| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
Make it clear in manpage for mount.nfs that using nolock is
appropriate for /, /usr and /var.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
| |
If we are mounting nfsv2 or nfsv3 and statd isn't running and we
cannot start statd, then fail the mount request.
Also use an RPC ping to check on statd.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The for loop that restarts on SIGUSR or simu_reboot currently includes
several once-only things, that are probably best taken out of the loop.
We also take the unregister/register out of the loop as if statd does
drop privileges, then the second register won't use a privileged port
properly.
On the whole, cleaner code.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
If the kernel rejects an attempt to export a filesystem - e.g. because
it is not exportable, we shouldn't just ignore the error, but rather
should tell the kernel that the relevant filehandle or path cannot be supported.
We should really print out some error messages too.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
| |
Make sure that sm-notify really runs only once per reboot.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If statd dies and is restarted, it forgets what peers the kernel
is interested in monitoring, and so will not forward NOTIFY
requests properly.
With this patch the required information is recorded in the files
in /var/lib/nfs/sm/* so that a kill/restart does what you might
hope.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
| |
We need to call statd_get_socket before dropping privileges so that we
have a privileged port. We use to do that when initialising
notification as the same socket was used for reboot notication as for
callbacks to the kernel. Now it is a different socket..
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It would seem to make sense for mount.nfs to impose the
"-o user" => "-o noexec,nodev,nosuid"
rule. However if you give "user,exec" to /sbin/mount,
it will pass down
nodev,nosuid,user
with the 'exec' flag :-(
So we have to leave that handling of that particular rule to
/sbin/mount.
|
| |
|
|
|
|
| |
The option for set-source-address is '-v', not '-N'.
And only warn about -N if -N was actually used.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Commit 6facb22402a0bd8cd49be2ed1a0856b24fef42f4 changed the allocation
of len to no longer get 20 extra bytes. It needs to get at least one
extra byte for a null character, otherwise a single extra option such
as "sec=krb5" is never copied in parse_opt() and is dropped.
Commit 44a3727a3243e674a1f1fdad5cbbc639aa25d01c added a typo when
checking the program name.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
| |
try_to_resolve is used to resolve a hostname when sending a notification.
But we now only send notifications to localhost, so name resolution is not
needed.
|
| |
|
|
|
|
| |
Failure to tell mountd about the unmount should not be classes
and an error and DEFINTELY should not stop the filesystem
from being unmounted.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The patch avoid the collision between commas in security contexts and the
delimiter between mount options.
Try:
mount.nfs foo://mnt/bar /mnt/bar -o context=\"aaa,bbb,ccc\",ro
Signed-off-by: Cory Olmo <colmo@TrustedCS.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
| |
Also fix a few bugs that came up in initial testing.
|
| |
|
|
|
|
| |
getopt_long uses argv[0] in error messages. So it it is given
argv+2 for example, we need to make sure that argv[2] has the
correct program name.
|
| |
|
|
|
| |
Reject if there are non-flag args,
Reject if the filesystem is not an NFS filesystem.
|
| |
|
|
|
| |
Make sure all possible invalid arguments are discovered and reported.
Make sure nothing gets by for uid!=0 that doesn't perfectly match fstab.
|
| | |
|
| |
|
|
|
|
|
| |
Some versions of libblkid have a terrible memory leak which makes
mounted grow toooo big. So support
--disable-uuid
to remove the uuid functionality and liblkid with it.
|
| |
|
|
|
|
|
| |
Ultimately it makes sense to remove remove rpcgen from the nfs-utils
release as it is already in the glibc release. With this patch
you can use the system rpcgen to make sure it works.
It is not default yet, but it might be in a future release.
|
| |
|
|
|
|
|
|
| |
On -o remount, we need to update the entry in mtab rather than
add a new one. update_mtab does this so use that.
However it might free some strings that shouldn't be freed, so
stop it from calling free - the program will exit soon anyway
so no exit is needed.
|
| |
|
|
|
| |
Registering sockets with portmap might require root privs,
so don't drop privs until that has been done.
|
| |
|
|
|
| |
With -L (for Listen-only) or --no-notify, statd will not run
sm-notify.
|
| |
|
|
|
| |
statd now execs sm-notify to notify peers and only listens to
monitor requests and remote notifications itself.
|
| |
|
|
|
| |
Add sm-notify to the compile/install scripts,
(and fix a compile warning).
|
| |
|
|
|
| |
If /var/lib/nfs/sm is owned by non-root, setuid to that uid
after opening sockets but before receiving answers.
|
| |
|
|
|
|
|
|
|
| |
As "mount.nfs" can start statd, and as statd can start sm-notify,
the risk of sm-notify being run multiple times increases.
As this is not normally appropriate, sm-notify now creates a
file in /var/run which will stop future instances from being
run (though ofcourse this behaviour can be controlled by a
new command line option).
|
| | |
|
| |
|
|
|
| |
This functionality is alreday present in getaddrinfo so it isn't
needed explicitly.
|
| |
|
|
| |
for compat with statd.
|
| |
|
|
| |
Not included in build yet.
|
| |
|
|
|
|
|
|
|
| |
The fake option has to write to mtab like a normal mount. Read mount(8) man
page for more details. It's very important for system init scripts that use
"-f" as a way how write info about mount points to /etc/mtab.
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
| |
When looking for the exportpoint to match a given fsid,
if an NFSEXP_CROSSMOUNT export is found, also check all filesystems
mounted below there.
|
| |
|
|
|
|
|
| |
If the kernel finds a mountpoint below a 'crossmnt' export, it will ask
mounted what export options to use. With this patch it will return
the same export options as for the top 'crossmnt' export unless
more specific options have been given.
|
| |
|
|
|
|
|
|
|
| |
If we are asked to export a filesystem which is not explicitly
exported, but an ancestor is exported as 'crossmnt', export the
filesystems with the same options as the ancestor.
This is the first step to making 'crossmnt' effectively export
a tree of filesystems.
|
| |
|
|
|
|
| |
Without this fix, mountd ignores sockets with filedescriptor > 31,
so if there are more than about 26 concurrent connections, mountd
starts spinning.
|
| |
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
| |
1/ only warn once per export, as it could get too noisy.
2/ make it a little clearer why this might be a problem.
|
| |
|
|
|
|
|
|
|
| |
Future work needs access to the base pipefs directory rather than
the nfs subdirectory. Create two separate paths called
pipefs_dir and pipefs_nfsdir with the name of each.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
Don't restrict machine credentials to be "nfs/<machine.name>".
Use any usable credentials contained in the keytab file.
[We actually attempt to use the first entry found for each
realm, not every entry, in the keytab.]
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new option ("-n") to rpc.gssd to indicate that accesses as root
(uid 0) should not use machine credentials, but should instead use
"normal" Kerberos credentials obtained by root.
This change was prompted by a suggestion and patch from Daniel
Muntz <Dan.Muntz@netapp.com>. That patch suggested trying "normal"
credentials first and falling back to using machine creds for
uid 0 if normal creds failed.
This opens up the case where root may have credentials as "foo@REALM"
and begins accessing files. Then the context using those credentials
expires and must be renewed. If the credentials are now expired, then
root's new context would fall back and be created with the machine
credentials.
Instead, this patch insists that the administrator choose to use either
machine credentials for accesses by uid 0 (the default behavior, as
it was before) or "normal" credentials. In the latter case, arrangements
must be made to obtain credentials before attempting a mount. There
should be no doubts which credentials are used for uid 0.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
| |
Free keytab entries while processing keytab file.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| | |
|
| |
|
|
| |
Providing user=username or users is listed in mtab.
|
| |
|
|
| |
They are identical and the later allows us to use hasmntent.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If "user" or "users" is given, then allow mount.nfs to be run
by a non-root user providing that the mountpoint, filesystem, and options
exactly match what is found in fstab.
For "user", record the user name in mtab so they can unmount the
filesystem later.
Also alwasys ignore auto, owner, group and their negations as well
as "_netdev", "comment" and "loop".
|
| |
|
|
|
| |
The version of the interface to the kernel for requesting a mount
it entirely different to the version of NFS that is being mounted.
|
| |
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| | |
|
