import nfs-utils-2.3.3-41.el8

This commit is contained in:
CentOS Sources 2021-05-18 02:39:48 -04:00 committed by Andrew Lukoshko
parent f3288b818c
commit 1292498303
10 changed files with 1311 additions and 15 deletions

View File

@ -1,9 +1,9 @@
diff -up nfs-utils-2.3.1/systemd/nfs-server.service.orig nfs-utils-2.3.1/systemd/nfs-server.service
--- nfs-utils-2.3.1/systemd/nfs-server.service.orig 2018-01-19 10:25:38.153513857 -0500
+++ nfs-utils-2.3.1/systemd/nfs-server.service 2018-01-19 10:30:52.977245126 -0500
@@ -26,6 +26,7 @@ Type=oneshot
diff -up nfs-utils-2.3.3/systemd/nfs-server.service.orig nfs-utils-2.3.3/systemd/nfs-server.service
--- nfs-utils-2.3.3/systemd/nfs-server.service.orig 2020-12-11 09:05:23.499222371 -0500
+++ nfs-utils-2.3.3/systemd/nfs-server.service 2020-12-11 09:06:38.970186395 -0500
@@ -23,6 +23,7 @@ Type=oneshot
RemainAfterExit=yes
ExecStartPre=/usr/sbin/exportfs -r
ExecStartPre=-/usr/sbin/exportfs -r
ExecStart=/usr/sbin/rpc.nfsd
+ExecStart=-/bin/sh -c 'if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi'
ExecStop=/usr/sbin/rpc.nfsd 0

View File

@ -0,0 +1,50 @@
commit 7d5dcd2358df55353eed94a0e84b77bb3597634e
Author: J. Bruce Fields <bfields@redhat.com>
Date: Fri Mar 27 13:11:28 2020 -0400
exports man page: warn about subdirectory exports
Subdirectory exports have a number of problems which have been poorly
documented.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
index e3a16f6b..1d171849 100644
--- a/utils/exportfs/exports.man
+++ b/utils/exportfs/exports.man
@@ -494,6 +494,33 @@ export entry for
.B /home/joe
in the example section below, which maps all requests to uid 150 (which
is supposedly that of user joe).
+
+.SS Subdirectory Exports
+
+Normally you should only export only the root of a filesystem. The NFS
+server will also allow you to export a subdirectory of a filesystem,
+however, this has drawbacks:
+
+First, it may be possible for a malicious user to access files on the
+filesystem outside of the exported subdirectory, by guessing filehandles
+for those other files. The only way to prevent this is by using the
+.IR no_subtree_check
+option, which can cause other problems.
+
+Second, export options may not be enforced in the way that you would
+expect. For example, the
+.IR security_label
+option will not work on subdirectory exports, and if nested subdirectory
+exports change the
+.IR security_label
+or
+.IR sec=
+options, NFSv4 clients will normally see only the options on the parent
+export. Also, where security options differ, a malicious client may use
+filehandle-guessing attacks to access the files from one subdirectory
+using the options from another.
+
+
.SS Extra Export Tables
After reading
.I /etc/exports

View File

@ -0,0 +1,30 @@
commit ba90d61be3abca5a699765ce08759ca6b986781d
Author: Steve Dickson <steved@redhat.com>
Date: Thu Dec 10 14:05:23 2020 -0500
exports.man: Remove some outdated verbiage
Years ago, commit 6a7d90cea765 removed the warning
this verbiage was talking about, but was never
removed from the man page.
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
index 1d171849..54b3f877 100644
--- a/utils/exportfs/exports.man
+++ b/utils/exportfs/exports.man
@@ -169,13 +169,6 @@ default. In all releases after 1.0.0,
is the default, and
.I async
must be explicitly requested if needed.
-To help make system administrators aware of this change,
-.B exportfs
-will issue a warning if neither
-.I sync
-nor
-.I async
-is specified.
.TP
.IR no_wdelay
This option has no effect if

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,61 @@
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index d735dbfe..8ec33fb0 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -36,9 +36,9 @@ static nfs_export pseudo_root = {
.m_export = {
.e_hostname = "*",
.e_path = "/",
- .e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
+ .e_flags = NFSEXP_READONLY
| NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
- | NFSEXP_V4ROOT,
+ | NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT,
.e_anonuid = 65534,
.e_anongid = 65534,
.e_squids = NULL,
@@ -57,15 +57,11 @@ static nfs_export pseudo_root = {
};
static void
-set_pseudofs_security(struct exportent *pseudo, int flags)
+set_pseudofs_security(struct exportent *pseudo)
{
struct flav_info *flav;
int i;
- if (flags & NFSEXP_INSECURE_PORT)
- pseudo->e_flags |= NFSEXP_INSECURE_PORT;
- if ((flags & NFSEXP_ROOTSQUASH) == 0)
- pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
struct sec_entry *new;
@@ -75,8 +71,7 @@ set_pseudofs_security(struct exportent *pseudo, int flags)
i = secinfo_addflavor(flav, pseudo);
new = &pseudo->e_secinfo[i];
- if (flags & NFSEXP_INSECURE_PORT)
- new->flags |= NFSEXP_INSECURE_PORT;
+ new->flags |= NFSEXP_INSECURE_PORT;
}
}
@@ -95,7 +90,7 @@ v4root_create(char *path, nfs_export *export)
strncpy(eep.e_path, path, sizeof(eep.e_path)-1);
if (strcmp(path, "/") != 0)
eep.e_flags &= ~NFSEXP_FSID;
- set_pseudofs_security(&eep, curexp->e_flags);
+ set_pseudofs_security(&eep);
exp = export_create(&eep, 0);
if (exp == NULL)
return NULL;
@@ -143,7 +138,7 @@ pseudofs_update(char *hostname, char *path, nfs_export *source)
return 0;
}
/* Update an existing V4ROOT export: */
- set_pseudofs_security(&exp->m_export, source->m_export.e_flags);
+ set_pseudofs_security(&exp->m_export);
return 0;
}

View File

@ -0,0 +1,29 @@
commit 3e81185037cf97990e4598218f56d92dd70d6269
Author: NeilBrown <neilb@suse.de>
Date: Tue Oct 20 13:19:10 2020 -0400
clddb-tool was recently renamed to nfsdclddb.
Unfortunately the nfsdcld man page wasn't told.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/nfsdcld/nfsdcld.man b/utils/nfsdcld/nfsdcld.man
index 4c2b1e80..861f1c49 100644
--- a/utils/nfsdcld/nfsdcld.man
+++ b/utils/nfsdcld/nfsdcld.man
@@ -209,12 +209,12 @@ not necessary after upgrading \fBnfsdcld\fR, however \fBnfsd\fR will not use a l
version until restart. A restart of \fBnfsd is necessary\fR after downgrading \fBnfsdcld\fR,
to ensure that \fBnfsd\fR does not use an upcall version that \fBnfsdcld\fR does not support.
Additionally, a downgrade of \fBnfsdcld\fR requires the schema of the on-disk database to
-be downgraded as well. That can be accomplished using the \fBclddb-tool\fR(8) utility.
+be downgraded as well. That can be accomplished using the \fBnfsdclddb\fR(8) utility.
.SH FILES
.TP
.B /var/lib/nfs/nfsdcld/main.sqlite
.SH SEE ALSO
-.BR nfsdcltrack "(8), " clddb-tool (8)
+.BR nfsdcltrack "(8), " nfsdclddb (8)
.SH "AUTHORS"
.IX Header "AUTHORS"
The nfsdcld daemon was developed by Jeff Layton <jlayton@redhat.com>

View File

@ -0,0 +1,12 @@
diff -up nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py
--- nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig 2020-12-10 10:38:26.462195326 -0500
+++ nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py 2020-12-10 10:45:47.210671473 -0500
@@ -380,6 +380,8 @@ class DeviceData:
sends = float(self.__rpc_data['rpcsends'])
if sample_time == 0:
sample_time = float(self.__nfs_data['age'])
+ if sample_time == 0:
+ sample_time = 1;
return (sends / sample_time)
def display_iostats(self, sample_time, which):

View File

@ -0,0 +1,37 @@
diff -up nfs-utils-2.3.3/tools/mountstats/mountstats.py.orig nfs-utils-2.3.3/tools/mountstats/mountstats.py
--- nfs-utils-2.3.3/tools/mountstats/mountstats.py.orig 2020-12-10 10:48:17.319579958 -0500
+++ nfs-utils-2.3.3/tools/mountstats/mountstats.py 2020-12-10 10:52:42.481484160 -0500
@@ -943,10 +943,11 @@ def print_iostat_summary(old, new, devic
if not old or device not in old:
stats.display_iostats(time)
else:
- old_stats = DeviceData()
- old_stats.parse_stats(old[device])
- diff_stats = stats.compare_iostats(old_stats)
- diff_stats.display_iostats(time)
+ if ("fstype autofs" not in str(old[device])) and ("fstype autofs" not in str(new[device])):
+ old_stats = DeviceData()
+ old_stats.parse_stats(old[device])
+ diff_stats = stats.compare_iostats(old_stats)
+ diff_stats.display_iostats(time)
def iostat_command(args):
"""iostat-like command for NFS mount points
diff -up nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py
--- nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig 2020-12-10 10:48:17.316579880 -0500
+++ nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py 2020-12-10 10:52:42.481484160 -0500
@@ -467,10 +467,13 @@ def parse_stats_file(filename):
def print_iostat_summary(old, new, devices, time, options):
stats = {}
diff_stats = {}
+ devicelist = []
if old:
# Trim device list to only include intersection of old and new data,
# this addresses umounts due to autofs mountpoints
- devicelist = [x for x in old if x in devices]
+ for device in devices:
+ if "fstype autofs" not in str(old[device]):
+ devicelist.append(device)
else:
devicelist = devices

View File

@ -0,0 +1,37 @@
commit 003000d451833309c963054e58a48fa1df7e767b
Author: Steve Dickson <steved@redhat.com>
Date: Thu Dec 10 13:13:03 2020 -0500
exportfs: Ingnore export failures in nfs-server.serivce unit
With some recent commits, exportfs will continue on trying to
export filesystems even when an entry is invalid or does
not exist, but will still have a non-zero exit to report
the error.
This situation should not stop the nfs-server service
from comingup so nfs-server.service file should
ignore these types of failures
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
index 06c1adb7..b432f910 100644
--- a/systemd/nfs-server.service
+++ b/systemd/nfs-server.service
@@ -21,13 +21,13 @@ After=rpc-gssd.service gssproxy.service rpc-svcgssd.service
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStartPre=/usr/sbin/exportfs -r
+ExecStartPre=-/usr/sbin/exportfs -r
ExecStart=/usr/sbin/rpc.nfsd
ExecStop=/usr/sbin/rpc.nfsd 0
ExecStopPost=/usr/sbin/exportfs -au
ExecStopPost=/usr/sbin/exportfs -f
-ExecReload=/usr/sbin/exportfs -r
+ExecReload=-/usr/sbin/exportfs -r
[Install]
WantedBy=multi-user.target

View File

@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser
Name: nfs-utils
URL: http://linux-nfs.org/
Version: 2.3.3
Release: 35%{?dist}
Release: 41%{?dist}
Epoch: 1
# group all 32bit related archs
@ -61,6 +61,18 @@ Patch027: nfs-utils-2.3.3-nconnect-manpage.patch
Patch028: nfs-utils-2.3.3-nfsdclddb-rename.patch
Patch029: nfs-utils-2.3.3-nfsclnts-cmd.patch
#
# RHEL 8.4
#
Patch030: nfs-utils-2.3.3-exportfs-man-labels.patch
Patch031: nfs-utils-2.3.3-nfsiostat-div-zero.patch
Patch032: nfs-utils-2.3.3-nfsiostat-key-error.patch
Patch033: nfs-utils-2.3.3-nfsdclddb-manpage-rename.patch
Patch034: nfs-utils-2.3.3-systemd-exportfs-nofail.patch
Patch035: nfs-utils-2.3.3-exports-manpage-outdated.patch
Patch036: nfs-utils-2.3.3-gssd-multithread-updates.patch
Patch037: nfs-utils-2.3.3-mountd-pseudofs.patch
Patch100: nfs-utils-1.2.1-statdpath-man.patch
Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
Patch102: nfs-utils-2.3.3-idmap-errmsg.patch
@ -223,8 +235,6 @@ done
cat /etc/group | cut -d':' -f 1 | grep --quiet rpcuser 2>/dev/null
if [ "$?" -eq 1 ]; then
/usr/sbin/groupadd -g %{rpcuser_uid} rpcuser >/dev/null 2>&1 || :
else
/usr/sbin/groupmod -g %{rpcuser_uid} rpcuser >/dev/null 2>&1 || :
fi
# Create rpcuser uid as long as it does not already exist.
@ -253,11 +263,6 @@ if [ $? -eq 1 ]; then
fi
%post
# Enable nfs-convert so if an old configuration
# exists a conversion will occur
/bin/systemctl enable nfs-convert >/dev/null 2>&1 || :
if [ $1 -eq 1 ] ; then
# Initial installation
/bin/systemctl enable nfs-client.target >/dev/null 2>&1 || :
@ -270,8 +275,6 @@ if [ $1 -eq 0 ]; then
%systemd_preun nfs-client.target
%systemd_preun nfs-server.server
rm -rf /var/lib/nfs/statd
rm -rf /var/lib/nfs/v4recovery
fi
%postun
@ -280,6 +283,11 @@ fi
/bin/systemctl --system daemon-reload >/dev/null 2>&1 || :
if [ $1 -eq 0 ] ; then
rm -rf /var/lib/nfs/statd
rm -rf /var/lib/nfs/v4recovery
fi
%triggerin -- nfs-utils > 1:2.1.1-3
/bin/systemctl try-restart gssproxy || :
@ -347,6 +355,29 @@ fi
%{_libdir}/libnfsidmap.so
%changelog
* Wed Jan 20 2021 Steve Dickson <steved@redhat.com> 2.3.3-41
- mountd: never root squash on the pseudofs (bz 1804912)
* Mon Dec 14 2020 Steve Dickson <steved@redhat.com> 2.3.3-40
- gssd: upstream multithreaded updates (bz 1906792)
* Fri Dec 11 2020 Steve Dickson <steved@redhat.com> 2.3.3-39
- systemd: Ingnore export failures in nfs-server.serivce unit (bz 1894873)
- exports.man: Remove some outdated verbiage (bz 1769688)
* Thu Dec 10 2020 Steve Dickson <steved@redhat.com> 2.3.3-38
- exports man page: warn about subdirectory exports (bz 1652437)
- Don't modify /etc/group on upgrades (bz 1856881)
- nfs-iostat: divide by zero with fresh mount (bz 1861823)
- nfsiostat: Drop autofs entries before calling compare_iostats() (bz 1859130)
- nfsdclddb: clddb-tool was recently renamed to nfsdclddb (bz 1893599)
* Thu Dec 10 2020 Alice Mitchell <ajmitchell@redhat.com> 2.3.3-37
- Remove manual enabling of nfs-convert (bz 1683895)
* Fri Oct 9 2020 Alice Mitchell <ajmitchell@redhat.com> 2.3.3-36
- Fix uninstall warnings (bz 1733170)
* Wed Jun 10 2020 Steve Dickson <steved@redhat.com> 2.3.3-35
- Fix dependency problems with nfsdclnts (bz 1841502)