Bug 2116395
Summary: | NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Yongcheng Yang <yoyang> |
Component: | sssd | Assignee: | Alexey Tikhonov <atikhono> |
Status: | CLOSED ERRATA | QA Contact: | Yongcheng Yang <yoyang> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.7 | CC: | atikhono, fsorenso, pbrezina, sssd-maint, sssd-qe, steved, xzhou |
Target Milestone: | rc | Keywords: | Regression, Reproducer, Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | sync-to-jira | ||
Fixed In Version: | sssd-2.7.3-4.el8 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | 2116389 | Environment: | |
Last Closed: | 2022-11-08 10:51:34 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2089955 |
Description
Yongcheng Yang
2022-08-08 13:08:27 UTC
Most probably duplicate of bz 2109451 (In reply to Alexey Tikhonov from comment #1) > Most probably duplicate of bz 2109451 Unfortunately not. I have just checked the version sssd-2.7.3-2.el8 and this problem still exists: https://beaker.engineering.redhat.com/jobs/6903892 Upstream PR: https://github.com/SSSD/sssd/pull/6305 Pushed PR: https://github.com/SSSD/sssd/pull/6305 * `master` * 4ac93d9c5df59cdb7f397b4467f1c1c4822ff757 - CLIENT:MC: pointer to the context mutex shouldn't be touched * 579cc0b266d5f8954bc71cfcd3fe68002d681a5f - CLIENT:MC: -1 is more appropriate initial value for fd * `sssd-2-7` * d386e94ef49d95d7305a3e6578e41a2cf61dfc5c - CLIENT:MC: pointer to the context mutex shouldn't be touched * 0eae0862069e4bbbdd87b809193fc873f3003cff - CLIENT:MC: -1 is more appropriate initial value for fd # strace -r -f mount -v ibm-x3850x5-03-vm-01.rhts.eng.pek2.redhat.com:/exportDir-bz1419280 /mnt_test/ -o sec=krb5 ... [pid 80180] 0.000366 socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP) = 3 [pid 80180] 0.000156 bind(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 80180] 0.000512 connect(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.73.4.115")}, 16) = 0 [pid 80180] 0.000197 getsockname(3, {sa_family=AF_INET, sin_port=htons(36653), sin_addr=inet_addr("10.73.4.115")}, [28 => 16]) = 0 [pid 80180] 0.000131 close(3) = 0 [pid 80180] 0.000117 write(1, "mount.nfs: trying text-based opt"..., 97mount.nfs: trying text-based options 'sec=krb5,vers=4.2,addr=10.73.4.115,clientaddr=10.73.4.115') = 97 [pid 80180] 0.000116 mount("ibm-x3850x5-03-vm-01.rhts.eng.pek2.redhat.com:/exportDir-bz1419280", "/mnt_test", "nfs", 0, "sec=krb5,vers=4.2,addr=10.73.4.1"... #strace -r -p 67531 <-- pid of rpc.gssd [{events=EPOLLIN, data={u32=9, u64=9}}], 32, -1) = 1 10.570167 read(9, "\10\0\0\0\0\1\0@\0\0\0\0\20\0\0\0clntcf\0\0\0\0\0\0\0\0\0\0", 4096) = 32 0.000284 inotify_add_watch(9, "nfs/clntcf", IN_CREATE|IN_DELETE) = 61 0.000273 openat(8, "nfs/clntcf", O_RDONLY) = 386 0.000271 openat(386, "gssd", O_RDWR|O_NONBLOCK) = -1 EMFILE (Too many open files) 0.000232 openat(386, "krb5", O_RDWR|O_NONBLOCK) = -1 EMFILE (Too many open files) 0.000117 close(386) = 0 0.000095 read(9, "=\0\0\0\0\1\0\0\0\0\0\0\20\0\0\0idmap\0\0\0\0\0\0\0\0\0\0\0", 4096) = 32 0.000094 read(9, 0x7ffea8f547f0, 4096) = -1 EAGAIN (Resource temporarily unavailable) 0.000106 epoll_wait(5, # strace -r -f mount <unfinished ...> [pid 80179] 24.966470 <... wait4 resumed>0x7ffd2c573e68, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 80179] 0.000349 --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} --- [pid 80179] 0.000360 wait4(80180, 0x7ffd2c573e68, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 80179] 0.003532 --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} --- [pid 80179] 0.000458 wait4(80180, <unfinished ...> [pid 80180] 0.115931 <... mount resumed>) = -1 EACCES (Permission denied) [pid 80180] 0.000339 --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} --- [pid 80180] 0.000598 write(2, "mount.nfs: mount(2): Permission "..., 39mount.nfs: mount(2): Permission denied) = 39 [pid 80180] 0.000894 socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP) = 3 [pid 80180] 0.000678 bind(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 80180] 0.000610 connect(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.73.4.115")}, 16) = 0 [pid 80180] 0.000542 getsockname(3, {sa_family=AF_INET, sin_port=htons(42790), sin_addr=inet_addr("10.73.4.115")}, [28 => 16]) = 0 [pid 80180] 0.000512 close(3) = 0 [pid 80180] 0.000312 write(1, "mount.nfs: trying text-based opt"..., 110mount.nfs: trying text-based options 'sec=krb5,vers=4,minorversion=1,addr=10.73.4.115,clientaddr=10.73.4.115') = 110 [pid 80180] 0.000231 mount("ibm-x3850x5-03-vm-01.rhts.eng.pek2.redhat.com:/exportDir-bz1419280", "/mnt_test", "nfs", 0, "sec=krb5,vers=4,minorversion=1,a"... #strace -r -p 67531 [{events=EPOLLIN, data={u32=9, u64=9}}], 32, -1) = 1 24.962145 read(9, "\10\0\0\0\0\1\0@\0\0\0\0\20\0\0\0clntd0\0\0\0\0\0\0\0\0\0\0", 4096) = 32 0.000230 inotify_add_watch(9, "nfs/clntd0", IN_CREATE|IN_DELETE) = 62 0.000627 openat(8, "nfs/clntd0", O_RDONLY) = 386 0.000157 openat(386, "gssd", O_RDWR|O_NONBLOCK) = -1 EMFILE (Too many open files) 0.000171 openat(386, "krb5", O_RDWR|O_NONBLOCK) = -1 EMFILE (Too many open files) 0.000080 close(386) = 0 0.000071 read(9, 0x7ffea8f547f0, 4096) = -1 EAGAIN (Resource temporarily unavailable) 0.000099 epoll_wait(5, [{events=EPOLLIN, data={u32=9, u64=9}}], 32, -1) = 1 0.003985 read(9, "\5\0\0\0\0\1\0@\0\0\0\0\20\0\0\0clntd1\0\0\0\0\0\0\0\0\0\0", 4096) = 32 0.000099 inotify_add_watch(9, "nfsd4_cb/clntd1", IN_CREATE|IN_DELETE) = 63 0.000108 openat(8, "nfsd4_cb/clntd1", O_RDONLY) = 386 0.000128 openat(386, "gssd", O_RDWR|O_NONBLOCK) = -1 EMFILE (Too many open files) 0.000093 openat(386, "krb5", O_RDWR|O_NONBLOCK) = -1 EMFILE (Too many open files) 0.000090 close(386) = 0 0.000074 read(9, "\10\0\0\0\0\1\0@\0\0\0\0\20\0\0\0clntd2\0\0\0\0\0\0\0\0\0\0", 4096) = 32 0.000126 inotify_add_watch(9, "nfs/clntd2", IN_CREATE|IN_DELETE) = 64 0.000125 openat(8, "nfs/clntd2", O_RDONLY) = 386 0.000098 openat(386, "gssd", O_RDWR|O_NONBLOCK) = -1 EMFILE (Too many open files) 0.000092 openat(386, "krb5", O_RDWR|O_NONBLOCK) = -1 EMFILE (Too many open files) 0.000088 close(386) = 0 0.000065 read(9, 0x7ffea8f547f0, 4096) = -1 EAGAIN (Resource temporarily unavailable) 0.000097 epoll_wait(5, [{events=EPOLLIN, data={u32=9, u64=9}}], 32, -1) = 1 0.063122 read(9, "@\0\0\0\0\2\0\0\0\0\0\0\20\0\0\0info\0\0\0\0\0\0\0\0\0\0\0\0", 4096) = 32 0.000070 read(9, "@\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0", 4096) = 16 0.000076 inotify_rm_watch(9, 64) = -1 EINVAL (Invalid argument) 0.000075 read(9, "?\0\0\0\0\2\0\0\0\0\0\0\20\0\0\0info\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 48 0.000106 inotify_rm_watch(9, 63) = -1 EINVAL (Invalid argument) 0.000093 read(9, 0x7ffea8f547f0, 4096) = -1 EAGAIN (Resource temporarily unavailable) 0.000084 epoll_wait(5, [{events=EPOLLIN, data={u32=9, u64=9}}], 32, -1) = 1 0.049355 read(9, "=\0\0\0\0\2\0\0\0\0\0\0\20\0\0\0idmap\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 96 0.000066 read(9, 0x7ffea8f547f0, 4096) = -1 EAGAIN (Resource temporarily unavailable) 0.000077 epoll_wait(5, [{events=EPOLLIN, data={u32=9, u64=9}}], 32, -1) = 1 0.000085 read(9, ">\0\0\0\0\2\0\0\0\0\0\0\20\0\0\0info\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 64 0.000084 read(9, 0x7ffea8f547f0, 4096) = -1 EAGAIN (Resource temporarily unavailable) 0.000054 epoll_wait(5, [{events=EPOLLIN, data={u32=9, u64=9}}], 32, -1) = 1 0.000347 read(9, "=\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0>\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0", 4096) = 32 0.000074 inotify_rm_watch(9, 61) = -1 EINVAL (Invalid argument) 0.000074 inotify_rm_watch(9, 62) = -1 EINVAL (Invalid argument) 0.000101 read(9, 0x7ffea8f547f0, 4096) = -1 EAGAIN (Resource temporarily unavailable) 0.000073 epoll_wait(5, [{events=EPOLLIN, data={u32=9, u64=9}}], 32, -1) = 1 0.004998 read(9, "\10\0\0\0\0\1\0@\0\0\0\0\20\0\0\0clntd3\0\0\0\0\0\0\0\0\0\0", 4096) = 32 0.000117 inotify_add_watch(9, "nfs/clntd3", IN_CREATE|IN_DELETE) = 65 0.000134 openat(8, "nfs/clntd3", O_RDONLY) = 386 0.000108 openat(386, "gssd", O_RDWR|O_NONBLOCK) = -1 EMFILE (Too many open files) 0.000126 openat(386, "krb5", O_RDWR|O_NONBLOCK) = -1 EMFILE (Too many open files) 0.000095 close(386) = 0 0.000076 read(9, "A\0\0\0\0\1\0\0\0\0\0\0\20\0\0\0idmap\0\0\0\0\0\0\0\0\0\0\0", 4096) = 32 0.000077 read(9, 0x7ffea8f547f0, 4096) = -1 EAGAIN (Resource temporarily unavailable) 0.000072 epoll_wait(5, lsof | grep rpc\.gssd | wc -l 2117 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (sssd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7739 |