From c23e7515414867be021c6b9c9c0dab8b4208f02d Mon Sep 17 00:00:00 2001 From: Paulo Alcantara Date: Tue, 16 Apr 2024 13:48:59 -0300 Subject: [PATCH] mount.cifs.rst: add reference for sssd and update xattr/acl section --- .cifs-utils.metadata | 1 + cifs-utils.spec | 11 +++- ...s.rst-add-missing-reference-for-sssd.patch | 49 +++++++++++++++ ...pdate-section-about-xattr-acl-suppor.patch | 59 +++++++++++++++++++ 4 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 .cifs-utils.metadata create mode 100644 mount.cifs.rst-add-missing-reference-for-sssd.patch create mode 100644 mount.cifs.rst-update-section-about-xattr-acl-suppor.patch diff --git a/.cifs-utils.metadata b/.cifs-utils.metadata new file mode 100644 index 0000000..41c0d47 --- /dev/null +++ b/.cifs-utils.metadata @@ -0,0 +1 @@ +9df055a73d89ed3d536828d0cea304c9e04139d4 cifs-utils-7.0.tar.bz2 diff --git a/cifs-utils.spec b/cifs-utils.spec index 943e89b..f9cebbc 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -3,7 +3,7 @@ Name: cifs-utils Version: 7.0 -Release: 3%{pre_release}%{?dist} +Release: 4%{pre_release}%{?dist} Summary: Utilities for mounting and managing CIFS mounts License: GPLv3 @@ -23,6 +23,8 @@ Recommends: %{name}-info%{?_isa} = %{version}-%{release} Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2 Patch0: cifs.upcall-fix-UAF-in-get_cachename_from_process_en.patch Patch1: pam_cifscreds-fix-warning-on-NULL-arg-passed-to-s-in.patch +Patch2: mount.cifs.rst-add-missing-reference-for-sssd.patch +Patch3: mount.cifs.rst-update-section-about-xattr-acl-suppor.patch %description The SMB/CIFS protocol is a standard file sharing protocol widely deployed @@ -57,6 +59,8 @@ provide these credentials to the kernel automatically at login. %setup -q -n %{name}-%{version}%{pre_release} %patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build fgrep -r -l '/usr/bin/env python' | xargs -n1 sed -i 's@/usr/bin/env python.*@%python3@g' @@ -128,6 +132,11 @@ about CIFS mount. %{_mandir}/man1/smbinfo.* %changelog +* Tue Apr 16 2024 Paulo Alcantara - 7.0-4 +- mount.cifs.rst: add missing reference for sssd +- mount.cifs.rst: update section about xattr/acl support +- Resolves: RHEL-22495 + * Fri Apr 12 2024 Paulo Alcantara - 7.0-3 - pam_cifscreds: fix NULL arg warning passed to pam_syslog() - Resolves: RHEL-28050 diff --git a/mount.cifs.rst-add-missing-reference-for-sssd.patch b/mount.cifs.rst-add-missing-reference-for-sssd.patch new file mode 100644 index 0000000..f5dbe18 --- /dev/null +++ b/mount.cifs.rst-add-missing-reference-for-sssd.patch @@ -0,0 +1,49 @@ +From e7ec0032898d855be144c0cdc9d9e3f78ae01bf2 Mon Sep 17 00:00:00 2001 +From: Paulo Alcantara +Date: Sun, 10 Mar 2024 22:24:24 -0300 +Subject: [PATCH 1/2] mount.cifs.rst: add missing reference for sssd + +Reference sssd in mount.cifs(8) as it can be used instead of winbind +via cifs.idmap utility. It's also enabled by default in most systems. + +Signed-off-by: Paulo Alcantara (Red Hat) +--- + mount.cifs.rst | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/mount.cifs.rst b/mount.cifs.rst +index 3becf200e038..64127b23cf17 100644 +--- a/mount.cifs.rst ++++ b/mount.cifs.rst +@@ -773,10 +773,10 @@ specified in the following Microsoft TechNet document: + In order to map SIDs to/from UIDs and GIDs, the following is required: + + - a kernel upcall to the ``cifs.idmap`` utility set up via request-key.conf(5) +-- winbind support configured via nsswitch.conf(5) and smb.conf(5) ++- winbind or sssd support configured via nsswitch.conf(5) + +-Please refer to the respective manpages of cifs.idmap(8) and +-winbindd(8) for more information. ++Please refer to the respective manpages of cifs.idmap(8), winbindd(8) ++and sssd(8) for more information. + + Security descriptors for a file object can be retrieved and set + directly using extended attribute named ``system.cifs_acl``. The +@@ -792,10 +792,10 @@ Some of the things to consider while using this mount option: + - The mapping between a CIFS/NTFS ACL and POSIX file permission bits + is imperfect and some ACL information may be lost in the + translation. +-- If either upcall to cifs.idmap is not setup correctly or winbind is +- not configured and running, ID mapping will fail. In that case uid +- and gid will default to either to those values of the share or to +- the values of uid and/or gid mount options if specified. ++- If either upcall to cifs.idmap is not setup correctly or winbind or ++ sssd is not configured and running, ID mapping will fail. In that ++ case uid and gid will default to either to those values of the share ++ or to the values of uid and/or gid mount options if specified. + + ********************************** + ACCESSING FILES WITH BACKUP INTENT +-- +2.44.0 + diff --git a/mount.cifs.rst-update-section-about-xattr-acl-suppor.patch b/mount.cifs.rst-update-section-about-xattr-acl-suppor.patch new file mode 100644 index 0000000..8cb506c --- /dev/null +++ b/mount.cifs.rst-update-section-about-xattr-acl-suppor.patch @@ -0,0 +1,59 @@ +From 4718e09e4b15b957bf9d729793bc3de7caad8134 Mon Sep 17 00:00:00 2001 +From: Paulo Alcantara +Date: Sun, 10 Mar 2024 22:24:25 -0300 +Subject: [PATCH 2/2] mount.cifs.rst: update section about xattr/acl support + +Update section about required xattr/acl support for UID/GID mapping. + +Signed-off-by: Paulo Alcantara (Red Hat) +--- + mount.cifs.rst | 26 +++++++++++++++++++------- + 1 file changed, 19 insertions(+), 7 deletions(-) + +diff --git a/mount.cifs.rst b/mount.cifs.rst +index 64127b23cf17..d82a13c932b3 100644 +--- a/mount.cifs.rst ++++ b/mount.cifs.rst +@@ -321,11 +321,12 @@ soft + noacl + Do not allow POSIX ACL operations even if server would support them. + +- The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba +- servers version 3.0.10 and later. Setting POSIX ACLs requires enabling +- both ``CIFS_XATTR`` and then ``CIFS_POSIX`` support in the CIFS +- configuration options when building the cifs module. POSIX ACL support +- can be disabled on a per mount basis by specifying ``noacl`` on mount. ++ The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to ++ Samba servers version 3.0.10 and later. Setting POSIX ACLs requires ++ enabling both ``CONFIG_CIFS_XATTR`` and then ``CONFIG_CIFS_POSIX`` ++ support in the CIFS configuration options when building the cifs ++ module. POSIX ACL support can be disabled on a per mount basis by ++ specifying ``noacl`` on mount. + + cifsacl + This option is used to map CIFS/NTFS ACLs to/from Linux permission +@@ -762,8 +763,19 @@ bits, and POSIX ACL as user authentication model. This is the most + common authentication model for CIFS servers and is the one used by + Windows. + +-Support for this requires both CIFS_XATTR and CIFS_ACL support in the +-CIFS configuration options when building the cifs module. ++Support for this requires cifs kernel module built with both ++``CONFIG_CIFS_XATTR`` and ``CONFIG_CIFS_ACL`` options enabled. Since ++Linux 5.3, ``CONFIG_CIFS_ACL`` option no longer exists as CIFS/NTFS ++ACL support is always built into cifs kernel module. ++ ++Most distribution kernels will already have those options enabled by ++default, but you can still check if they are enabled with:: ++ ++ cat /lib/modules/$(uname -r)/build/.config ++ ++Alternatively, if kernel is configured with ``CONFIG_IKCONFIG_PROC``:: ++ ++ zcat /proc/config.gz + + A CIFS/NTFS ACL is mapped to file permission bits using an algorithm + specified in the following Microsoft TechNet document: +-- +2.44.0 +