Skip to content

Fixes for bugs #846950, #849942, #849608

Joachim Falk requested to merge jfalk-guest/nfs-utils:jfalk into master

Hi all,

I hopefully fixed these bugs in my Debian bullseye package. At the moment I contacted the bug submiters for feedback on the proposed 1:1.3.4-5~RC5 package.

nfs-utils (1:1.3.4-5~RC5) UNRELEASED; urgency=medium

[ Joachim Falk ]

  • debian/nfs-utils_env.sh: Correctly propagate RPCGSSDOPTS from /etc/default/nfs-common to rpc-gssd.service. Even though RPCGSSDOPTS was not documented or explicitly exposed in /etc/default/nfs-common, it’s used by the init script and there are people that have been relying on this for a while. (Closes: #846950)
  • Replace hardcoded keytab check in rpc-gssd.service with NEED_GSSD and auto detection of kerberized NFS mounts in /etc/fstab. Auto detection logic is in the nfs-utils_need_gssd_check.sh script. (Closes: #849608)
  • Fix kerberized NFS service inside Linux containers when the container host loads the auth_rpcgss kernel module to enable kerberized NFS service for its containers.
  • Replace hardcoded keytab check in rpc-svcgssd.service with NEED_SVCGSSD and auto detection of kerberized NFS exports in /etc/exports. Auto detection logic is in the nfs-utils_need_svcgssd_check.sh script. (Closes: #849942)
  • Replace hardcoded keytab check in auth-rpcgss-module.service with NEED_GSSD and auto detection of kerberized NFS mounts in /etc/fstab as well as NEED_SVCGSSD and auto detection of kerberized NFS exports in /etc/exports. Auto detection logic is in the scripts nfs-utils_need_gssd_check.sh and nfs-utils_need_svcgssd_check.sh. (Closes: #849942, #849608)
  • Only start the rpc-svcgssd.service when the nfs-kernel-server.service is requested. The rpc.svcgssd daemon is not needed for an NFS client, even when using Kerberos security. Moreover, starting this daemon with its default configuration will fail when no nfs/@REALM principal is in the krb5.keytab. Furthermore, the nfs/@REALM principal is unneeded for an NFS client configuration. Thus, resulting in a degraded system state for NFS client configurations without nfs/@REALM principal in the krb5.keytab.

-- Joachim Falk joachim.falk@gmx.de Fri, 04 Sep 2020 10:28:49 +0200

Best,

Joachim

Edited by Joachim Falk

Merge request reports