- gssd: unblock DNOTIFY_SIGNAL in case it was blocked
- Ensure statd gets started if required when non-root user mounts an NFS filesystem
This commit is contained in:
parent
62016099cd
commit
00239080fe
48
nfs-utils-1.1.4-gssd-dnotify.patch
Normal file
48
nfs-utils-1.1.4-gssd-dnotify.patch
Normal file
@ -0,0 +1,48 @@
|
||||
commit 068ea89e7d335d381276a2fff73d5abbb2b0a04d
|
||||
Author: Neil Brown <neilb@suse.de>
|
||||
Date: Wed Nov 26 08:48:03 2008 -0500
|
||||
|
||||
gssd: unblock DNOTIFY_SIGNAL in case it was blocked.
|
||||
|
||||
I have a situation where rpc.gssd appears to not be working.
|
||||
Mount attempts which need to communicate with it block.
|
||||
|
||||
I've narrowed down the problem to that fact that all realtime signals
|
||||
have been blocked. This means that DNOTIFY_SIGNAL (which is a
|
||||
realtime signal) is never delivered, so gssd never rescans the
|
||||
rpc_pipe/nfs directory.
|
||||
|
||||
It seems start_kde (or whatever it is called) and all descendants have
|
||||
these
|
||||
signals blocked. xfce seems to do the same thing. gnome doesn't.
|
||||
|
||||
So if you start rpc.gssd from a terminal window while logged in via
|
||||
KDE, it doesn't behave as expected.
|
||||
|
||||
Signed-off-by: Neil Brown <neilb@suse.de>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/gssd/gssd_main_loop.c b/utils/gssd/gssd_main_loop.c
|
||||
index 84f04e9..b9f3a06 100644
|
||||
--- a/utils/gssd/gssd_main_loop.c
|
||||
+++ b/utils/gssd/gssd_main_loop.c
|
||||
@@ -99,6 +99,7 @@ gssd_run()
|
||||
int ret;
|
||||
struct sigaction dn_act;
|
||||
int fd;
|
||||
+ sigset_t set;
|
||||
|
||||
/* Taken from linux/Documentation/dnotify.txt: */
|
||||
dn_act.sa_sigaction = dir_notify_handler;
|
||||
@@ -106,6 +107,11 @@ gssd_run()
|
||||
dn_act.sa_flags = SA_SIGINFO;
|
||||
sigaction(DNOTIFY_SIGNAL, &dn_act, NULL);
|
||||
|
||||
+ /* just in case the signal is blocked... */
|
||||
+ sigemptyset(&set);
|
||||
+ sigaddset(&set, DNOTIFY_SIGNAL);
|
||||
+ sigprocmask(SIG_UNBLOCK, &set, NULL);
|
||||
+
|
||||
if ((fd = open(pipefs_nfsdir, O_RDONLY)) == -1) {
|
||||
printerr(0, "ERROR: failed to open %s: %s\n",
|
||||
pipefs_nfsdir, strerror(errno));
|
72
nfs-utils-1.1.4-statd-setuid.patch
Normal file
72
nfs-utils-1.1.4-statd-setuid.patch
Normal file
@ -0,0 +1,72 @@
|
||||
commit 33bbeabb40d11a59266e0702adaa6a2e0acb6382
|
||||
Author: Neil Brown <neilb@suse.de>
|
||||
Date: Wed Nov 26 12:01:06 2008 -0500
|
||||
|
||||
Ensure statd gets started if required when non-root
|
||||
user mounts an NFS filesystem.
|
||||
|
||||
The first time an NFS filesystem is mounted, we start statd from
|
||||
/sbin/mount.nfs. If this first time is a non-root user doing the
|
||||
mount, (thanks to e.g. the 'users' option in /etc/fstab)
|
||||
then we need to be sure that the 'setuid' status from mount.nfs
|
||||
is inherited through to rpc.statd so that it runs as root.
|
||||
|
||||
There are two places where we loose our setuid status due to the shell
|
||||
(/bin/sh) discarding.
|
||||
|
||||
1/ mount.nfs uses "system" to run /usr/sbin/start-statd. This runs a
|
||||
shell which is likely to drop privileges. So change that code to use
|
||||
'fork' and 'execl' explicitly.
|
||||
2/ start-statd is a shell script. To convince the shell to allow the
|
||||
program to run in privileged mode, we need to add a "-p" flag.
|
||||
|
||||
We could just call setuid(getuid()) at some appropriate time, and it
|
||||
might be worth doing that as well, however I think that getting
|
||||
rid of 'system()' is a good idea and once that is done, the
|
||||
adding of '-p' is trivial and sufficient.
|
||||
|
||||
Signed-off-by: Neil Brown <neilb@suse.de>
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/utils/mount/network.c b/utils/mount/network.c
|
||||
index 2db694d..806344c 100644
|
||||
--- a/utils/mount/network.c
|
||||
+++ b/utils/mount/network.c
|
||||
@@ -36,6 +36,7 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
+#include <sys/wait.h>
|
||||
#include <netinet/in.h>
|
||||
#include <rpc/rpc.h>
|
||||
#include <rpc/pmap_prot.h>
|
||||
@@ -705,7 +706,18 @@ int start_statd(void)
|
||||
#ifdef START_STATD
|
||||
if (stat(START_STATD, &stb) == 0) {
|
||||
if (S_ISREG(stb.st_mode) && (stb.st_mode & S_IXUSR)) {
|
||||
- system(START_STATD);
|
||||
+ pid_t pid = fork();
|
||||
+ switch (pid) {
|
||||
+ case 0: /* child */
|
||||
+ execl(START_STATD, START_STATD, NULL);
|
||||
+ exit(1);
|
||||
+ case -1: /* error */
|
||||
+ perror("Fork failed");
|
||||
+ break;
|
||||
+ default: /* parent */
|
||||
+ waitpid(pid, NULL,0);
|
||||
+ break;
|
||||
+ }
|
||||
if (probe_statd())
|
||||
return 1;
|
||||
}
|
||||
diff --git a/utils/statd/start-statd b/utils/statd/start-statd
|
||||
index 6e7ea04..c7805ee 100644
|
||||
--- a/utils/statd/start-statd
|
||||
+++ b/utils/statd/start-statd
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/bin/sh
|
||||
+#!/bin/sh -p
|
||||
# nfsmount calls this script when mounting a filesystem with locking
|
||||
# enabled, but when statd does not seem to be running (based on
|
||||
# /var/run/rpc.statd.pid).
|
@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser
|
||||
Name: nfs-utils
|
||||
URL: http://sourceforge.net/projects/nfs
|
||||
Version: 1.1.4
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Epoch: 1
|
||||
|
||||
# group all 32bit related archs
|
||||
@ -29,6 +29,8 @@ Patch02: nfs-utils-1.1.0-exp-subtree-warn-off.patch
|
||||
Patch100: nfs-utils-1.1.4-inet6-capable-api.patch
|
||||
Patch101: nfs-utils-1.1.4-inet6-rpcbind-util-funcs.patch
|
||||
Patch102: nfs-utils-1.1.4-showmount-rpcbind.patch
|
||||
Patch103: nfs-utils-1.1.4-gssd-dnotify.patch
|
||||
Patch104: nfs-utils-1.1.4-statd-setuid.patch
|
||||
|
||||
%if %{enablefscache}
|
||||
Patch90: nfs-utils-1.1.0-mount-fsc.patch
|
||||
@ -86,6 +88,8 @@ This package also contains the mount.nfs and umount.nfs program.
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
%patch103 -p1
|
||||
%patch104 -p1
|
||||
|
||||
%if %{enablefscache}
|
||||
%patch90 -p1
|
||||
@ -249,6 +253,11 @@ fi
|
||||
%attr(4755,root,root) /sbin/umount.nfs4
|
||||
|
||||
%changelog
|
||||
* Wed Nov 26 2008 Steve Dickson <steved@redhat.com> 1.1.4-4
|
||||
- gssd: unblock DNOTIFY_SIGNAL in case it was blocked
|
||||
- Ensure statd gets started if required when non-root
|
||||
user mounts an NFS filesystem
|
||||
|
||||
* Tue Nov 25 2008 Steve Dickson <steved@redhat.com> 1.1.4-3
|
||||
- Give showmount support for querying via rpcbindv3/v4
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user