lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20071209195003.GB2138@fieldses.org>
Date:	Sun, 9 Dec 2007 14:50:03 -0500
From:	"J. Bruce Fields" <bfields@...ldses.org>
To:	Maxim Levitsky <maximlevitsky@...il.com>
Cc:	"Rafael J. Wysocki" <rjw@...k.pl>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Trond Myklebust <trond.myklebust@....uio.no>,
	gnome42@...il.com, linux-kernel@...r.kernel.org,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	"Denis V. Lunev" <den@...nvz.org>
Subject: Re: 2.6.24-rc3-git4 NFS crossmnt regression

On Sun, Dec 09, 2007 at 02:20:44AM +0200, Maxim Levitsky wrote:
> Due to the fact that I was bitten by this bug (I thought it is a feature), and a bit of lack
> of understanding of NFS4 I want to ask few questions about NFS:
> 
> 1) I want to export whole file-system  with submounts to a range of clients.
> As 'exports' manual says I can't do so, is that true?

Are you referring to the sentence in the description of "nohide" that
say "The  nohide  option  is  currently only effective on single host
exports.  It does not work reliably with  netgroup, subnet,  or wildcard
exports."?  I believe that's out of date.  This should work.

> Can you tell me how properly to use crossmnt and nohide?
> Where should I put those options in root file-system export or in submount export?

The easiest option is to add "crossmnt" to the root export.

> 2) NFS4 - I can't get it working:
> 
> *I have a LFS system, and this is what I did (NFS3 works fine, but crossmnt, and nohide seems not to work, probably due to above bug)
> 	I also have seen errors about stale handles 
> *Kernel - 2.6.24-rc3 with NFS3/4 client/server enabled on both host and guest. (both client and server running this kernel)
> *rpc.idmapd running on both client and server + all standard NFS3 tools
> *NFS tools 1.1.1 with nfs4 support compiled + without GSS (on server)
> * /etc/exports with fsid=0: (on server)
> 	/tmp *(fsid=0,insecure,rw,async,anonuid=100,anongid=1000)
> * mounting with -tnfs4 server:/ /mnt/tmp
> 
> Still doesn't work, using wireshark shows that
> 	NFSV4 COMPOUND call with
> 		Opcode: PUTROOTFH (24)
> 		Opcode: GETFH (10)
> 		Opcode: GETATTR (9)
> 
> Fails with 
> 	Reject State: AUTH_ERROR (1)
> 	Auth State: bad credential (seal broken) (1)
> 
> 
> Any ideas?

Your setup looks fine.  I assume this is the /proc/ bug again.

--b.

> 
> (I decided to switch to NFS4 only due to the lack of ability to see underlying mounts)
> 
> The system I am connecting to is a very old P1 system I use as a terminal
> (X and ssh)
> When I need to install something there I mount whole / of in on my main Core2 system
> chroot there, and compile/install.
> 
> 
> Best regrads,
> 	Maxim Levitsky
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ