- gssd: unblock DNOTIFY_SIGNAL in case it was blocked

- Ensure statd gets started if required when non-root user mounts an NFS filesystem
2008-11-26 17:12:18 +00:00 · 2008-11-26 17:12:18 +00:00 · 00239080fe
commit 00239080fe
parent 62016099cd
3 changed files with 130 additions and 1 deletions
--- a/nfs-utils-1.1.4-gssd-dnotify.patch
+++ b/nfs-utils-1.1.4-gssd-dnotify.patch
@ -0,0 +1,48 @@
+commit 068ea89e7d335d381276a2fff73d5abbb2b0a04d
+Author: Neil Brown <neilb@suse.de>
+Date:   Wed Nov 26 08:48:03 2008 -0500
+
+    gssd:  unblock DNOTIFY_SIGNAL in case it was blocked.
+    
+    I have a situation where rpc.gssd appears to not be working.
+    Mount attempts which need to communicate with it block.
+    
+    I've narrowed down the problem to that fact that all realtime signals
+    have been blocked.  This means that DNOTIFY_SIGNAL (which is a
+    realtime signal) is never delivered, so gssd never rescans the
+    rpc_pipe/nfs directory.
+    
+    It seems start_kde (or whatever it is called) and all descendants have
+    these
+    signals blocked.  xfce seems to do the same thing.  gnome doesn't.
+    
+    So if you start rpc.gssd from a terminal window while logged in via
+    KDE, it doesn't behave as expected.
+    
+    Signed-off-by: Neil Brown <neilb@suse.de>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/utils/gssd/gssd_main_loop.c b/utils/gssd/gssd_main_loop.c
+index 84f04e9..b9f3a06 100644
+--- a/utils/gssd/gssd_main_loop.c
+++ b/utils/gssd/gssd_main_loop.c
+@@ -99,6 +99,7 @@ gssd_run()
+ 	int			ret;
+ 	struct sigaction	dn_act;
+ 	int			fd;
+	sigset_t		set;
+ 
+ 	/* Taken from linux/Documentation/dnotify.txt: */
+ 	dn_act.sa_sigaction = dir_notify_handler;
+@@ -106,6 +107,11 @@ gssd_run()
+ 	dn_act.sa_flags = SA_SIGINFO;
+ 	sigaction(DNOTIFY_SIGNAL, &dn_act, NULL);
+ 
+	/* just in case the signal is blocked... */
+	sigemptyset(&set);
+	sigaddset(&set, DNOTIFY_SIGNAL);
+	sigprocmask(SIG_UNBLOCK, &set, NULL);
+
+ 	if ((fd = open(pipefs_nfsdir, O_RDONLY)) == -1) {
+ 		printerr(0, "ERROR: failed to open %s: %s\n",
+ 			 pipefs_nfsdir, strerror(errno));
--- a/nfs-utils-1.1.4-statd-setuid.patch
+++ b/nfs-utils-1.1.4-statd-setuid.patch
@ -0,0 +1,72 @@
+commit 33bbeabb40d11a59266e0702adaa6a2e0acb6382
+Author: Neil Brown <neilb@suse.de>
+Date:   Wed Nov 26 12:01:06 2008 -0500
+
+    Ensure statd gets started if required when non-root
+    user mounts an NFS filesystem.
+    
+    The first time an NFS filesystem is mounted, we start statd from
+    /sbin/mount.nfs.  If this first time is a non-root user doing the
+     mount, (thanks to e.g.  the 'users' option in /etc/fstab)
+    then we need to be sure that the 'setuid' status from mount.nfs
+    is inherited through to rpc.statd so that it runs as root.
+    
+    There are two places where we loose our setuid status due to the shell
+    (/bin/sh) discarding.
+    
+    1/ mount.nfs uses "system" to run /usr/sbin/start-statd.  This runs a
+       shell which is likely to drop privileges.  So change that code to use
+      'fork' and 'execl' explicitly.
+    2/ start-statd is a shell script.  To convince the shell to allow the
+      program to run in privileged mode, we need to add a "-p" flag.
+    
+    We could just call setuid(getuid()) at some appropriate time, and it
+    might be worth doing that as well, however I think that getting
+    rid of 'system()' is a good idea and once that is done, the
+    adding of '-p' is trivial and sufficient.
+    
+    Signed-off-by: Neil Brown <neilb@suse.de>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/utils/mount/network.c b/utils/mount/network.c
+index 2db694d..806344c 100644
+--- a/utils/mount/network.c
+++ b/utils/mount/network.c
+@@ -36,6 +36,7 @@
+ 
+ #include <sys/types.h>
+ #include <sys/socket.h>
+#include <sys/wait.h>
+ #include <netinet/in.h>
+ #include <rpc/rpc.h>
+ #include <rpc/pmap_prot.h>
+@@ -705,7 +706,18 @@ int start_statd(void)
+ #ifdef START_STATD
+ 	if (stat(START_STATD, &stb) == 0) {
+ 		if (S_ISREG(stb.st_mode) && (stb.st_mode & S_IXUSR)) {
+-			system(START_STATD);
+			pid_t pid = fork();
+			switch (pid) {
+			case 0: /* child */
+				execl(START_STATD, START_STATD, NULL);
+				exit(1);
+			case -1: /* error */
+				perror("Fork failed");
+				break;
+			default: /* parent */
+				waitpid(pid, NULL,0);
+				break;
+			}
+ 			if (probe_statd())
+ 				return 1;
+ 		}
+diff --git a/utils/statd/start-statd b/utils/statd/start-statd
+index 6e7ea04..c7805ee 100644
+--- a/utils/statd/start-statd
+++ b/utils/statd/start-statd
+@@ -1,4 +1,4 @@
+-#!/bin/sh
+#!/bin/sh -p
+ # nfsmount calls this script when mounting a filesystem with locking
+ # enabled, but when statd does not seem to be running (based on
+ # /var/run/rpc.statd.pid).
--- a/nfs-utils.spec
+++ b/nfs-utils.spec
@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser
 Name: nfs-utils
 URL: http://sourceforge.net/projects/nfs
 Version: 1.1.4
-Release: 3%{?dist}
+Release: 4%{?dist}
 Epoch: 1

 # group all 32bit related archs
@ -29,6 +29,8 @@ Patch02: nfs-utils-1.1.0-exp-subtree-warn-off.patch
 Patch100: nfs-utils-1.1.4-inet6-capable-api.patch
 Patch101: nfs-utils-1.1.4-inet6-rpcbind-util-funcs.patch
 Patch102: nfs-utils-1.1.4-showmount-rpcbind.patch
+Patch103: nfs-utils-1.1.4-gssd-dnotify.patch
+Patch104: nfs-utils-1.1.4-statd-setuid.patch

 %if %{enablefscache}
 Patch90: nfs-utils-1.1.0-mount-fsc.patch
@ -86,6 +88,8 @@ This package also contains the mount.nfs and umount.nfs program.
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1
+%patch103 -p1
+%patch104 -p1

 %if %{enablefscache}
 %patch90 -p1
@ -249,6 +253,11 @@ fi
 %attr(4755,root,root)   /sbin/umount.nfs4

 %changelog
+* Wed Nov 26 2008 Steve Dickson <steved@redhat.com> 1.1.4-4
+- gssd: unblock DNOTIFY_SIGNAL in case it was blocked
+- Ensure statd gets started if required when non-root
+  user mounts an NFS filesystem
+
 * Tue Nov 25 2008 Steve Dickson <steved@redhat.com> 1.1.4-3
 - Give showmount support for querying via rpcbindv3/v4