Productivity/Networking/NFS
|
||||
URL: https://kernel.org/pub/linux/utils/nfs-utils/
|
||||
Source0: https://kernel.org/pub/linux/utils/nfs-utils/%{version}/nfs-utils-%{version}.tar.xz
|
||||
Source4: sysconfig.nfs
|
||||
Source11: idmapd.conf
|
||||
Source12: statd-user.conf
|
||||
Source13: nfs-utils.rpmlintrc
|
||||
Source20: nfs-mountd.options.conf
|
||||
Source21: nfs-server.options.conf
|
||||
Source22: rpc-gssd.options.conf
|
||||
Source23: rpc-statd.options.conf
|
||||
Source24: rpc-statd-notify.options.conf
|
||||
Source25: rpc-svcgssd.options.conf
|
||||
Source26: nfs.conf
|
||||
Source27: nfs-kernel-server.tmpfiles.conf
|
||||
Patch0: nfs-utils-1.0.7-bind-syntax.patch
|
||||
Patch1: 0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch
|
||||
Patch2: 0002-conffile-don-t-report-error-from-conf_init_file.patch
|
||||
Patch3: 0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch
|
||||
Patch4: 0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch
|
||||
# PATCH-FIX-UPSTREAM: fix build against libtirpc 1.3.5
|
||||
Patch5: 0001-gssd-revert-commit-a5f3b7ccb01c.patch
|
||||
Patch6: 0002-gssd-revert-commit-513630d720bd.patch
|
||||
Patch7: 0003-gssd-switch-to-using-rpc_gss_seccreate.patch
|
||||
Patch8: 0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch
|
||||
Patch9: 0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch
|
||||
Patch10: 0006-configure-check-for-rpc_gss_seccreate.patch
|
||||
BuildRequires: e2fsprogs-devel
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: rpcgen
|
||||
BuildRequires: sysuser-tools
|
||||
BuildRequires: tcpd-devel
|
||||
BuildRequires: pkgconfig(devmapper)
|
||||
BuildRequires: pkgconfig(kdb)
|
||||
BuildRequires: pkgconfig(krb5)
|
||||
BuildRequires: pkgconfig(libcap)
|
||||
BuildRequires: pkgconfig(libevent)
|
||||
BuildRequires: pkgconfig(libkeyutils)
|
||||
BuildRequires: pkgconfig(libtirpc)
|
||||
BuildRequires: pkgconfig(libxml-2.0)
|
||||
BuildRequires: pkgconfig(mount)
|
||||
BuildRequires: pkgconfig(sqlite3)
|
||||
Suggests: python-base
|
||||
%{?systemd_ordering}
|
||||
|
||||
%description
|
||||
This package contains the NFS utilities. You can tune the number of
|
||||
server threads via the sysconfig variable USE_KERNEL_NFSD_NUMBER. For
|
||||
quota over NFS support, install the quota package.
|
||||
|
||||
%package -n nfs-client
|
||||
Summary: Support Utilities for NFS
|
||||
Group: Productivity/Networking/NFS
|
||||
Requires: keyutils
|
||||
Requires: netcfg
|
||||
Requires: rpcbind
|
||||
Requires(post): %fillup_prereq
|
||||
Requires(pre): permissions
|
||||
Obsoletes: nfs-utils < 1.1.0
|
||||
%sysusers_requires
|
||||
|
||||
%description -n nfs-client
|
||||
This package contains common NFS utilities which are needed for client
|
||||
and kernel based server.
|
||||
|
||||
%package -n nfs-kernel-server
|
||||
Summary: Support Utilities for Kernel nfsd
|
||||
Group: Productivity/Networking/NFS
|
||||
Requires: netcfg
|
||||
Requires: nfs-client = %{version}
|
||||
Requires: rpcbind
|
||||
Requires: (kmod(nfsd.ko) if kernel)
|
||||
Conflicts: nfs-server
|
||||
Provides: nfs-utils = %{version}
|
||||
Obsoletes: nfs-utils < 1.1.0
|
||||
PreReq: permissions
|
||||
|
||||
%description -n nfs-kernel-server
|
||||
This package contains support for the kernel based NFS server. You can
|
||||
tune the number of server threads via the sysconfig variable
|
||||
USE_KERNEL_NFSD_NUMBER. For quota over NFS support, install the quota
|
||||
package.
|
||||
|
||||
%package -n libnfsidmap1
|
||||
Summary: NFSv4 ID Mapping Library
|
||||
Group: Productivity/Networking/NFS
|
||||
Version: 1.0
|
||||
Release: 0
|
||||
Obsoletes: nfsidmap < 1.0
|
||||
Provides: nfsidmap = 1.0
|
||||
|
||||
%package -n nfsidmap-devel
|
||||
Summary: NFSv4 ID Mapping Library development libraries
|
||||
Group: Development/Libraries/C and C++
|
||||
Version: 1.0
|
||||
Release: 0
|
||||
Requires: libnfsidmap1 = %{version}
|
||||
|
||||
%description -n libnfsidmap1
|
||||
In NFSv4, identities of users are conveyed by names rather than user ID
|
||||
and group ID. Both the NFS server and client code in the kernel need to
|
||||
translate these to numeric IDs.
|
||||
|
||||
%description -n nfsidmap-devel
|
||||
In NFSv4, identities of users are conveyed by names rather than user ID
|
||||
and group ID. Both the NFS server and client code in the kernel need to
|
||||
translate these to numeric IDs.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
autoreconf -fvi
|
||||
export CFLAGS="%{optflags} -fPIE"
|
||||
export LDFLAGS="-pie"
|
||||
%configure \
|
||||
--with-systemd \
|
||||
--enable-nfsv4 \
|
||||
--enable-gss \
|
||||
--enable-svcgss \
|
||||
--enable-ipv6 \
|
||||
--enable-nfsdcltrack \
|
||||
--enable-mount \
|
||||
--enable-libmount-mount \
|
||||
--enable-junction \
|
||||
--disable-static \
|
||||
--disable-sbin-override \
|
||||
--with-pluginpath=%{_libdir}/libnfsidmap-1.0.0 \
|
||||
--enable-mountconfig
|
||||
make %{?_smp_mflags}
|
||||
%sysusers_generate_pre %{SOURCE12} statd statd-user.conf
|
||||
|
||||
%install
|
||||
make %{?_smp_mflags} DESTDIR=%{buildroot} install
|
||||
find %{buildroot} -type f -name '*.la' -delete -print
|
||||
install -D -m 644 %{SOURCE20} %{buildroot}%{_unitdir}/nfs-mountd.service.d/10-options.conf
|
||||
install -D -m 644 %{SOURCE21} %{buildroot}%{_unitdir}/nfs-server.service.d/10-options.conf
|
||||
install -D -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/rpc-gssd.service.d/10-options.conf
|
||||
install -D -m 644 %{SOURCE23} %{buildroot}%{_unitdir}/rpc-statd.service.d/10-options.conf
|
||||
install -D -m 644 %{SOURCE24} %{buildroot}%{_unitdir}/rpc-statd-notify.service.d/10-options.conf
|
||||
install -D -m 644 %{SOURCE25} %{buildroot}%{_unitdir}/rpc-svcgssd.service.d/10-options.conf
|
||||
install -D -m 644 %{SOURCE26} %{buildroot}%{_prefix}%{_sysconfdir}/nfs.conf
|
||||
mkdir -p -m 755 %{buildroot}%{_prefix}%{_sysconfdir}/nfs.conf.d
|
||||
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/nfs.conf.d
|
||||
install -D -m 644 %{SOURCE27} %{buildroot}%{_prefix}/lib/tmpfiles.d/nfs-kernel-server.conf
|
||||
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcnfs-server
|
||||
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcnfs-client
|
||||
# sysconfig-data
|
||||
mkdir -p %{buildroot}%{_fillupdir}
|
||||
install -m 644 %{SOURCE4} %{buildroot}%{_fillupdir}
|
||||
# idmapd setup
|
||||
install -D -m 644 %{SOURCE11} %{buildroot}%{_prefix}%{_sysconfdir}/idmapd.conf
|
||||
mkdir -p -m 755 %{buildroot}%{_prefix}%{_sysconfdir}/idmapd.conf.d
|
||||
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/idmapd.conf.d
|
||||
mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/rpc_pipefs
|
||||
mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/v4recovery
|
||||
# sm-notify state
|
||||
mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/sm
|
||||
mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/sm.bak
|
||||
touch %{buildroot}%{_localstatedir}/lib/nfs/state
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
|
||||
mkdir -p -m 755 %{buildroot}%{_prefix}%{_sysconfdir}/nfsmount.conf.d
|
||||
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/nfsmount.conf.d
|
||||
#
|
||||
# hack to avoid automatic python dependency
|
||||
chmod 644 `grep -l -r '^#!/usr/bin/python' %{buildroot}%{_sbindir}`
|
||||
# Install sysusers.d template
|
||||
mkdir -p %{buildroot}%{_sysusersdir}
|
||||
install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/
|
||||
|
||||
%pre -n nfs-client -f statd.pre
|
||||
%service_add_pre auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service
|
||||
|
||||
%post -n nfs-client
|
||||
# lib/nfs must be root-owned.
|
||||
# sm and sm.back and contents should be statd:statd,
|
||||
# but only chown if the dirs are currently root-owned.
|
||||
# This is needed for some upgraded, but chown is best avoided
|
||||
# when not necessary
|
||||
chown root:root %{_localstatedir}/lib/nfs > /dev/null 2>&1 || :
|
||||
for i in sm sm.bak; do
|
||||
p=%{_localstatedir}/lib/nfs/$i
|
||||
if [ -d "$b" -a -n "`chown 2> /dev/null -c --from root statd:statd $p`" ]; then
|
||||
chown -R statd:statd $p > /dev/null 2>&1 || :
|
||||
fi
|
||||
done
|
||||
### migrate from /var/lock/subsys
|
||||
[ -d /run/nfs ] || mkdir /run/nfs
|
||||
if [ -f %{_localstatedir}/lock/subsys/nfs-rpc.idmapd ]; then
|
||||
mv %{_localstatedir}/lock/subsys/nfs-rpc.idmapd /run/nfs
|
||||
fi
|
||||
if [ -f %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd ]; then
|
||||
mv %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd /run/nfs
|
||||
fi
|
||||
###
|
||||
%{fillup_only -n nfs nfs}
|
||||
#
|
||||
%set_permissions %{_sbindir}/mount.nfs
|
||||
/sbin/ldconfig
|
||||
%service_add_post auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service
|
||||
|
||||
%preun -n nfs-client
|
||||
%service_del_preun auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service
|
||||
|
||||
%postun -n nfs-client
|
||||
/sbin/ldconfig
|
||||
%service_del_postun auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service
|
||||
|
||||
%verifyscript -n nfs-client
|
||||
%verify_permissions -e %{_sbindir}/mount.nfs
|
||||
|
||||
%pre -n nfs-kernel-server
|
||||
%service_add_pre nfs-svcgssd.service nfs-mountd.service nfs-server.service
|
||||
|
||||
%preun -n nfs-kernel-server
|
||||
%service_del_preun nfs-svcgssd.service nfs-mountd.service nfs-server.service
|
||||
|
||||
%post -n nfs-kernel-server
|
||||
### migrate from /var/lock/subsys
|
||||
[ -d /run/nfs ] || mkdir /run/nfs
|
||||
if [ -f %{_localstatedir}/lock/subsys/nfs-rpc.idmapd ]; then
|
||||
mv %{_localstatedir}/lock/subsys/nfs-rpc.idmapd /run/nfs
|
||||
fi
|
||||
if [ -f %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd ]; then
|
||||
mv %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd /run/nfs
|
||||
fi
|
||||
###
|
||||
%service_add_post nfs-mountd.service nfs-server.service nfsdcld.service
|
||||
%tmpfiles_create nfs-kernel-server.conf
|
||||
%set_permissions /var/lib/nfs/rmtab
|
||||
|
||||
%postun -n nfs-kernel-server
|
||||
%service_del_postun nfs-mountd.service nfs-server.service nfsdcld.service
|
||||
|
||||
%post -n libnfsidmap1 -p /sbin/ldconfig
|
||||
%postun -n libnfsidmap1 -p /sbin/ldconfig
|
||||
|
||||
%verifyscript -n nfs-kernel-server
|
||||
%verify_permissions -e /var/lib/nfs/rmtab
|
||||
|
||||
%files -n nfs-client
|
||||
%license COPYING
|
||||
%{_prefix}%{_sysconfdir}/idmapd.conf
|
||||
%dir %{_prefix}%{_sysconfdir}/idmapd.conf.d
|
||||
%dir %{_sysconfdir}/idmapd.conf.d
|
||||
%dir %{_prefix}%{_sysconfdir}/nfsmount.conf.d
|
||||
%dir %{_sysconfdir}/nfsmount.conf.d
|
||||
%doc utils/mount/nfsmount.conf
|
||||
%{_prefix}%{_sysconfdir}/nfs.conf
|
||||
%dir %{_prefix}%{_sysconfdir}/nfs.conf.d
|
||||
%dir %{_sysconfdir}/nfs.conf.d
|
||||
%verify(not mode) %attr(0755,root,root) %{_sbindir}/mount.nfs
|
||||
%{_sbindir}/mount.nfs4
|
||||
%{_sbindir}/umount.nfs
|
||||
%{_sbindir}/umount.nfs4
|
||||
%attr(0755,root,root) %{_sbindir}/mountstats
|
||||
%attr(0755,root,root) %{_sbindir}/nfsiostat
|
||||
%{_sbindir}/nfsdcld
|
||||
%{_sbindir}/nfsidmap
|
||||
%{_sbindir}/nfsstat
|
||||
%{_sbindir}/rcnfs-client
|
||||
%{_sbindir}/rpc.gssd
|
||||
%{_sbindir}/rpc.idmapd
|
||||
%{_sbindir}/rpc.statd
|
||||
%{_sbindir}/rpcctl
|
||||
%{_sbindir}/rpcdebug
|
||||
%{_sbindir}/showmount
|
||||
%{_sbindir}/sm-notify
|
||||
%{_sbindir}/start-statd
|
||||
%{_sbindir}/blkmapd
|
||||
%{_sbindir}/rpc.svcgssd
|
||||
%{_sbindir}/nfsconf
|
||||
%{_udevrulesdir}/60-nfs.rules
|
||||
%{_udevrulesdir}/99-nfs.rules
|
||||
%{_unitdir}/auth-rpcgss-module.service
|
||||
%{_unitdir}/fsidd.service
|
||||
%{_unitdir}/nfs-blkmap.service
|
||||
%{_unitdir}/nfs-client.target
|
||||
%{_unitdir}/nfs-idmapd.service
|
||||
%{_unitdir}/nfs-utils.service
|
||||
%{_unitdir}/nfsdcld.service
|
||||
%{_unitdir}/rpc-gssd.service
|
||||
%{_unitdir}/rpc-gssd.service.d
|
||||
%{_unitdir}/rpc_pipefs.target
|
||||
%{_unitdir}/rpc-statd-notify.service
|
||||
%{_unitdir}/rpc-statd-notify.service.d
|
||||
%{_unitdir}/rpc-statd.service
|
||||
%{_unitdir}/rpc-statd.service.d
|
||||
%{_unitdir}/rpc-svcgssd.service
|
||||
%{_unitdir}/rpc-svcgssd.service.d
|
||||
%{_unitdir}/var-lib-nfs-rpc_pipefs.mount
|
||||
%dir %{_systemdgeneratordir}
|
||||
%{_systemdgeneratordir}/nfs-server-generator
|
||||
%{_systemdgeneratordir}/rpc-pipefs-generator
|
||||
%{_mandir}/man5/idmapd.conf.5%{ext_man}
|
||||
%{_mandir}/man5/nfs.5%{ext_man}
|
||||
%{_mandir}/man5/nfs.conf.5%{ext_man}
|
||||
%{_mandir}/man5/nfsmount.conf.5%{ext_man}
|
||||
%{_mandir}/man5/nfsrahead.5%{ext_man}
|
||||
%{_mandir}/man7/nfs.systemd.7%{ext_man}
|
||||
%{_mandir}/man8/blkmapd.8%{ext_man}
|
||||
%{_mandir}/man8/gssd.8%{ext_man}
|
||||
%{_mandir}/man8/idmapd.8%{ext_man}
|
||||
%{_mandir}/man8/mount.nfs.8%{ext_man}
|
||||
%{_mandir}/man8/mountstats.8%{ext_man}
|
||||
%{_mandir}/man8/nfsconf.8%{ext_man}
|
||||
%{_mandir}/man8/nfsdcld.8%{ext_man}
|
||||
%{_mandir}/man8/nfsdclddb.8%{ext_man}
|
||||
%{_mandir}/man8/nfsdclnts.8%{ext_man}
|
||||
%{_mandir}/man8/nfsidmap.8%{ext_man}
|
||||
%{_mandir}/man8/nfsiostat.8%{ext_man}
|
||||
%{_mandir}/man8/nfsstat.8%{ext_man}
|
||||
%{_mandir}/man8/rpc.gssd.8%{ext_man}
|
||||
%{_mandir}/man8/rpc.idmapd.8%{ext_man}
|
||||
%{_mandir}/man8/rpc.sm-notify.8%{ext_man}
|
||||
%{_mandir}/man8/rpc.statd.8%{ext_man}
|
||||
%{_mandir}/man8/rpc.svcgssd.8%{ext_man}
|
||||
%{_mandir}/man8/rpcctl.8%{ext_man}
|
||||
%{_mandir}/man8/rpcdebug.8%{ext_man}
|
||||
%{_mandir}/man8/showmount.8%{ext_man}
|
||||
%{_mandir}/man8/sm-notify.8%{ext_man}
|
||||
%{_mandir}/man8/statd.8%{ext_man}
|
||||
%{_mandir}/man8/svcgssd.8%{ext_man}
|
||||
%{_mandir}/man8/umount.nfs.8%{ext_man}
|
||||
%{_fillupdir}/sysconfig.nfs
|
||||
%{_sysusersdir}/statd-user.conf
|
||||
%dir %{_localstatedir}/lib/nfs
|
||||
%dir %{_localstatedir}/lib/nfs/rpc_pipefs
|
||||
%dir %{_localstatedir}/lib/nfs/v4recovery
|
||||
%attr(0700,statd,statd) %dir %{_localstatedir}/lib/nfs/sm
|
||||
%attr(0700,statd,statd) %dir %{_localstatedir}/lib/nfs/sm.bak
|
||||
%ghost %{_localstatedir}/lib/nfs/state
|
||||
%{_libexecdir}/nfsrahead
|
||||
|
||||
%files -n nfs-kernel-server
|
||||
%{_unitdir}/nfs-mountd.service
|
||||
%{_unitdir}/nfs-mountd.service.d
|
||||
%{_unitdir}/nfs-server.service
|
||||
%{_unitdir}/nfs-server.service.d
|
||||
%{_unitdir}/proc-fs-nfsd.mount
|
||||
%{_prefix}/lib/tmpfiles.d/nfs-kernel-server.conf
|
||||
%{_sbindir}/exportfs
|
||||
%{_sbindir}/fsidd
|
||||
%{_sbindir}/rcnfs-server
|
||||
%{_sbindir}/rpc.mountd
|
||||
%{_sbindir}/rpc.nfsd
|
||||
%{_sbindir}/nfsdcltrack
|
||||
%{_sbindir}/nfsref
|
||||
%attr(0755,root,root) %{_sbindir}/nfsdclddb
|
||||
%attr(0755,root,root) %{_sbindir}/nfsdclnts
|
||||
%{_mandir}/man5/exports.5%{ext_man}
|
||||
%{_mandir}/man7/nfsd.7%{ext_man}
|
||||
%{_mandir}/man8/exportfs.8%{ext_man}
|
||||
%{_mandir}/man8/mountd.8%{ext_man}
|
||||
%{_mandir}/man8/nfsd.8%{ext_man}
|
||||
%{_mandir}/man8/nfsref.8%{ext_man}
|
||||
%{_mandir}/man8/rpc.mountd.8%{ext_man}
|
||||
%{_mandir}/man8/rpc.nfsd.8%{ext_man}
|
||||
%{_mandir}/man8/nfsdcltrack.8%{ext_man}
|
||||
%config(noreplace) %{_localstatedir}/lib/nfs/etab
|
||||
%config(noreplace) %{_localstatedir}/lib/nfs/rmtab
|
||||
|
||||
%files -n libnfsidmap1
|
||||
%{_libdir}/libnfsidmap-1.0.0/
|
||||
%{_libdir}/libnfsidmap.so.1*
|
||||
|
||||
%files -n nfsidmap-devel
|
||||
%{_libdir}/libnfsidmap.so
|
||||
%{_includedir}/*.h
|
||||
%{_libdir}/pkgconfig/libnfsidmap.pc
|
||||
%{_mandir}/man3/*
|
||||
%doc support/nfsidmap/README
|
||||
|
||||
%changelog
|
32
nfs.conf
Normal file
32
nfs.conf
Normal file
@ -0,0 +1,32 @@
|
||||
#
|
||||
# This is a general configuration for the
|
||||
# NFS daemons and tools
|
||||
# DO NOT MAKE CHANGES TO THIS FILE as they will
|
||||
# be lost on the next software update. Make changes
|
||||
# to /etc/sysconfig/nfs, /usr/src/nfs.conf./*.conf or
|
||||
# /etc/nfs.conf.d/*.conf instead.
|
||||
# The .conf file can include multiple sections, just
|
||||
# like this file.
|
||||
|
||||
[environment]
|
||||
include = /etc/sysconfig/nfs
|
||||
include = -/etc/nfs.conf.local
|
||||
[general]
|
||||
pipefs-directory=$RPC_PIPEFS_DIR
|
||||
[gssd]
|
||||
avoid-dns=$NFS_GSSD_AVOID_DNS
|
||||
[lockd]
|
||||
port=$LOCKD_TCPPORT
|
||||
udp-port=$LOCKD_UDPPORT
|
||||
[mountd]
|
||||
port= $MOUNTD_PORT
|
||||
[nfsd]
|
||||
threads= $USE_KERNEL_NFSD_NUMBER
|
||||
grace-time=$NFSV4GRACETIME
|
||||
lease-time=$NFSV4LEASETIME
|
||||
vers3=$NFS3_SERVER_SUPPORT
|
||||
vers4=$NFS4_SUPPORT
|
||||
scope=$NFSD_SCOPE
|
||||
[statd]
|
||||
port=$STATD_PORT
|
||||
name=$STATD_HOSTNAME
|
4
rpc-gssd.options.conf
Normal file
4
rpc-gssd.options.conf
Normal file
@ -0,0 +1,4 @@
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/sysconfig/nfs
|
||||
ExecStart=
|
||||
ExecStart=-/usr/sbin/rpc.gssd $GSSD_OPTIONS
|
4
rpc-statd-notify.options.conf
Normal file
4
rpc-statd-notify.options.conf
Normal file
@ -0,0 +1,4 @@
|
||||
[Service]
|
||||
ExecStart=
|
||||
EnvironmentFile=-/etc/sysconfig/nfs
|
||||
ExecStart=-/usr/sbin/sm-notify $SM_NOTIFY_OPTIONS
|
4
rpc-statd.options.conf
Normal file
4
rpc-statd.options.conf
Normal file
@ -0,0 +1,4 @@
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/sysconfig/nfs
|
||||
ExecStart=
|
||||
ExecStart=-/usr/sbin/rpc.statd $STATD_OPTIONS
|
4
rpc-svcgssd.options.conf
Normal file
4
rpc-svcgssd.options.conf
Normal file
@ -0,0 +1,4 @@
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/sysconfig/nfs
|
||||
ExecStart=
|
||||
ExecStart=-/usr/sbin/rpc.svcgssd $SVCGSSD_OPTIONS
|
2
statd-user.conf
Normal file
2
statd-user.conf
Normal file
@ -0,0 +1,2 @@
|
||||
# Type Name ID GECOS [HOME] Shell
|
||||
u statd - "NFS statd daemon" /var/lib/nfs -
|
253
sysconfig.nfs
Normal file
253
sysconfig.nfs
Normal file
@ -0,0 +1,253 @@
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: number of threads for kernel nfs server
|
||||
## Type: integer
|
||||
## Default: 4
|
||||
## ServiceRestart: nfs-server
|
||||
#
|
||||
# the kernel nfs-server supports multiple server threads
|
||||
#
|
||||
USE_KERNEL_NFSD_NUMBER="4"
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: use fixed port number for mountd
|
||||
## Type: integer
|
||||
## Default: ""
|
||||
## ServiceRestart: nfs-mountd
|
||||
#
|
||||
# Only set this if you want to start mountd on a fixed
|
||||
# port instead of the port assigned by rpc. Only for use
|
||||
# to export nfs-filesystems through firewalls.
|
||||
#
|
||||
MOUNTD_PORT=""
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: NFSv3 server support
|
||||
## Type: yesno
|
||||
## Default: yes
|
||||
## ServiceRestart: nfs-server
|
||||
#
|
||||
# Enable NFSv3 server support (yes/no)
|
||||
# This causes the NFS server to respond to
|
||||
# NFSv2 and NFSv3 requests. Only disable this
|
||||
# if you want to ensure only NFSv4 is used.
|
||||
#
|
||||
NFS3_SERVER_SUPPORT="yes"
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: NFSv4 protocol support
|
||||
## Type: yesno
|
||||
## Default: yes
|
||||
## ServiceRestart: nfs-server
|
||||
#
|
||||
# Enable NFSv4 support (server and/or client) (yes/no)
|
||||
#
|
||||
NFS4_SUPPORT="yes"
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Network Status Monitor options
|
||||
## Type: string
|
||||
## Default: ""
|
||||
#
|
||||
# If a fixed port should be used to send reboot notification
|
||||
# messages to other systems, that port should be given
|
||||
# here as "-p portnumber".
|
||||
#
|
||||
SM_NOTIFY_OPTIONS=""
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Port rpc.statd should listen on
|
||||
## Type: integer
|
||||
## Default: ""
|
||||
## ServiceRestart: rpc-statd
|
||||
#
|
||||
# Statd will normally choose a random port to listen on and
|
||||
# SuSE-Firewall is able to detect which port and allow for it.
|
||||
# If you have another firewall, you may want to set a fixed
|
||||
# port number which can then be opened in that firewall.
|
||||
STATD_PORT=""
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Hostname used by rpc.statd
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: rpc-statd
|
||||
#
|
||||
# statd will normally use the system hostname in status
|
||||
# monitoring conversations with other hosts. If a different
|
||||
# host name should be used, as can be useful with fail-over
|
||||
# configurations, that name should be given here.
|
||||
#
|
||||
STATD_HOSTNAME=""
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: TCP Port that lockd should listen on
|
||||
## Type: integer
|
||||
## Default: ""
|
||||
## ServiceRestart: nfs-server
|
||||
#
|
||||
# Lockd will normally choose a random port to listen on and
|
||||
# SuSE-Firewall is able to detect which port and allow for it.
|
||||
# If you have another firewall, you may want to set a fixed
|
||||
# port number which can then be opened in that firewall.
|
||||
# lockd opens a UDP and a TCP port. This setting only affect
|
||||
# the TCP port.
|
||||
LOCKD_TCPPORT=""
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: UDP Port that lockd should listen on
|
||||
## Type: integer
|
||||
## Default: ""
|
||||
## ServiceRestart: nfs-server
|
||||
#
|
||||
# Lockd will normally choose a random port to listen on and
|
||||
# SuSE-Firewall is able to detect which port and allow for it.
|
||||
# If you have another firewall, you may want to set a fixed
|
||||
# port number which can then be opened in that firewall.
|
||||
# lockd opens a UDP and a TCP port. This setting only affect
|
||||
# the UDP port.
|
||||
LOCKD_UDPPORT=""
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Command line parameters for rpc.statd
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: rpc-statd
|
||||
#
|
||||
# Custom parameters for rpc.statd daemon. Typically this will
|
||||
# be used to set the port number (-p).
|
||||
#
|
||||
STATD_OPTIONS=""
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Lease time for NFSv4 leases
|
||||
## Type: integer
|
||||
## Default: "90"
|
||||
#
|
||||
# Set the lease time for the NFSv4 server. When a client
|
||||
# crashes or is separated from the server by a network problem,
|
||||
# this indicates how long the server will continue to honor
|
||||
# locks it held and when it will allow other clients to take
|
||||
# conflicting locks. A shorter time means network problems are
|
||||
# more likely to hurt filesystem functionality, but genuine
|
||||
# client crash are detected more quickly.
|
||||
# The NFSV4GRACETIME setting must be not less than the lease
|
||||
# time, so another benefit of short lease times is that server
|
||||
# reboots will disrupt filesystem traffic for a shorter period
|
||||
# of time.
|
||||
# This choice is primarily a trade-off between surviving
|
||||
# transient network problems, and expediting completion of
|
||||
# server reboot or fail-over.
|
||||
# The default is 90 second. A practical minimum is about 15
|
||||
# seconds.
|
||||
#
|
||||
NFSV4LEASETIME="90"
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Grace time for NFSv4 server restart
|
||||
## Type: integer
|
||||
## Default: "90"
|
||||
#
|
||||
# Set the NFSv4 server grace time. When the server restarts it
|
||||
# waits this long for pre-existing clients to re-establish any
|
||||
# locks that they held before the restart. During this time
|
||||
# new locks cannot be granted and new file opens cannot be
|
||||
# allowed.
|
||||
# A shorter time allows fast restart or fail-over completion,
|
||||
# but requires the NFSV4LEASETIME to be shorter which may
|
||||
# increase the impact of temporary network problems.
|
||||
# The default is 90 seconds. The value must not be less than
|
||||
# NFSV4LEASETIME.
|
||||
# When NFSv4.1 or later is in use, and when all clients report
|
||||
# when they finish reclaiming locks, the grace time can finish
|
||||
# early and so a large value has little cost. The
|
||||
# NFSV4LEASETIME is then most significant in managing restart
|
||||
# timing.
|
||||
#
|
||||
NFSV4GRACETIME="90"
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Alternate mount point for rpc_pipefs filesystem
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: nfs-utils
|
||||
#
|
||||
# In a high-availabilty configuration it is possible that /var/lib/nfs
|
||||
# is redirected so some shared storage and so it is not convenient to
|
||||
# mount the rpc_pipefs filesystem at /var/lib/nfs/rpc_pipefs. In that
|
||||
# case an alternate mount point can be given here.
|
||||
RPC_PIPEFS_DIR=""
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Options for svcgssd
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: rpc-svcgssd
|
||||
#
|
||||
# Normally svcgssd does not require any option. However in a
|
||||
# high-availabilty configuration it can be useful to pass "-n"
|
||||
# to guide the choice of default credential. To allow for that
|
||||
# case or any other requiring options ot svcgssd, they can
|
||||
# be specified here.
|
||||
SVCGSSD_OPTIONS=""
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Extra options for nfsd
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart nfs-server
|
||||
#
|
||||
# This setting allows extra options to be specified for NFSD, such as
|
||||
# -H <shared_hostname> in a high-availability configuration.
|
||||
NFSD_OPTIONS=""
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Extra options for gssd
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: rpc-gssd
|
||||
#
|
||||
# Normally gssd does not require any options. In some circumstances,
|
||||
# -n, -l or other options might be useful. See "man 8 rpc.gssd" for
|
||||
# details. Those options can be set here.
|
||||
GSSD_OPTIONS=""
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Extra options for mountd
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart nfs-mountd
|
||||
#
|
||||
# Normally mountd does not require any options. In some circumstances,
|
||||
# -n, -t, -g or other options might be useful. See "man 8 rpc.mountd" for
|
||||
# details. Those options can be set here.
|
||||
# -p or -N should be set using MOUNTD_PORT or NFS4_SUPPORT rather than
|
||||
# this option.
|
||||
MOUNTD_OPTIONS=""
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Avoid DNS lookups for kerberos principal
|
||||
## Type: yesno
|
||||
## Default: no
|
||||
## ServiceRestart: rpc-gssd
|
||||
#
|
||||
# Avoid DNS lookups when determining kerberos identity
|
||||
# of NFS server (yes/no)
|
||||
# "yes" is safest, but "no" might be needed to preserve
|
||||
# correct behaviour at sites that don't use
|
||||
# Fully Qualified Domain Names when mounting NFS Shares.
|
||||
#
|
||||
NFS_GSSD_AVOID_DNS="no"
|
||||
|
||||
## Path: Network/File systems/NFS server
|
||||
## Description: Set v4.1+ scope reported by server
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: nfs-server
|
||||
#
|
||||
# Set the scope reported by the NFS server. When nothing
|
||||
# is given the kernel uses the configured hostname as
|
||||
# a default. When NFS is used in a fail-over configuration
|
||||
# it is important that all hosts which server the same resource
|
||||
# report the same scope.
|
||||
#
|
||||
NFSD_SCOPE=""
|
Loading…
Reference in New Issue
Block a user