nfs-utils.git/support/nsm, branch fixrootccache NFS utils related patches nfs-utils: add missing include of stdint.h 2017-10-05T14:47:54+00:00 Matthew Weber matthew.weber@rockwellcollins.com 2017-10-05T14:46:57+00:00 1d7e3a4808e1b8514af6342c1b49aaf08825b08f Glibc bump to 2.26 exposed this missing header when building with the following combination using an i386 internal toolchain. gcc5.4.0 bin2.28.1 linux4.1.43 Upstream: https://bugzilla.linux-nfs.org/show_bug.cgi?id=312 Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
Glibc bump to 2.26 exposed this missing header when building
with the following combination using an i386 internal toolchain.
gcc5.4.0
bin2.28.1
linux4.1.43

Upstream: https://bugzilla.linux-nfs.org/show_bug.cgi?id=312

Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
rpc.c: added include file so UINT16_MAX is defined. 2017-06-22T16:56:41+00:00 Steve Dickson steved@redhat.com 2017-06-22T16:56:41+00:00 ba03a02c2fd912f370e1f55de921a403bf5f9247 Signed-off-by: Steve Dickson <steved@redhat.com> 
Signed-off-by: Steve Dickson <steved@redhat.com>
libnsm.a: refactor nsm_setup_pathnames() and nsm_make_pathname() 2017-02-15T15:41:59+00:00 Scott Mayhew smayhew@redhat.com 2017-02-15T15:16:35+00:00 1789737ec6dd43c9d1436aeb6c07fab52206f412 Move the logic in nsm_setup_pathnames() and nsm_make_pathname() to similar generic functions in libmisc.a so that the exportfs and rpc.mountd programs can make use of them later. Reviewed-by: NeilBrown <neilb@suse.com> Signed-off-by: Scott Mayhew <smayhew@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
Move the logic in nsm_setup_pathnames() and nsm_make_pathname() to
similar generic functions in libmisc.a so that the exportfs and
rpc.mountd programs can make use of them later.

Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
statd: suppress a benign log message in nsm_delete_host() 2016-06-21T16:07:50+00:00 Scott Mayhew smayhew@redhat.com 2016-06-21T15:51:40+00:00 0aeb65f5f52903907451cdce7dbf0b4be21d46a3 Commit 76f8ce8c (statd: Update existing record if we receive SM_MON with new cookie) added some logic to unconditionally delete some existing on-disk monitor records. That works fine in an HA-NFS setup where there's a good chance of monitor files being left around after service failovers, but in the case where there isn't an existing monitor file statd emits a scary looking message like this: Jun 15 14:14:59 hostname rpc.statd[1368]: Failed to delete: could not stat original file /var/lib/nfs/statd/sm/nfs.smayhew.test: No such file or directory That message can be suppressed. Signed-off-by: Scott Mayhew <smayhew@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
Commit 76f8ce8c (statd: Update existing record if we receive SM_MON with
new cookie) added some logic to unconditionally delete some existing
on-disk monitor records.  That works fine in an HA-NFS setup where
there's a good chance of monitor files being left around after service
failovers, but in the case where there isn't an existing monitor file
statd emits a scary looking message like this:

Jun 15 14:14:59 hostname rpc.statd[1368]: Failed to delete: could not
stat original file /var/lib/nfs/statd/sm/nfs.smayhew.test: No such file
or directory

That message can be suppressed.

Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
libnsm.a: do not close file if open failed 2015-12-11T16:22:25+00:00 Vivek Trivedi t.vivek@samsung.com 2015-12-11T15:54:56+00:00 6f7a1d75f948f8d914e63f4ba4a24c97225689dc If file open failed, no need to issue close system call in nsm_get_state and closeall. Signed-off-by: Vivek Trivedi <t.vivek@samsung.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
If file open failed, no need to issue close system call in
nsm_get_state and closeall.

Signed-off-by: Vivek Trivedi <t.vivek@samsung.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
nfsdcld: Before clearing the capability bounding set, check if we have the cap 2012-06-19T14:53:29+00:00 Harald Hoyer harald@redhat.com 2012-06-19T14:53:29+00:00 d18b89cd7352783580f3d3dde26f8617e36459b9 From: Harald Hoyer <harald@redhat.com> PR_CAPBSET_DROP can return EINVAL, if an older kernel does support some capabilities, which are defined by CAP_LAST_CAP, which results in a failure of the service. For example kernel 3.4 errors on CAP_EPOLLWAKEUP, which was newly introduced in 3.5. So, for future capabilities, we clear until we get an EINVAL for PR_CAPBSET_READ. Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
From: Harald Hoyer <harald@redhat.com>

PR_CAPBSET_DROP can return EINVAL, if an older kernel does support
some capabilities, which are defined by CAP_LAST_CAP, which results in
a failure of the service.

For example kernel 3.4 errors on CAP_EPOLLWAKEUP, which was newly
introduced in 3.5.

So, for future capabilities, we clear until we get an EINVAL for
PR_CAPBSET_READ.

Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
statd: drop all capabilities from the bounding set as well 2012-05-29T18:44:17+00:00 Jeff Layton jlayton@redhat.com 2012-05-29T18:23:18+00:00 1ca82a963ace17397bd7ec09f5e0707badd7c254 statd drops all capabilities except for CAP_NET_BIND when it starts. It's possible though that if it ever had a compromise that an attacker would be able to invoke a setuid process (or something with file capabilities) in order to reinstate some caps. This could happen as a result of the daemon becoming compromised, or possibly as a result of the ha-callout program becoming compromised. In order to prevent that, have statd also prune the capability bounding set to nothing prior to dropping capabilities. That ensures that the process won't be able to reacquire capabilities via any means -- including exec'ing a setuid program. We do however need to be cognizant of the fact that PR_CAPBSET_DROP was only added in 2.6.25, so check to make sure that #define exists via autoconf before we rely on it. In order to do that, we must add ax_check_define.m4 from the GNU autoconf macro archive. Furthermore, do a runtime check to see if /proc/sys/kernel/cap-bound exists before attempting to clear the bounding set. If it does, then don't bother trying since it won't work. In that event though, do throw a warning however since the presence of that file indicates that there is a disconnect between the build and runtime environments. Acked-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
statd drops all capabilities except for CAP_NET_BIND when it starts.
It's possible though that if it ever had a compromise that an attacker would
be able to invoke a setuid process (or something with file capabilities) in
order to reinstate some caps.

This could happen as a result of the daemon becoming compromised, or
possibly as a result of the ha-callout program becoming compromised.

In order to prevent that, have statd also prune the capability bounding
set to nothing prior to dropping capabilities. That ensures that the
process won't be able to reacquire capabilities via any means --
including exec'ing a setuid program.

We do however need to be cognizant of the fact that PR_CAPBSET_DROP was
only added in 2.6.25, so check to make sure that #define exists via
autoconf before we rely on it. In order to do that, we must add
ax_check_define.m4 from the GNU autoconf macro archive.

Furthermore, do a runtime check to see if /proc/sys/kernel/cap-bound
exists before attempting to clear the bounding set. If it does, then
don't bother trying since it won't work. In that event though, do
throw a warning however since the presence of that file indicates that
there is a disconnect between the build and runtime environments.

Acked-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
statd: Decouple statd's state directory from the NFS state directory 2011-09-20T17:30:05+00:00 Steve Dickson steved@redhat.com 2011-09-20T16:52:46+00:00 5c3e26650a54af7826a2b4c6759b56681a350c37 To allow greater flexibility to where statd's state is kept, statd's state path can now be decoupled from the normal NFS state directory. In configure.ac, the NSM_DEFAULT_STATEDIR definition will now define the path to where the state information is kept. The default value, /var/lib/nfs, can be redefined with the --with-statdpath flag. Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
To allow greater flexibility to where statd's state is kept,
statd's state path can now be decoupled from the normal
NFS state directory.

In configure.ac, the NSM_DEFAULT_STATEDIR definition will now define
the path to where the state information is kept.  The default
value, /var/lib/nfs, can be redefined with the --with-statdpath
flag.

Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Statd should always 'chdir' to its state directory. 2011-07-21T18:26:11+00:00 NeilBrown neilb@suse.de 2011-07-21T18:23:00+00:00 1ce0374d445d8a3dbdfb3e9da4c76be9df44666b s statd can be started by 'mount' which can sometimes be run by a normal user, the current-working-directory could be anything. In partcular it could be in a mounted filesystem. As 'statd' continues running as a daemon it could keep prevent that filesystem from being unmounted. statd does currently 'chdir' to the state directory, but only if the state directory is not owned by root. This is wrong - it should check for root after the chdir, not before. So swap the two if statements around. Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com> 
s statd can be started by 'mount' which can sometimes be run by a
normal user, the current-working-directory could be anything.  In
partcular it could be in a mounted filesystem.  As 'statd' continues
running as a daemon it could keep prevent that filesystem from being
unmounted.

statd does currently 'chdir' to the state directory, but only if the
state directory is not owned by root.  This is wrong - it should check
for root after the chdir, not before.

So swap the two if statements around.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
libnsm.a: modify return value to false from 0 at nsm_drop_privileges() 2011-01-04T16:16:45+00:00 Mi Jinlong mijinlong@cn.fujitsu.com 2011-01-04T16:16:45+00:00 57be18b9ab08148a1cc9d5af588119885720be8b At nsm_drop_privileges(), for improving readability, unify the return value. Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com> Signed-off-by: Steve Dickson <steved@redhat.com> 
At nsm_drop_privileges(), for improving readability, unify
the return value.

Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>