- add 0001-gssd-revert-commit-a5f3b7ccb01c.patch,

0002-gssd-revert-commit-513630d720bd.patch,
  0003-gssd-switch-to-using-rpc_gss_seccreate.patch,
  0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch,
  0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch,
  0006-configure-check-for-rpc_gss_seccreate.patch: fixes for
  libtirpc 1.3.5
- drop reenable-nfsv2.patch (poo#106679)
  Fix crash when rpc-gssd run with -v.
- Replace references to /var/adm/fillup-templates with new
  options.
- do not strip the binaries
- mkinitrd-boot.sh: allow other mkinitrd-setup
- nfs-utils-eperm-fallback.patch:  mount.nfs
  Includes new config file: /etc/nfsmount.conf and
- Kill processes on NFS mounts when unmounting
  bnc#442490
  * fix typo in handling of "init.d/nfs status"
- nfs.init:
  * unmount rpc_pipefs
- fix sysconfig filename for changed fillup call
   services (gssd and idmpad have been rolled in to nfs/nfsserver).
- remove svcinfo.d dir as it is provided now by filesystem
- update to version 1.1.2
- uses libgssglue instead of libgssapi
- add rpcbind support [fate#300607]
- added gssapi to buildrequires
  (#116355)
  showmount has been removed there (#309782)
- added README.NFSv4 (#182775)

OBS-URL: https://build.opensuse.org/package/show/Base:System/nfs-utils?expand=0&rev=285
This commit is contained in:
Dirk Mueller 2024-08-20 20:22:12 +00:00 committed by Git OBS Bridge
commit 99d3e0d9fa
28 changed files with 4172 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

View File

@ -0,0 +1,167 @@
From 40d6d58ee6e58f50d5f1aaf8c1253b2338bd7d06 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Mon, 27 Nov 2023 10:12:19 -0500
Subject: [PATCH] exportfs: remove warning if neither subtree_check or
no_subtree_check is given
This warning was only ever intended as a transitional aid.
It doesn't serve any purpose any longer. Let's remove it.
Also clean up some white-space issues.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
support/export/export.c | 2 +-
support/export/xtab.c | 2 +-
support/include/nfslib.h | 2 +-
support/nfs/exports.c | 43 +++++++++++++++++-----------------------
4 files changed, 21 insertions(+), 28 deletions(-)
diff --git a/support/export/export.c b/support/export/export.c
index 3e48c42def19..100912cb29c3 100644
--- a/support/export/export.c
+++ b/support/export/export.c
@@ -119,7 +119,7 @@ export_read(char *fname, int ignore_hosts)
int reexport_found = 0;
setexportent(fname, "r");
- while ((eep = getexportent(0,1)) != NULL) {
+ while ((eep = getexportent(0)) != NULL) {
exp = export_lookup(eep->e_hostname, eep->e_path, ignore_hosts);
if (!exp) {
if (export_create(eep, 0))
diff --git a/support/export/xtab.c b/support/export/xtab.c
index e210ca99d574..282f15bc79cd 100644
--- a/support/export/xtab.c
+++ b/support/export/xtab.c
@@ -47,7 +47,7 @@ xtab_read(char *xtab, char *lockfn, int is_export)
setexportent(xtab, "r");
if (is_export == 1)
v4root_needed = 1;
- while ((xp = getexportent(is_export==0, 0)) != NULL) {
+ while ((xp = getexportent(is_export==0)) != NULL) {
if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) &&
!(exp = export_create(xp, is_export!=1))) {
if(xp->e_hostname) {
diff --git a/support/include/nfslib.h b/support/include/nfslib.h
index bdbde78d9ebd..eff2a486307f 100644
--- a/support/include/nfslib.h
+++ b/support/include/nfslib.h
@@ -111,7 +111,7 @@ struct rmtabent {
* configuration file parsing
*/
void setexportent(char *fname, char *type);
-struct exportent * getexportent(int,int);
+struct exportent * getexportent(int);
void secinfo_show(FILE *fp, struct exportent *ep);
void xprtsecinfo_show(FILE *fp, struct exportent *ep);
void putexportent(struct exportent *xep);
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index 15dc574cc21a..a6816e60d62e 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -59,7 +59,7 @@ static int *squids = NULL, nsquids = 0,
static int getexport(char *exp, int len);
static int getpath(char *path, int len);
-static int parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr);
+static int parseopts(char *cp, struct exportent *ep, int *had_subtree_opt_ptr);
static int parsesquash(char *list, int **idp, int *lenp, char **ep);
static int parsenum(char **cpp);
static void freesquash(void);
@@ -109,7 +109,7 @@ static void init_exportent (struct exportent *ee, int fromkernel)
}
struct exportent *
-getexportent(int fromkernel, int fromexports)
+getexportent(int fromkernel)
{
static struct exportent ee, def_ee;
char exp[512], *hostname;
@@ -147,7 +147,7 @@ getexportent(int fromkernel, int fromexports)
* we're not reading from the kernel.
*/
if (exp[0] == '-' && !fromkernel) {
- if (parseopts(exp + 1, &def_ee, 0, &has_default_subtree_opts) < 0)
+ if (parseopts(exp + 1, &def_ee, &has_default_subtree_opts) < 0)
return NULL;
has_default_opts = 1;
@@ -185,20 +185,20 @@ getexportent(int fromkernel, int fromexports)
}
ee.e_hostname = xstrdup(hostname);
- if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) {
- if(ee.e_hostname)
- {
- xfree(ee.e_hostname);
- ee.e_hostname=NULL;
- }
- if(ee.e_uuid)
- {
- xfree(ee.e_uuid);
- ee.e_uuid=NULL;
- }
+ if (parseopts(opt, &ee, NULL) < 0) {
+ if(ee.e_hostname)
+ {
+ xfree(ee.e_hostname);
+ ee.e_hostname=NULL;
+ }
+ if(ee.e_uuid)
+ {
+ xfree(ee.e_uuid);
+ ee.e_uuid=NULL;
+ }
return NULL;
- }
+ }
/* resolve symlinks */
if (realpath(ee.e_path, rpath) != NULL) {
rpath[sizeof (rpath) - 1] = '\0';
@@ -433,7 +433,7 @@ mkexportent(char *hname, char *path, char *options)
}
strncpy(ee.e_path, path, sizeof (ee.e_path));
ee.e_path[sizeof (ee.e_path) - 1] = '\0';
- if (parseopts(options, &ee, 0, NULL) < 0)
+ if (parseopts(options, &ee, NULL) < 0)
return NULL;
return &ee;
}
@@ -441,7 +441,7 @@ mkexportent(char *hname, char *path, char *options)
int
updateexportent(struct exportent *eep, char *options)
{
- if (parseopts(options, eep, 0, NULL) < 0)
+ if (parseopts(options, eep, NULL) < 0)
return 0;
return 1;
}
@@ -632,7 +632,7 @@ void fix_pseudoflavor_flags(struct exportent *ep)
* Parse option string pointed to by cp and set mount options accordingly.
*/
static int
-parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr)
+parseopts(char *cp, struct exportent *ep, int *had_subtree_opt_ptr)
{
int had_subtree_opt = 0;
char *flname = efname?efname:"command line";
@@ -852,13 +852,6 @@ bad_option:
ep->e_nsqgids = nsqgids;
out:
- if (warn && !had_subtree_opt)
- xlog(L_WARNING, "%s [%d]: Neither 'subtree_check' or 'no_subtree_check' specified for export \"%s:%s\".\n"
- " Assuming default behaviour ('no_subtree_check').\n"
- " NOTE: this default has changed since nfs-utils version 1.0.x\n",
-
- flname, flline,
- ep->e_hostname, ep->e_path);
if (had_subtree_opt_ptr)
*had_subtree_opt_ptr = had_subtree_opt;
--
2.43.0

View File

@ -0,0 +1,99 @@
From 20c0797937e9ec43a78a2f5475d4296897f8c537 Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:46:35 -0500
Subject: [PATCH 1/6] gssd: revert commit a5f3b7ccb01c
In preparation for using rpc_gss_seccreate() function, revert commit
a5f3b7ccb01c "gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user
credentials"
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd_proc.c | 2 --
utils/gssd/krb5_util.c | 42 ------------------------------------------
utils/gssd/krb5_util.h | 1 -
3 files changed, 45 deletions(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index a96647df..e5cc1d98 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -419,8 +419,6 @@ create_auth_rpc_client(struct clnt_info *clp,
if (cred == GSS_C_NO_CREDENTIAL)
retval = gssd_refresh_krb5_machine_credential(clp->servername,
"*", NULL, 1);
- else
- retval = gssd_k5_remove_bad_service_cred(clp->servername);
if (!retval) {
auth = authgss_create_default(rpc_clnt, tgtname,
&sec);
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 6f66ef4f..f6ce1fec 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1553,48 +1553,6 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
return ret;
}
-/* Removed a service ticket for nfs/<name> from the ticket cache
- */
-int
-gssd_k5_remove_bad_service_cred(char *name)
-{
- krb5_creds in_creds, out_creds;
- krb5_error_code ret;
- krb5_context context;
- krb5_ccache cache;
- krb5_principal principal;
- int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
- char srvname[1024];
-
- ret = krb5_init_context(&context);
- if (ret)
- goto out_cred;
- ret = krb5_cc_default(context, &cache);
- if (ret)
- goto out_free_context;
- ret = krb5_cc_get_principal(context, cache, &principal);
- if (ret)
- goto out_close_cache;
- memset(&in_creds, 0, sizeof(in_creds));
- in_creds.client = principal;
- sprintf(srvname, "nfs/%s", name);
- ret = krb5_parse_name(context, srvname, &in_creds.server);
- if (ret)
- goto out_free_principal;
- ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
- if (ret)
- goto out_free_principal;
- ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
-out_free_principal:
- krb5_free_principal(context, principal);
-out_close_cache:
- krb5_cc_close(context, cache);
-out_free_context:
- krb5_free_context(context);
-out_cred:
- return ret;
-}
-
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
/*
* this routine obtains a credentials handle via gss_acquire_cred()
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index 7ef87018..62c91a0e 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -22,7 +22,6 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
void gssd_k5_get_default_realm(char **def_realm);
int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
-int gssd_k5_remove_bad_service_cred(char *srvname);
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
extern int limit_to_legacy_enctypes;
--
2.46.0

View File

@ -0,0 +1,179 @@
From ed4dc834e1722b9217fae27da1adf29ab21d6a93 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Mon, 27 Nov 2023 10:30:43 -0500
Subject: [PATCH] conffile: don't report error from conf_init_file()
conf_init_file() currently reports an error if the main config file
doesn't exist - even if there are conf files in the conf.d directory.
This is only used by nfsconfcli.c. However this is not needed. If
there is a real error, and error message is already logged.
If it is simply that the file doesn't exist, that isn't really an error.
So remove the error messages and change conf_init_file() to not return
any status.
Also fix up assorted nearby white-space issues.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
support/include/conffile.h | 2 +-
support/nfs/conffile.c | 32 ++++++++++++++------------------
tools/nfsconf/nfsconfcli.c | 15 ++-------------
3 files changed, 17 insertions(+), 32 deletions(-)
diff --git a/support/include/conffile.h b/support/include/conffile.h
index c4a3ca62860e..c04cd1ec5c0c 100644
--- a/support/include/conffile.h
+++ b/support/include/conffile.h
@@ -62,7 +62,7 @@ extern char *conf_get_str(const char *, const char *);
extern char *conf_get_str_with_def(const char *, const char *, char *);
extern char *conf_get_section(const char *, const char *, const char *);
extern char *conf_get_entry(const char *, const char *, const char *);
-extern int conf_init_file(const char *);
+extern void conf_init_file(const char *);
extern void conf_cleanup(void);
extern int conf_match_num(const char *, const char *, int);
extern int conf_remove(int, const char *, const char *);
diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c
index fd4a17ad4293..6b813dd95147 100644
--- a/support/nfs/conffile.c
+++ b/support/nfs/conffile.c
@@ -658,7 +658,7 @@ conf_load_file(const char *conf_file)
return 0;
}
-static void
+static void
conf_init_dir(const char *conf_file)
{
struct dirent **namelist = NULL;
@@ -669,14 +669,14 @@ conf_init_dir(const char *conf_file)
dname = malloc(strlen(conf_file) + 3);
if (dname == NULL) {
xlog(L_WARNING, "conf_init_dir: malloc: %s", strerror(errno));
- return;
+ return;
}
sprintf(dname, "%s.d", conf_file);
n = scandir(dname, &namelist, NULL, versionsort);
if (n < 0) {
if (errno != ENOENT) {
- xlog(L_WARNING, "conf_init_dir: scandir %s: %s",
+ xlog(L_WARNING, "conf_init_dir: scandir %s: %s",
dname, strerror(errno));
}
free(dname);
@@ -691,7 +691,7 @@ conf_init_dir(const char *conf_file)
for (i = 0; i < n; i++ ) {
struct dirent *d = namelist[i];
- switch (d->d_type) {
+ switch (d->d_type) {
case DT_UNKNOWN:
case DT_REG:
case DT_LNK:
@@ -701,13 +701,13 @@ conf_init_dir(const char *conf_file)
}
if (*d->d_name == '.')
continue;
-
+
fname_len = strlen(d->d_name);
path_len = (fname_len + dname_len);
if (!fname_len || path_len > PATH_MAX) {
xlog(L_WARNING, "conf_init_dir: Too long file name: %s in %s",
d->d_name, dname);
- continue;
+ continue;
}
/*
@@ -715,7 +715,7 @@ conf_init_dir(const char *conf_file)
* that end with CONF_FILE_EXT
*/
if (fname_len <= CONF_FILE_EXT_LEN) {
- xlog(D_GENERAL, "conf_init_dir: %s: name too short",
+ xlog(D_GENERAL, "conf_init_dir: %s: name too short",
d->d_name);
continue;
}
@@ -746,31 +746,29 @@ conf_init_dir(const char *conf_file)
free(namelist[i]);
free(namelist);
free(dname);
-
+
return;
}
-int
+void
conf_init_file(const char *conf_file)
{
unsigned int i;
- int ret;
for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++)
LIST_INIT (&conf_bindings[i]);
TAILQ_INIT (&conf_trans_queue);
- if (conf_file == NULL)
- conf_file=NFS_CONFFILE;
+ if (conf_file == NULL)
+ conf_file = NFS_CONFFILE;
/*
- * First parse the give config file
- * then parse the config.conf.d directory
+ * First parse the give config file
+ * then parse the config.conf.d directory
* (if it exists)
- *
*/
- ret = conf_load_file(conf_file);
+ conf_load_file(conf_file);
/*
* When the same variable is set in both files
@@ -779,8 +777,6 @@ conf_init_file(const char *conf_file)
* have the final say.
*/
conf_init_dir(conf_file);
-
- return ret;
}
/*
diff --git a/tools/nfsconf/nfsconfcli.c b/tools/nfsconf/nfsconfcli.c
index b2ef96d1c600..bd9d52701aa6 100644
--- a/tools/nfsconf/nfsconfcli.c
+++ b/tools/nfsconf/nfsconfcli.c
@@ -135,19 +135,8 @@ int main(int argc, char **argv)
return 1;
}
- if (mode != MODE_SET && mode != MODE_UNSET) {
- if (conf_init_file(confpath)) {
- /* config file was missing or had an error, warn about it */
- if (verbose || mode != MODE_ISSET) {
- fprintf(stderr, "Error loading config file %s\n",
- confpath);
- }
-
- /* this isnt fatal for --isset */
- if (mode != MODE_ISSET)
- return 1;
- }
- }
+ if (mode != MODE_SET && mode != MODE_UNSET)
+ conf_init_file(confpath);
/* --dump mode, output the current configuration */
if (mode == MODE_DUMP) {
--
2.43.0

View File

@ -0,0 +1,51 @@
From f05af7d9924b5e455f4e750c1e8985c560784fce Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:50:57 -0500
Subject: [PATCH 2/6] gssd: revert commit 513630d720bd
In preparation for using rpc_gss_seccreate(), revert commit 513630d720bd
"gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials"
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd_proc.c | 16 +---------------
1 file changed, 1 insertion(+), 15 deletions(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index e5cc1d98..4fb6b72d 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -412,27 +412,13 @@ create_auth_rpc_client(struct clnt_info *clp,
tid, tgtname);
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
if (!auth) {
- if (sec.minor_status == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
- printerr(2, "WARNING: server=%s failed context "
- "creation with KRB5_AP_ERR_BAD_INTEGRITY\n",
- clp->servername);
- if (cred == GSS_C_NO_CREDENTIAL)
- retval = gssd_refresh_krb5_machine_credential(clp->servername,
- "*", NULL, 1);
- if (!retval) {
- auth = authgss_create_default(rpc_clnt, tgtname,
- &sec);
- if (auth)
- goto success;
- }
- }
/* Our caller should print appropriate message */
printerr(2, "WARNING: Failed to create krb5 context for "
"user with uid %d for server %s\n",
uid, tgtname);
goto out_fail;
}
-success:
+
/* Success !!! */
rpc_clnt->cl_auth = auth;
*clnt_return = rpc_clnt;
--
2.46.0

View File

@ -0,0 +1,188 @@
From 6a714409b17ad2cca99d497129fc944a808eb446 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Mon, 27 Nov 2023 10:35:56 -0500
Subject: [PATCH] conffile: allow /usr/etc to provide any config files expected
in /etc
If any config file is configured to be in /etc, also read from /usr/etc.
This followed a growing trend of moving as much as possible out of /
and into /usr.
See https://en.opensuse.org/openSUSE:Packaging_UsrEtc
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
support/nfs/conffile.c | 26 +++++++++++++++-----------
support/nfsidmap/idmapd.conf.5 | 15 ++++++++++++++-
systemd/nfs.conf.man | 23 ++++++++++++++---------
systemd/nfs.systemd.man | 10 +++++++++-
utils/mount/nfsmount.conf.man | 19 ++++++++++---------
5 files changed, 62 insertions(+), 31 deletions(-)
--- a/support/nfs/conffile.c
+++ b/support/nfs/conffile.c
@@ -763,19 +763,23 @@ conf_init_file(const char *conf_file)
if (conf_file == NULL)
conf_file = NFS_CONFFILE;
- /*
- * First parse the give config file
- * then parse the config.conf.d directory
- * (if it exists)
+ /* If the config file is in /etc (normal) then check
+ * /usr/etc first. Also check config.conf.d for files
+ * names *.conf.
+ *
+ * Content or later files always over-rides earlier
+ * files.
*/
- conf_load_file(conf_file);
+ if (strncmp(conf_file, "/etc/", 5) == 0) {
+ char *usrconf = NULL;
- /*
- * When the same variable is set in both files
- * the conf.d file will override the config file.
- * This allows automated admin systems to
- * have the final say.
- */
+ if (asprintf(&usrconf, "/usr%s", conf_file) > 0 && usrconf) {
+ conf_load_file(usrconf);
+ conf_init_dir(usrconf);
+ free(usrconf);
+ }
+ }
+ conf_load_file(conf_file);
conf_init_dir(conf_file);
}
--- a/support/nfsidmap/idmapd.conf.5
+++ b/support/nfsidmap/idmapd.conf.5
@@ -37,7 +37,7 @@ Configuration file for libnfsidmap. Use
.SH DESCRIPTION
The
.B idmapd.conf
-configuration file consists of several sections, initiated by strings of the
+configuration files consists of several sections, initiated by strings of the
form [General] and [Mapping]. Each section may contain lines of the form
.nf
variable = value
@@ -398,6 +398,19 @@ LDAP_base = dc=org,dc=domain
.\" Additional sections
.\" -------------------------------------------------------------------
.\"
+.SH FILES
+.I /usr/etc/idmapd.conf
+.br
+.I /usr/etc/idmapd.conf.d/*.conf
+.br
+.I /etc/idmapd.conf
+.br
+.I /etc/idmapd.conf.d/*.conf
+.br
+.IP
+Files are read in the order listed. Later settings override earlier
+settings.
+
.SH SEE ALSO
.BR idmapd (8)
.BR svcgssd (8)
--- a/systemd/nfs.conf.man
+++ b/systemd/nfs.conf.man
@@ -2,10 +2,13 @@
.SH NAME
nfs.conf \- general configuration for NFS daemons and tools
.SH SYNOPSIS
+.I /usr/etc/nfs.conf
+.I /usr/etc/nfs.conf.d/
.I /etc/nfs.conf
+.I /etc/nfs.conf.d/
.SH DESCRIPTION
.PP
-This file contains site-specific configuration for various NFS daemons
+These files contain site-specific configuration for various NFS daemons
and other processes. Most configuration can also be passed to
processes via command line arguments, but it can be more convenient to
have a central file. In particular, this encourages consistent
@@ -314,15 +317,17 @@ See
for deatils.
.SH FILES
-.TP 10n
+.I /usr/etc/nfs.conf
+.br
+.I /usr/etc/nfs.conf.d/*.conf
+.br
.I /etc/nfs.conf
-Default NFS client configuration file
-.TP 10n
-.I /etc/nfs.conf.d
-When this directory exists and files ending
-with ".conf" exist, those files will be
-used to set configuration variables. These
-files will override variables set in /etc/nfs.conf
+.br
+.I /etc/nfs.conf.d/*.conf
+.br
+.IP
+Various configuration files read in order. Later settings override
+earlier settings.
.SH SEE ALSO
.BR nfsdcltrack (8),
.BR rpc.nfsd (8),
--- a/systemd/nfs.systemd.man
+++ b/systemd/nfs.systemd.man
@@ -27,7 +27,9 @@ any command line arguments to daemons so
behavior. In many case such configuration can be performed by making
changes to
.I /etc/nfs.conf
-or other configuration files. When that is not convenient, a
+or other configuration files (see
+.BR nfs.conf (5)).
+When that is not convenient, a
distribution might provide systemd "drop-in" files which replace the
.B ExecStart=
setting to start the program with different arguments. For example a
@@ -171,6 +173,12 @@ running, it can be masked with
/etc/nfsmount.conf
.br
/etc/idmapd.conf
+.P
+Also similar files in
+.B /usr/etc
+and in related
+.I conf.d
+drop-in directories.
.SH SEE ALSO
.BR systemd.unit (5),
.BR nfs.conf (5),
--- a/utils/mount/nfsmount.conf.man
+++ b/utils/mount/nfsmount.conf.man
@@ -115,16 +115,17 @@ All mounts to the '/export/home' export
the background (i.e. done asynchronously).
.RE
.SH FILES
-.TP 10n
+.I /usr/etc/nfsmount.conf
+.br
+.I /usr/etc/nfsmount.conf.d/*.conf
+.br
.I /etc/nfsmount.conf
-Default NFS mount configuration file
-.TP 10n
-.I /etc/nfsmount.conf.d
-When this directory exists and files ending
-with ".conf" exist, those files will be
-used to set configuration variables. These
-files will override variables set
-in /etc/nfsmount.conf
+.br
+.I /etc/nfsmount.conf.d/*.conf
+.br
+.IP
+Default NFS mount configuration files, variables set in the later file
+over-ride those in the earlier file.
.PD
.SH SEE ALSO
.BR nfs (5),

View File

@ -0,0 +1,60 @@
From 3abf6b5223af0ccf07d217d71978ee7987acce88 Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:52:47 -0500
Subject: [PATCH 3/6] gssd: switch to using rpc_gss_seccreate()
If available from the libtirpc library, switch to using
rpc_gss_seccreate() instead of authgss_create_default() which does not
expose gss error codes.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd_proc.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 4fb6b72d..99761157 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -70,6 +70,9 @@
#include <sys/types.h>
#include <sys/wait.h>
#include <syscall.h>
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+#include <rpc/rpcsec_gss.h>
+#endif
#include "gssd.h"
#include "err_util.h"
@@ -330,6 +333,11 @@ create_auth_rpc_client(struct clnt_info *clp,
struct timeval timeout;
struct sockaddr *addr = (struct sockaddr *) &clp->addr;
socklen_t salen;
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+ rpc_gss_options_req_t req;
+ rpc_gss_options_ret_t ret;
+ char mechanism[] = "kerberos_v5";
+#endif
pthread_t tid = pthread_self();
sec.qop = GSS_C_QOP_DEFAULT;
@@ -410,7 +418,14 @@ create_auth_rpc_client(struct clnt_info *clp,
printerr(3, "create_auth_rpc_client(0x%lx): creating context with server %s\n",
tid, tgtname);
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+ memset(&req, 0, sizeof(req));
+ req.my_cred = sec.cred;
+ auth = rpc_gss_seccreate(rpc_clnt, tgtname, mechanism,
+ rpcsec_gss_svc_none, NULL, &req, &ret);
+#else
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
+#endif
if (!auth) {
/* Our caller should print appropriate message */
printerr(2, "WARNING: Failed to create krb5 context for "
--
2.46.0

View File

@ -0,0 +1,115 @@
From 46f91dc8f0d9aa31e18327cf3ad61c27551c4cfc Mon Sep 17 00:00:00 2001
From: Ahelenia Ziemiaska <nabijaczleweli@nabijaczleweli.xyz>
Date: Mon, 27 Nov 2023 10:41:04 -0500
Subject: [PATCH] fsidd: call anonymous sockets by their name only, don't fill
with NULs to 108 bytes
Since e00ab3c0616fe6d83ab0710d9e7d989c299088f7, ss -l looks like this:
u_seq LISTEN 0 5 @/run/fsid.sock@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 26989379 * 0
with fsidd pushing all the addresses to 108 bytes wide, which is deeply
egregious if you don't filter it out and recolumnate.
This is because, naturally (unix(7)), "Null bytes in the name have
no special significance": abstract addresses are binary blobs, but
paths automatically terminate at the first NUL byte, since paths
can't contain those.
So just specify the correct address length when we're using the abstract domain:
unix(7) recommends "offsetof(struct sockaddr_un, sun_path) + strlen(sun_path) + 1"
for paths, but we don't want to include the terminating NUL, so it's just
"offsetof(struct sockaddr_un, sun_path) + strlen(sun_path)".
This brings the width back to order:
-- >8 --
$ ss -la | grep @
u_str ESTAB 0 0 @45208536ec96909a/bus/systemd-timesyn/bus-api-timesync 18500238 * 18501249
u_str ESTAB 0 0 @fecc9657d2315eb7/bus/systemd-network/bus-api-network 18495452 * 18494406
u_seq LISTEN 0 5 @/run/fsid.sock 27168796 * 0
u_str ESTAB 0 0 @ac308f35f50797a2/bus/systemd-logind/system 19406 * 15153
u_str ESTAB 0 0 @b6606e0dfacbae75/bus/systemd/bus-api-system 18494353 * 18495334
u_str ESTAB 0 0 @5880653d215718a7/bus/systemd/bus-system 26930876 * 26930003
-- >8 --
Fixes: e00ab3c0616fe6d83ab0710d9e7d989c299088f7 ("fsidd: provide
better default socket name.")
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Ahelenia Ziemia?ska <nabijaczleweli@nabijaczleweli.xyz>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
support/reexport/fsidd.c | 9 ++++++---
support/reexport/reexport.c | 8 ++++++--
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/support/reexport/fsidd.c b/support/reexport/fsidd.c
index 3e62b3fc1370..8a70b78f6362 100644
--- a/support/reexport/fsidd.c
+++ b/support/reexport/fsidd.c
@@ -147,6 +147,7 @@ int main(void)
{
struct event *srv_ev;
struct sockaddr_un addr;
+ socklen_t addr_len;
char *sock_file;
int srv;
@@ -161,10 +162,12 @@ int main(void)
memset(&addr, 0, sizeof(struct sockaddr_un));
addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, sock_file, sizeof(addr.sun_path) - 1);
- if (addr.sun_path[0] == '@')
+ addr_len = sizeof(struct sockaddr_un);
+ if (addr.sun_path[0] == '@') {
/* "abstract" socket namespace */
+ addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path);
addr.sun_path[0] = 0;
- else
+ } else
unlink(sock_file);
srv = socket(AF_UNIX, SOCK_SEQPACKET | SOCK_NONBLOCK, 0);
@@ -173,7 +176,7 @@ int main(void)
return 1;
}
- if (bind(srv, (const struct sockaddr *)&addr, sizeof(struct sockaddr_un)) == -1) {
+ if (bind(srv, (const struct sockaddr *)&addr, addr_len) == -1) {
xlog(L_WARNING, "Unable to bind %s: %m\n", sock_file);
return 1;
}
diff --git a/support/reexport/reexport.c b/support/reexport/reexport.c
index 78516586b98e..0fb49a46723c 100644
--- a/support/reexport/reexport.c
+++ b/support/reexport/reexport.c
@@ -21,6 +21,7 @@ static int fsidd_srv = -1;
static bool connect_fsid_service(void)
{
struct sockaddr_un addr;
+ socklen_t addr_len;
char *sock_file;
int ret;
int s;
@@ -33,9 +34,12 @@ static bool connect_fsid_service(void)
memset(&addr, 0, sizeof(struct sockaddr_un));
addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, sock_file, sizeof(addr.sun_path) - 1);
- if (addr.sun_path[0] == '@')
+ addr_len = sizeof(struct sockaddr_un);
+ if (addr.sun_path[0] == '@') {
/* "abstract" socket namespace */
+ addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path);
addr.sun_path[0] = 0;
+ }
s = socket(AF_UNIX, SOCK_SEQPACKET, 0);
if (s == -1) {
@@ -43,7 +47,7 @@ static bool connect_fsid_service(void)
return false;
}
- ret = connect(s, (const struct sockaddr *)&addr, sizeof(struct sockaddr_un));
+ ret = connect(s, (const struct sockaddr *)&addr, addr_len);
if (ret == -1) {
xlog(L_WARNING, "Unable to connect %s: %m, is fsidd running?\n", sock_file);
return false;
--
2.43.0

View File

@ -0,0 +1,62 @@
From 2bfb59c6f50eb86c21f8e0c33bbf32ec53480fb8 Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:55:35 -0500
Subject: [PATCH 4/6] gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine
credentials
During context establishment, when the client received
KRB5_AP_ERR_BAD_INTEGRITY error, it might be due to the server
updating its key material. To handle such error, get a new
service ticket and re-try the AP_REQ.
This functionality relies on the new API in libtirpc that
exposes the gss errors.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd_proc.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 99761157..29600a3f 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -427,13 +427,32 @@ create_auth_rpc_client(struct clnt_info *clp,
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
#endif
if (!auth) {
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+ if (ret.minor_status == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ printerr(2, "WARNING: server=%s failed context "
+ "creation with KRB5_AP_ERR_BAD_INTEGRITY\n",
+ clp->servername);
+ if (cred == GSS_C_NO_CREDENTIAL)
+ retval = gssd_refresh_krb5_machine_credential(clp->servername,
+ "*", NULL, 1);
+ if (!retval) {
+ auth = rpc_gss_seccreate(rpc_clnt, tgtname,
+ mechanism, rpcsec_gss_svc_none,
+ NULL, &req, &ret);
+ if (auth)
+ goto success;
+ }
+ }
+#endif
/* Our caller should print appropriate message */
printerr(2, "WARNING: Failed to create krb5 context for "
"user with uid %d for server %s\n",
uid, tgtname);
goto out_fail;
}
-
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+success:
+#endif
/* Success !!! */
rpc_clnt->cl_auth = auth;
*clnt_return = rpc_clnt;
--
2.46.0

View File

@ -0,0 +1,101 @@
From 15cd566633b1546f0808d0694ede094b4c99752d Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:57:28 -0500
Subject: [PATCH 5/6] gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user
credentials
Unlike the machine credential case, we can't throw away the ticket
cache and use the keytab to renew the credentials. Instead, we
need to remove the service ticket for the server that returned
KRB5_AP_ERR_BAD_INTEGRITY and try again.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd_proc.c | 2 ++
utils/gssd/krb5_util.c | 42 ++++++++++++++++++++++++++++++++++++++++++
utils/gssd/krb5_util.h | 1 +
3 files changed, 45 insertions(+)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 29600a3f..7629de0b 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -435,6 +435,8 @@ create_auth_rpc_client(struct clnt_info *clp,
if (cred == GSS_C_NO_CREDENTIAL)
retval = gssd_refresh_krb5_machine_credential(clp->servername,
"*", NULL, 1);
+ else
+ retval = gssd_k5_remove_bad_service_cred(clp->servername);
if (!retval) {
auth = rpc_gss_seccreate(rpc_clnt, tgtname,
mechanism, rpcsec_gss_svc_none,
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index f6ce1fec..6f66ef4f 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1553,6 +1553,48 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
return ret;
}
+/* Removed a service ticket for nfs/<name> from the ticket cache
+ */
+int
+gssd_k5_remove_bad_service_cred(char *name)
+{
+ krb5_creds in_creds, out_creds;
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_ccache cache;
+ krb5_principal principal;
+ int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
+ char srvname[1024];
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ goto out_cred;
+ ret = krb5_cc_default(context, &cache);
+ if (ret)
+ goto out_free_context;
+ ret = krb5_cc_get_principal(context, cache, &principal);
+ if (ret)
+ goto out_close_cache;
+ memset(&in_creds, 0, sizeof(in_creds));
+ in_creds.client = principal;
+ sprintf(srvname, "nfs/%s", name);
+ ret = krb5_parse_name(context, srvname, &in_creds.server);
+ if (ret)
+ goto out_free_principal;
+ ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
+ if (ret)
+ goto out_free_principal;
+ ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
+out_free_principal:
+ krb5_free_principal(context, principal);
+out_close_cache:
+ krb5_cc_close(context, cache);
+out_free_context:
+ krb5_free_context(context);
+out_cred:
+ return ret;
+}
+
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
/*
* this routine obtains a credentials handle via gss_acquire_cred()
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index 62c91a0e..7ef87018 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -22,6 +22,7 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
void gssd_k5_get_default_realm(char **def_realm);
int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
+int gssd_k5_remove_bad_service_cred(char *srvname);
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
extern int limit_to_legacy_enctypes;
--
2.46.0

View File

@ -0,0 +1,35 @@
From 49567e7d03a5605c590be2135a24d4de8345fa3c Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:59:43 -0500
Subject: [PATCH 6/6] configure: check for rpc_gss_seccreate
If we have rpc_gss_sccreate in tirpc library define
HAVE_TIRPC_GSS_SECCREATE, which would allow us to handle bad_integrity
errors.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
aclocal/libtirpc.m4 | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4
index bddae022..ef48a2ae 100644
--- a/aclocal/libtirpc.m4
+++ b/aclocal/libtirpc.m4
@@ -26,6 +26,11 @@ AC_DEFUN([AC_LIBTIRPC], [
[Define to 1 if your tirpc library provides libtirpc_set_debug])],,
[${LIBS}])])
+ AS_IF([test -n "${LIBTIRPC}"],
+ [AC_CHECK_LIB([tirpc], [rpc_gss_seccreate],
+ [AC_DEFINE([HAVE_TIRPC_GSS_SECCREATE], [1],
+ [Define to 1 if your tirpc library provides rpc_gss_seccreate])],,
+ [${LIBS}])])
AC_SUBST([AM_CPPFLAGS])
AC_SUBST(LIBTIRPC)
--
2.46.0

10
idmapd.conf Normal file
View File

@ -0,0 +1,10 @@
[General]
Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody

View File

@ -0,0 +1,5 @@
# See tmpfiles.d(5) for details
#Type Path Mode UID GID Age Argument
d /var/lib/nfs
f /var/lib/nfs/etab
f /var/lib/nfs/rmtab

4
nfs-mountd.options.conf Normal file
View File

@ -0,0 +1,4 @@
[Service]
EnvironmentFile=-/etc/sysconfig/nfs
ExecStart=
ExecStart=-/usr/sbin/rpc.mountd $MOUNTD_OPTIONS

4
nfs-server.options.conf Normal file
View File

@ -0,0 +1,4 @@
[Service]
EnvironmentFile=-/etc/sysconfig/nfs
ExecStart=
ExecStart=-/usr/sbin/rpc.nfsd $NFSD_OPTIONS

View File

@ -0,0 +1,19 @@
support/export/export.c | 2
support/include/misc.h | 3
support/include/nfslib.h | 1
================================================================================
---
support/nfs/exports.c | 2 ++
1 file changed, 2 insertions(+)
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -684,6 +684,8 @@ bad_option:
} else if (strncmp(opt, "replicas=", 9) == 0) {
ep->e_fslocmethod = FSLOC_REPLICA;
ep->e_fslocdata = strdup(opt+9);
+ } else if (strncmp(opt, "bind=/", 6) == 0) {
+ /* ignore this for now */
} else if (strncmp(opt, "sec=", 4) == 0) {
active = parse_flavors(opt+4, ep);
if (!active)

3
nfs-utils-2.6.4.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:01b3b0fb9c7d0bbabf5114c736542030748c788ec2fd9734744201e9b0a1119d
size 728280

2337
nfs-utils.changes Normal file

File diff suppressed because it is too large Load Diff

2
nfs-utils.rpmlintrc Normal file
View File

@ -0,0 +1,2 @@
# /var/lib/nfs/sm.bak is a valid directory needed by sm-notify
addFilter("suse-filelist-forbidden-backup-file.*sm.bak")

404
nfs-utils.spec Normal file
View File

@ -0,0 +1,404 @@
#
# spec file for package nfs-utils
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
%endif
Name: nfs-utils
Version: 2.6.4
Release: 0
Summary: Support Utilities for Kernel nfsd
License: GPL-2.0-or-later
Group: Productivity/Networking/NFS
URL: https://kernel.org/pub/linux/utils/nfs-utils/
Source0: https://kernel.org/pub/linux/utils/nfs-utils/%{version}/nfs-utils-%{version}.tar.xz
Source4: sysconfig.nfs
Source11: idmapd.conf
Source12: statd-user.conf
Source13: nfs-utils.rpmlintrc
Source20: nfs-mountd.options.conf
Source21: nfs-server.options.conf
Source22: rpc-gssd.options.conf
Source23: rpc-statd.options.conf
Source24: rpc-statd-notify.options.conf
Source25: rpc-svcgssd.options.conf
Source26: nfs.conf
Source27: nfs-kernel-server.tmpfiles.conf
Patch0: nfs-utils-1.0.7-bind-syntax.patch
Patch1: 0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch
Patch2: 0002-conffile-don-t-report-error-from-conf_init_file.patch
Patch3: 0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch
Patch4: 0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch
# PATCH-FIX-UPSTREAM: fix build against libtirpc 1.3.5
Patch5: 0001-gssd-revert-commit-a5f3b7ccb01c.patch
Patch6: 0002-gssd-revert-commit-513630d720bd.patch
Patch7: 0003-gssd-switch-to-using-rpc_gss_seccreate.patch
Patch8: 0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch
Patch9: 0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch
Patch10: 0006-configure-check-for-rpc_gss_seccreate.patch
BuildRequires: e2fsprogs-devel
BuildRequires: gcc-c++
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: rpcgen
BuildRequires: sysuser-tools
BuildRequires: tcpd-devel
BuildRequires: pkgconfig(devmapper)
BuildRequires: pkgconfig(kdb)
BuildRequires: pkgconfig(krb5)
BuildRequires: pkgconfig(libcap)
BuildRequires: pkgconfig(libevent)
BuildRequires: pkgconfig(libkeyutils)
BuildRequires: pkgconfig(libtirpc)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(mount)
BuildRequires: pkgconfig(sqlite3)
Suggests: python-base
%{?systemd_ordering}
%description
This package contains the NFS utilities. You can tune the number of
server threads via the sysconfig variable USE_KERNEL_NFSD_NUMBER. For
quota over NFS support, install the quota package.
%package -n nfs-client
Summary: Support Utilities for NFS
Group: Productivity/Networking/NFS
Requires: keyutils
Requires: netcfg
Requires: rpcbind
Requires(post): %fillup_prereq
Requires(pre): permissions
Obsoletes: nfs-utils < 1.1.0
%sysusers_requires
%description -n nfs-client
This package contains common NFS utilities which are needed for client
and kernel based server.
%package -n nfs-kernel-server
Summary: Support Utilities for Kernel nfsd
Group: Productivity/Networking/NFS
Requires: netcfg
Requires: nfs-client = %{version}
Requires: rpcbind
Requires: (kmod(nfsd.ko) if kernel)
Conflicts: nfs-server
Provides: nfs-utils = %{version}
Obsoletes: nfs-utils < 1.1.0
PreReq: permissions
%description -n nfs-kernel-server
This package contains support for the kernel based NFS server. You can
tune the number of server threads via the sysconfig variable
USE_KERNEL_NFSD_NUMBER. For quota over NFS support, install the quota
package.
%package -n libnfsidmap1
Summary: NFSv4 ID Mapping Library
Group: Productivity/Networking/NFS
Version: 1.0
Release: 0
Obsoletes: nfsidmap < 1.0
Provides: nfsidmap = 1.0
%package -n nfsidmap-devel
Summary: NFSv4 ID Mapping Library development libraries
Group: Development/Libraries/C and C++
Version: 1.0
Release: 0
Requires: libnfsidmap1 = %{version}
%description -n libnfsidmap1
In NFSv4, identities of users are conveyed by names rather than user ID
and group ID. Both the NFS server and client code in the kernel need to
translate these to numeric IDs.
%description -n nfsidmap-devel
In NFSv4, identities of users are conveyed by names rather than user ID
and group ID. Both the NFS server and client code in the kernel need to
translate these to numeric IDs.
%prep
%autosetup -p1
%build
autoreconf -fvi
export CFLAGS="%{optflags} -fPIE"
export LDFLAGS="-pie"
%configure \
--with-systemd \
--enable-nfsv4 \
--enable-gss \
--enable-svcgss \
--enable-ipv6 \
--enable-nfsdcltrack \
--enable-mount \
--enable-libmount-mount \
--enable-junction \
--disable-static \
--disable-sbin-override \
--with-pluginpath=%{_libdir}/libnfsidmap-1.0.0 \
--enable-mountconfig
make %{?_smp_mflags}
%sysusers_generate_pre %{SOURCE12} statd statd-user.conf
%install
make %{?_smp_mflags} DESTDIR=%{buildroot} install
find %{buildroot} -type f -name '*.la' -delete -print
install -D -m 644 %{SOURCE20} %{buildroot}%{_unitdir}/nfs-mountd.service.d/10-options.conf
install -D -m 644 %{SOURCE21} %{buildroot}%{_unitdir}/nfs-server.service.d/10-options.conf
install -D -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/rpc-gssd.service.d/10-options.conf
install -D -m 644 %{SOURCE23} %{buildroot}%{_unitdir}/rpc-statd.service.d/10-options.conf
install -D -m 644 %{SOURCE24} %{buildroot}%{_unitdir}/rpc-statd-notify.service.d/10-options.conf
install -D -m 644 %{SOURCE25} %{buildroot}%{_unitdir}/rpc-svcgssd.service.d/10-options.conf
install -D -m 644 %{SOURCE26} %{buildroot}%{_prefix}%{_sysconfdir}/nfs.conf
mkdir -p -m 755 %{buildroot}%{_prefix}%{_sysconfdir}/nfs.conf.d
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/nfs.conf.d
install -D -m 644 %{SOURCE27} %{buildroot}%{_prefix}/lib/tmpfiles.d/nfs-kernel-server.conf
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcnfs-server
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcnfs-client
# sysconfig-data
mkdir -p %{buildroot}%{_fillupdir}
install -m 644 %{SOURCE4} %{buildroot}%{_fillupdir}
# idmapd setup
install -D -m 644 %{SOURCE11} %{buildroot}%{_prefix}%{_sysconfdir}/idmapd.conf
mkdir -p -m 755 %{buildroot}%{_prefix}%{_sysconfdir}/idmapd.conf.d
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/idmapd.conf.d
mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/rpc_pipefs
mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/v4recovery
# sm-notify state
mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/sm
mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/sm.bak
touch %{buildroot}%{_localstatedir}/lib/nfs/state
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
mkdir -p -m 755 %{buildroot}%{_prefix}%{_sysconfdir}/nfsmount.conf.d
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/nfsmount.conf.d
#
# hack to avoid automatic python dependency
chmod 644 `grep -l -r '^#!/usr/bin/python' %{buildroot}%{_sbindir}`
# Install sysusers.d template
mkdir -p %{buildroot}%{_sysusersdir}
install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/
%pre -n nfs-client -f statd.pre
%service_add_pre auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service
%post -n nfs-client
# lib/nfs must be root-owned.
# sm and sm.back and contents should be statd:statd,
# but only chown if the dirs are currently root-owned.
# This is needed for some upgraded, but chown is best avoided
# when not necessary
chown root:root %{_localstatedir}/lib/nfs > /dev/null 2>&1 || :
for i in sm sm.bak; do
p=%{_localstatedir}/lib/nfs/$i
if [ -d "$b" -a -n "`chown 2> /dev/null -c --from root statd:statd $p`" ]; then
chown -R statd:statd $p > /dev/null 2>&1 || :
fi
done
### migrate from /var/lock/subsys
[ -d /run/nfs ] || mkdir /run/nfs
if [ -f %{_localstatedir}/lock/subsys/nfs-rpc.idmapd ]; then
mv %{_localstatedir}/lock/subsys/nfs-rpc.idmapd /run/nfs
fi
if [ -f %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd ]; then
mv %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd /run/nfs
fi
###
%{fillup_only -n nfs nfs}
#
%set_permissions %{_sbindir}/mount.nfs
/sbin/ldconfig
%service_add_post auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service
%preun -n nfs-client
%service_del_preun auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service
%postun -n nfs-client
/sbin/ldconfig
%service_del_postun auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service
%verifyscript -n nfs-client
%verify_permissions -e %{_sbindir}/mount.nfs
%pre -n nfs-kernel-server
%service_add_pre nfs-svcgssd.service nfs-mountd.service nfs-server.service
%preun -n nfs-kernel-server
%service_del_preun nfs-svcgssd.service nfs-mountd.service nfs-server.service
%post -n nfs-kernel-server
### migrate from /var/lock/subsys
[ -d /run/nfs ] || mkdir /run/nfs
if [ -f %{_localstatedir}/lock/subsys/nfs-rpc.idmapd ]; then
mv %{_localstatedir}/lock/subsys/nfs-rpc.idmapd /run/nfs
fi
if [ -f %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd ]; then
mv %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd /run/nfs
fi
###
%service_add_post nfs-mountd.service nfs-server.service nfsdcld.service
%tmpfiles_create nfs-kernel-server.conf
%set_permissions /var/lib/nfs/rmtab
%postun -n nfs-kernel-server
%service_del_postun nfs-mountd.service nfs-server.service nfsdcld.service
%post -n libnfsidmap1 -p /sbin/ldconfig
%postun -n libnfsidmap1 -p /sbin/ldconfig
%verifyscript -n nfs-kernel-server
%verify_permissions -e /var/lib/nfs/rmtab
%files -n nfs-client
%license COPYING
%{_prefix}%{_sysconfdir}/idmapd.conf
%dir %{_prefix}%{_sysconfdir}/idmapd.conf.d
%dir %{_sysconfdir}/idmapd.conf.d
%dir %{_prefix}%{_sysconfdir}/nfsmount.conf.d
%dir %{_sysconfdir}/nfsmount.conf.d
%doc utils/mount/nfsmount.conf
%{_prefix}%{_sysconfdir}/nfs.conf
%dir %{_prefix}%{_sysconfdir}/nfs.conf.d
%dir %{_sysconfdir}/nfs.conf.d
%verify(not mode) %attr(0755,root,root) %{_sbindir}/mount.nfs
%{_sbindir}/mount.nfs4
%{_sbindir}/umount.nfs
%{_sbindir}/umount.nfs4
%attr(0755,root,root) %{_sbindir}/mountstats
%attr(0755,root,root) %{_sbindir}/nfsiostat
%{_sbindir}/nfsdcld
%{_sbindir}/nfsidmap
%{_sbindir}/nfsstat
%{_sbindir}/rcnfs-client
%{_sbindir}/rpc.gssd
%{_sbindir}/rpc.idmapd
%{_sbindir}/rpc.statd
%{_sbindir}/rpcctl
%{_sbindir}/rpcdebug
%{_sbindir}/showmount
%{_sbindir}/sm-notify
%{_sbindir}/start-statd
%{_sbindir}/blkmapd
%{_sbindir}/rpc.svcgssd
%{_sbindir}/nfsconf
%{_udevrulesdir}/60-nfs.rules
%{_udevrulesdir}/99-nfs.rules
%{_unitdir}/auth-rpcgss-module.service
%{_unitdir}/fsidd.service
%{_unitdir}/nfs-blkmap.service
%{_unitdir}/nfs-client.target
%{_unitdir}/nfs-idmapd.service
%{_unitdir}/nfs-utils.service
%{_unitdir}/nfsdcld.service
%{_unitdir}/rpc-gssd.service
%{_unitdir}/rpc-gssd.service.d
%{_unitdir}/rpc_pipefs.target
%{_unitdir}/rpc-statd-notify.service
%{_unitdir}/rpc-statd-notify.service.d
%{_unitdir}/rpc-statd.service
%{_unitdir}/rpc-statd.service.d
%{_unitdir}/rpc-svcgssd.service
%{_unitdir}/rpc-svcgssd.service.d
%{_unitdir}/var-lib-nfs-rpc_pipefs.mount
%dir %{_systemdgeneratordir}
%{_systemdgeneratordir}/nfs-server-generator
%{_systemdgeneratordir}/rpc-pipefs-generator
%{_mandir}/man5/idmapd.conf.5%{ext_man}
%{_mandir}/man5/nfs.5%{ext_man}
%{_mandir}/man5/nfs.conf.5%{ext_man}
%{_mandir}/man5/nfsmount.conf.5%{ext_man}
%{_mandir}/man5/nfsrahead.5%{ext_man}
%{_mandir}/man7/nfs.systemd.7%{ext_man}
%{_mandir}/man8/blkmapd.8%{ext_man}
%{_mandir}/man8/gssd.8%{ext_man}
%{_mandir}/man8/idmapd.8%{ext_man}
%{_mandir}/man8/mount.nfs.8%{ext_man}
%{_mandir}/man8/mountstats.8%{ext_man}
%{_mandir}/man8/nfsconf.8%{ext_man}
%{_mandir}/man8/nfsdcld.8%{ext_man}
%{_mandir}/man8/nfsdclddb.8%{ext_man}
%{_mandir}/man8/nfsdclnts.8%{ext_man}
%{_mandir}/man8/nfsidmap.8%{ext_man}
%{_mandir}/man8/nfsiostat.8%{ext_man}
%{_mandir}/man8/nfsstat.8%{ext_man}
%{_mandir}/man8/rpc.gssd.8%{ext_man}
%{_mandir}/man8/rpc.idmapd.8%{ext_man}
%{_mandir}/man8/rpc.sm-notify.8%{ext_man}
%{_mandir}/man8/rpc.statd.8%{ext_man}
%{_mandir}/man8/rpc.svcgssd.8%{ext_man}
%{_mandir}/man8/rpcctl.8%{ext_man}
%{_mandir}/man8/rpcdebug.8%{ext_man}
%{_mandir}/man8/showmount.8%{ext_man}
%{_mandir}/man8/sm-notify.8%{ext_man}
%{_mandir}/man8/statd.8%{ext_man}
%{_mandir}/man8/svcgssd.8%{ext_man}
%{_mandir}/man8/umount.nfs.8%{ext_man}
%{_fillupdir}/sysconfig.nfs
%{_sysusersdir}/statd-user.conf
%dir %{_localstatedir}/lib/nfs
%dir %{_localstatedir}/lib/nfs/rpc_pipefs
%dir %{_localstatedir}/lib/nfs/v4recovery
%attr(0700,statd,statd) %dir %{_localstatedir}/lib/nfs/sm
%attr(0700,statd,statd) %dir %{_localstatedir}/lib/nfs/sm.bak
%ghost %{_localstatedir}/lib/nfs/state
%{_libexecdir}/nfsrahead
%files -n nfs-kernel-server
%{_unitdir}/nfs-mountd.service
%{_unitdir}/nfs-mountd.service.d
%{_unitdir}/nfs-server.service
%{_unitdir}/nfs-server.service.d
%{_unitdir}/proc-fs-nfsd.mount
%{_prefix}/lib/tmpfiles.d/nfs-kernel-server.conf
%{_sbindir}/exportfs
%{_sbindir}/fsidd
%{_sbindir}/rcnfs-server
%{_sbindir}/rpc.mountd
%{_sbindir}/rpc.nfsd
%{_sbindir}/nfsdcltrack
%{_sbindir}/nfsref
%attr(0755,root,root) %{_sbindir}/nfsdclddb
%attr(0755,root,root) %{_sbindir}/nfsdclnts
%{_mandir}/man5/exports.5%{ext_man}
%{_mandir}/man7/nfsd.7%{ext_man}
%{_mandir}/man8/exportfs.8%{ext_man}
%{_mandir}/man8/mountd.8%{ext_man}
%{_mandir}/man8/nfsd.8%{ext_man}
%{_mandir}/man8/nfsref.8%{ext_man}
%{_mandir}/man8/rpc.mountd.8%{ext_man}
%{_mandir}/man8/rpc.nfsd.8%{ext_man}
%{_mandir}/man8/nfsdcltrack.8%{ext_man}
%config(noreplace) %{_localstatedir}/lib/nfs/etab
%config(noreplace) %{_localstatedir}/lib/nfs/rmtab
%files -n libnfsidmap1
%{_libdir}/libnfsidmap-1.0.0/
%{_libdir}/libnfsidmap.so.1*
%files -n nfsidmap-devel
%{_libdir}/libnfsidmap.so
%{_includedir}/*.h
%{_libdir}/pkgconfig/libnfsidmap.pc
%{_mandir}/man3/*
%doc support/nfsidmap/README
%changelog

32
nfs.conf Normal file
View File

@ -0,0 +1,32 @@
#
# This is a general configuration for the
# NFS daemons and tools
# DO NOT MAKE CHANGES TO THIS FILE as they will
# be lost on the next software update. Make changes
# to /etc/sysconfig/nfs, /usr/src/nfs.conf./*.conf or
# /etc/nfs.conf.d/*.conf instead.
# The .conf file can include multiple sections, just
# like this file.
[environment]
include = /etc/sysconfig/nfs
include = -/etc/nfs.conf.local
[general]
pipefs-directory=$RPC_PIPEFS_DIR
[gssd]
avoid-dns=$NFS_GSSD_AVOID_DNS
[lockd]
port=$LOCKD_TCPPORT
udp-port=$LOCKD_UDPPORT
[mountd]
port= $MOUNTD_PORT
[nfsd]
threads= $USE_KERNEL_NFSD_NUMBER
grace-time=$NFSV4GRACETIME
lease-time=$NFSV4LEASETIME
vers3=$NFS3_SERVER_SUPPORT
vers4=$NFS4_SUPPORT
scope=$NFSD_SCOPE
[statd]
port=$STATD_PORT
name=$STATD_HOSTNAME

4
rpc-gssd.options.conf Normal file
View File

@ -0,0 +1,4 @@
[Service]
EnvironmentFile=-/etc/sysconfig/nfs
ExecStart=
ExecStart=-/usr/sbin/rpc.gssd $GSSD_OPTIONS

View File

@ -0,0 +1,4 @@
[Service]
ExecStart=
EnvironmentFile=-/etc/sysconfig/nfs
ExecStart=-/usr/sbin/sm-notify $SM_NOTIFY_OPTIONS

4
rpc-statd.options.conf Normal file
View File

@ -0,0 +1,4 @@
[Service]
EnvironmentFile=-/etc/sysconfig/nfs
ExecStart=
ExecStart=-/usr/sbin/rpc.statd $STATD_OPTIONS

4
rpc-svcgssd.options.conf Normal file
View File

@ -0,0 +1,4 @@
[Service]
EnvironmentFile=-/etc/sysconfig/nfs
ExecStart=
ExecStart=-/usr/sbin/rpc.svcgssd $SVCGSSD_OPTIONS

2
statd-user.conf Normal file
View File

@ -0,0 +1,2 @@
# Type Name ID GECOS [HOME] Shell
u statd - "NFS statd daemon" /var/lib/nfs -

253
sysconfig.nfs Normal file
View File

@ -0,0 +1,253 @@
## Path: Network/File systems/NFS server
## Description: number of threads for kernel nfs server
## Type: integer
## Default: 4
## ServiceRestart: nfs-server
#
# the kernel nfs-server supports multiple server threads
#
USE_KERNEL_NFSD_NUMBER="4"
## Path: Network/File systems/NFS server
## Description: use fixed port number for mountd
## Type: integer
## Default: ""
## ServiceRestart: nfs-mountd
#
# Only set this if you want to start mountd on a fixed
# port instead of the port assigned by rpc. Only for use
# to export nfs-filesystems through firewalls.
#
MOUNTD_PORT=""
## Path: Network/File systems/NFS server
## Description: NFSv3 server support
## Type: yesno
## Default: yes
## ServiceRestart: nfs-server
#
# Enable NFSv3 server support (yes/no)
# This causes the NFS server to respond to
# NFSv2 and NFSv3 requests. Only disable this
# if you want to ensure only NFSv4 is used.
#
NFS3_SERVER_SUPPORT="yes"
## Path: Network/File systems/NFS server
## Description: NFSv4 protocol support
## Type: yesno
## Default: yes
## ServiceRestart: nfs-server
#
# Enable NFSv4 support (server and/or client) (yes/no)
#
NFS4_SUPPORT="yes"
## Path: Network/File systems/NFS server
## Description: Network Status Monitor options
## Type: string
## Default: ""
#
# If a fixed port should be used to send reboot notification
# messages to other systems, that port should be given
# here as "-p portnumber".
#
SM_NOTIFY_OPTIONS=""
## Path: Network/File systems/NFS server
## Description: Port rpc.statd should listen on
## Type: integer
## Default: ""
## ServiceRestart: rpc-statd
#
# Statd will normally choose a random port to listen on and
# SuSE-Firewall is able to detect which port and allow for it.
# If you have another firewall, you may want to set a fixed
# port number which can then be opened in that firewall.
STATD_PORT=""
## Path: Network/File systems/NFS server
## Description: Hostname used by rpc.statd
## Type: string
## Default: ""
## ServiceRestart: rpc-statd
#
# statd will normally use the system hostname in status
# monitoring conversations with other hosts. If a different
# host name should be used, as can be useful with fail-over
# configurations, that name should be given here.
#
STATD_HOSTNAME=""
## Path: Network/File systems/NFS server
## Description: TCP Port that lockd should listen on
## Type: integer
## Default: ""
## ServiceRestart: nfs-server
#
# Lockd will normally choose a random port to listen on and
# SuSE-Firewall is able to detect which port and allow for it.
# If you have another firewall, you may want to set a fixed
# port number which can then be opened in that firewall.
# lockd opens a UDP and a TCP port. This setting only affect
# the TCP port.
LOCKD_TCPPORT=""
## Path: Network/File systems/NFS server
## Description: UDP Port that lockd should listen on
## Type: integer
## Default: ""
## ServiceRestart: nfs-server
#
# Lockd will normally choose a random port to listen on and
# SuSE-Firewall is able to detect which port and allow for it.
# If you have another firewall, you may want to set a fixed
# port number which can then be opened in that firewall.
# lockd opens a UDP and a TCP port. This setting only affect
# the UDP port.
LOCKD_UDPPORT=""
## Path: Network/File systems/NFS server
## Description: Command line parameters for rpc.statd
## Type: string
## Default: ""
## ServiceRestart: rpc-statd
#
# Custom parameters for rpc.statd daemon. Typically this will
# be used to set the port number (-p).
#
STATD_OPTIONS=""
## Path: Network/File systems/NFS server
## Description: Lease time for NFSv4 leases
## Type: integer
## Default: "90"
#
# Set the lease time for the NFSv4 server. When a client
# crashes or is separated from the server by a network problem,
# this indicates how long the server will continue to honor
# locks it held and when it will allow other clients to take
# conflicting locks. A shorter time means network problems are
# more likely to hurt filesystem functionality, but genuine
# client crash are detected more quickly.
# The NFSV4GRACETIME setting must be not less than the lease
# time, so another benefit of short lease times is that server
# reboots will disrupt filesystem traffic for a shorter period
# of time.
# This choice is primarily a trade-off between surviving
# transient network problems, and expediting completion of
# server reboot or fail-over.
# The default is 90 second. A practical minimum is about 15
# seconds.
#
NFSV4LEASETIME="90"
## Path: Network/File systems/NFS server
## Description: Grace time for NFSv4 server restart
## Type: integer
## Default: "90"
#
# Set the NFSv4 server grace time. When the server restarts it
# waits this long for pre-existing clients to re-establish any
# locks that they held before the restart. During this time
# new locks cannot be granted and new file opens cannot be
# allowed.
# A shorter time allows fast restart or fail-over completion,
# but requires the NFSV4LEASETIME to be shorter which may
# increase the impact of temporary network problems.
# The default is 90 seconds. The value must not be less than
# NFSV4LEASETIME.
# When NFSv4.1 or later is in use, and when all clients report
# when they finish reclaiming locks, the grace time can finish
# early and so a large value has little cost. The
# NFSV4LEASETIME is then most significant in managing restart
# timing.
#
NFSV4GRACETIME="90"
## Path: Network/File systems/NFS server
## Description: Alternate mount point for rpc_pipefs filesystem
## Type: string
## Default: ""
## ServiceRestart: nfs-utils
#
# In a high-availabilty configuration it is possible that /var/lib/nfs
# is redirected so some shared storage and so it is not convenient to
# mount the rpc_pipefs filesystem at /var/lib/nfs/rpc_pipefs. In that
# case an alternate mount point can be given here.
RPC_PIPEFS_DIR=""
## Path: Network/File systems/NFS server
## Description: Options for svcgssd
## Type: string
## Default: ""
## ServiceRestart: rpc-svcgssd
#
# Normally svcgssd does not require any option. However in a
# high-availabilty configuration it can be useful to pass "-n"
# to guide the choice of default credential. To allow for that
# case or any other requiring options ot svcgssd, they can
# be specified here.
SVCGSSD_OPTIONS=""
## Path: Network/File systems/NFS server
## Description: Extra options for nfsd
## Type: string
## Default: ""
## ServiceRestart nfs-server
#
# This setting allows extra options to be specified for NFSD, such as
# -H <shared_hostname> in a high-availability configuration.
NFSD_OPTIONS=""
## Path: Network/File systems/NFS server
## Description: Extra options for gssd
## Type: string
## Default: ""
## ServiceRestart: rpc-gssd
#
# Normally gssd does not require any options. In some circumstances,
# -n, -l or other options might be useful. See "man 8 rpc.gssd" for
# details. Those options can be set here.
GSSD_OPTIONS=""
## Path: Network/File systems/NFS server
## Description: Extra options for mountd
## Type: string
## Default: ""
## ServiceRestart nfs-mountd
#
# Normally mountd does not require any options. In some circumstances,
# -n, -t, -g or other options might be useful. See "man 8 rpc.mountd" for
# details. Those options can be set here.
# -p or -N should be set using MOUNTD_PORT or NFS4_SUPPORT rather than
# this option.
MOUNTD_OPTIONS=""
## Path: Network/File systems/NFS server
## Description: Avoid DNS lookups for kerberos principal
## Type: yesno
## Default: no
## ServiceRestart: rpc-gssd
#
# Avoid DNS lookups when determining kerberos identity
# of NFS server (yes/no)
# "yes" is safest, but "no" might be needed to preserve
# correct behaviour at sites that don't use
# Fully Qualified Domain Names when mounting NFS Shares.
#
NFS_GSSD_AVOID_DNS="no"
## Path: Network/File systems/NFS server
## Description: Set v4.1+ scope reported by server
## Type: string
## Default: ""
## ServiceRestart: nfs-server
#
# Set the scope reported by the NFS server. When nothing
# is given the kernel uses the configured hostname as
# a default. When NFS is used in a fail-over configuration
# it is important that all hosts which server the same resource
# report the same scope.
#
NFSD_SCOPE=""