From 00239080fe42306d507fc307e99d0e893f2fb56b Mon Sep 17 00:00:00 2001 From: Steve Dickson Date: Nov 26 2008 17:12:18 +0000 Subject: - gssd: unblock DNOTIFY_SIGNAL in case it was blocked - Ensure statd gets started if required when non-root user mounts an NFS filesystem --- diff --git a/nfs-utils-1.1.4-gssd-dnotify.patch b/nfs-utils-1.1.4-gssd-dnotify.patch new file mode 100644 index 0000000..84962d1 --- /dev/null +++ b/nfs-utils-1.1.4-gssd-dnotify.patch @@ -0,0 +1,48 @@ +commit 068ea89e7d335d381276a2fff73d5abbb2b0a04d +Author: Neil Brown +Date: Wed Nov 26 08:48:03 2008 -0500 + + gssd: unblock DNOTIFY_SIGNAL in case it was blocked. + + I have a situation where rpc.gssd appears to not be working. + Mount attempts which need to communicate with it block. + + I've narrowed down the problem to that fact that all realtime signals + have been blocked. This means that DNOTIFY_SIGNAL (which is a + realtime signal) is never delivered, so gssd never rescans the + rpc_pipe/nfs directory. + + It seems start_kde (or whatever it is called) and all descendants have + these + signals blocked. xfce seems to do the same thing. gnome doesn't. + + So if you start rpc.gssd from a terminal window while logged in via + KDE, it doesn't behave as expected. + + Signed-off-by: Neil Brown + Signed-off-by: Steve Dickson + +diff --git a/utils/gssd/gssd_main_loop.c b/utils/gssd/gssd_main_loop.c +index 84f04e9..b9f3a06 100644 +--- a/utils/gssd/gssd_main_loop.c ++++ b/utils/gssd/gssd_main_loop.c +@@ -99,6 +99,7 @@ gssd_run() + int ret; + struct sigaction dn_act; + int fd; ++ sigset_t set; + + /* Taken from linux/Documentation/dnotify.txt: */ + dn_act.sa_sigaction = dir_notify_handler; +@@ -106,6 +107,11 @@ gssd_run() + dn_act.sa_flags = SA_SIGINFO; + sigaction(DNOTIFY_SIGNAL, &dn_act, NULL); + ++ /* just in case the signal is blocked... */ ++ sigemptyset(&set); ++ sigaddset(&set, DNOTIFY_SIGNAL); ++ sigprocmask(SIG_UNBLOCK, &set, NULL); ++ + if ((fd = open(pipefs_nfsdir, O_RDONLY)) == -1) { + printerr(0, "ERROR: failed to open %s: %s\n", + pipefs_nfsdir, strerror(errno)); diff --git a/nfs-utils-1.1.4-statd-setuid.patch b/nfs-utils-1.1.4-statd-setuid.patch new file mode 100644 index 0000000..80689f1 --- /dev/null +++ b/nfs-utils-1.1.4-statd-setuid.patch @@ -0,0 +1,72 @@ +commit 33bbeabb40d11a59266e0702adaa6a2e0acb6382 +Author: Neil Brown +Date: Wed Nov 26 12:01:06 2008 -0500 + + Ensure statd gets started if required when non-root + user mounts an NFS filesystem. + + The first time an NFS filesystem is mounted, we start statd from + /sbin/mount.nfs. If this first time is a non-root user doing the + mount, (thanks to e.g. the 'users' option in /etc/fstab) + then we need to be sure that the 'setuid' status from mount.nfs + is inherited through to rpc.statd so that it runs as root. + + There are two places where we loose our setuid status due to the shell + (/bin/sh) discarding. + + 1/ mount.nfs uses "system" to run /usr/sbin/start-statd. This runs a + shell which is likely to drop privileges. So change that code to use + 'fork' and 'execl' explicitly. + 2/ start-statd is a shell script. To convince the shell to allow the + program to run in privileged mode, we need to add a "-p" flag. + + We could just call setuid(getuid()) at some appropriate time, and it + might be worth doing that as well, however I think that getting + rid of 'system()' is a good idea and once that is done, the + adding of '-p' is trivial and sufficient. + + Signed-off-by: Neil Brown + Signed-off-by: Steve Dickson + +diff --git a/utils/mount/network.c b/utils/mount/network.c +index 2db694d..806344c 100644 +--- a/utils/mount/network.c ++++ b/utils/mount/network.c +@@ -36,6 +36,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -705,7 +706,18 @@ int start_statd(void) + #ifdef START_STATD + if (stat(START_STATD, &stb) == 0) { + if (S_ISREG(stb.st_mode) && (stb.st_mode & S_IXUSR)) { +- system(START_STATD); ++ pid_t pid = fork(); ++ switch (pid) { ++ case 0: /* child */ ++ execl(START_STATD, START_STATD, NULL); ++ exit(1); ++ case -1: /* error */ ++ perror("Fork failed"); ++ break; ++ default: /* parent */ ++ waitpid(pid, NULL,0); ++ break; ++ } + if (probe_statd()) + return 1; + } +diff --git a/utils/statd/start-statd b/utils/statd/start-statd +index 6e7ea04..c7805ee 100644 +--- a/utils/statd/start-statd ++++ b/utils/statd/start-statd +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/sh -p + # nfsmount calls this script when mounting a filesystem with locking + # enabled, but when statd does not seem to be running (based on + # /var/run/rpc.statd.pid). diff --git a/nfs-utils.spec b/nfs-utils.spec index 2e47b75..b5b7622 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser Name: nfs-utils URL: http://sourceforge.net/projects/nfs Version: 1.1.4 -Release: 3%{?dist} +Release: 4%{?dist} Epoch: 1 # group all 32bit related archs @@ -29,6 +29,8 @@ Patch02: nfs-utils-1.1.0-exp-subtree-warn-off.patch Patch100: nfs-utils-1.1.4-inet6-capable-api.patch Patch101: nfs-utils-1.1.4-inet6-rpcbind-util-funcs.patch Patch102: nfs-utils-1.1.4-showmount-rpcbind.patch +Patch103: nfs-utils-1.1.4-gssd-dnotify.patch +Patch104: nfs-utils-1.1.4-statd-setuid.patch %if %{enablefscache} Patch90: nfs-utils-1.1.0-mount-fsc.patch @@ -86,6 +88,8 @@ This package also contains the mount.nfs and umount.nfs program. %patch100 -p1 %patch101 -p1 %patch102 -p1 +%patch103 -p1 +%patch104 -p1 %if %{enablefscache} %patch90 -p1 @@ -249,6 +253,11 @@ fi %attr(4755,root,root) /sbin/umount.nfs4 %changelog +* Wed Nov 26 2008 Steve Dickson 1.1.4-4 +- gssd: unblock DNOTIFY_SIGNAL in case it was blocked +- Ensure statd gets started if required when non-root + user mounts an NFS filesystem + * Tue Nov 25 2008 Steve Dickson 1.1.4-3 - Give showmount support for querying via rpcbindv3/v4