Bug 784174
Summary: | SECINFO support in the NFS v4 client in RHEL 6 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Remya Valappil <rvalappi> |
Component: | kernel | Assignee: | Steve Dickson <steved> |
Status: | CLOSED ERRATA | QA Contact: | Jian Li <jiali> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.4 | CC: | jiali, kzhang, makc, nmurray, rvalappi, steved, tchakrab, xzhou |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel-2.6.32-288.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-21 06:01:48 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 806907, 846704 |
Description
Remya Valappil
2012-01-24 05:33:18 UTC
commit 8f70e95f9f4159184f557a1db60c909d7c1bd2e3 Author: Bryan Schumaker <bjschuma> Date: Thu Mar 24 17:12:31 2011 +0000 NFS: Determine initial mount security Here are the initial patches: commit 7ebb931598cd95cccea10d4bc4c0123a464ea565 Author: Bryan Schumaker <bjschuma> Date: Thu Mar 24 17:12:30 2011 +0000 NFS: use secinfo when crossing mountpoints commit 5a5ea0d485c9715c86bf858bbdc5f6d373b3db88 Author: Bryan Schumaker <bjschuma> Date: Thu Mar 24 17:12:29 2011 +0000 NFS: Add secinfo procedure commit 7c5130588d691a3b34d02312f1bd1b6d56fe0100 Author: Bryan Schumaker <bjschuma> Date: Thu Mar 24 17:12:24 2011 +0000 NFS: lookup supports alternate client commit e73b83f270828630a9ce33728f6ef61c37a82340 Author: Bryan Schumaker <bjschuma> Date: Thu Mar 24 17:12:23 2011 +0000 NFS: convert call_sync() to a function And these seem to be the supplement ones: commit 05e9cfb408b24debb3a85fd98edbfd09dd148881 Author: Trond Myklebust <Trond.Myklebust> Date: Tue Mar 27 18:13:02 2012 -0400 NFSv4: Fix two infinite loops in the mount code commit 613e901e1ee0e1096663b649eee8e5d6697919f3 Author: Bryan Schumaker <bjschuma> Date: Wed Apr 27 15:28:44 2011 -0400 NFS: Return meaningful status from decode_secinfo() commit fca78d6d2c77f87d7dbee89bbe4836a44da881e2 Author: Bryan Schumaker <bjschuma> Date: Thu Jun 2 14:59:07 2011 -0400 NFS: Add SECINFO_NO_NAME procedure commit 1650add23578b5ca35c1f1e863987180a8c03779 Author: Bryan Schumaker <bjschuma> Date: Thu Jun 2 15:07:35 2011 -0400 NFS: Fix decode_secinfo_maxsz commit c6e696660213a89a5bfde8b49d539553904c808f Author: Chuck Lever <chuck.lever> Date: Tue Oct 25 12:17:53 2011 -0400 NFS: Clean up nfs4_xdr_dec_secinfo() This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release. Reproducer refer to comment 0, and regression test is needed Patch(es) available on kernel-2.6.32-288.el6 Test as comment 1, secinfo work well. crossmnt also is tested, test case refer to /kernel/filesystems/nfs/mnt_secinfo Part of test output: # hp-xw4600-01.rhts.eng.nay.redhat.com:/tmp/TEST should be access by sec=krb5,krb5i,krb5p # mount with mount -o vers=4 hp-xw4600-01.rhts.eng.nay.redhat.com:/tmp/TEST /mnt/TEST # check from /mnt/mounts hp-xw4600-01.rhts.eng.nay.redhat.com:/tmp/TEST /mnt/TEST nfs4 rw,relatime,vers=4,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5,clientaddr=10.66.86.85,minorversion=0,local_lock=none,addr=10.66.86.85 0 0 # do some op # umount /mnt/TEST # mount with mount -o vers=4 hp-xw4600-01.rhts.eng.nay.redhat.com:/tmp/TEST/krb5 /mnt/TEST # check from /mnt/mounts hp-xw4600-01.rhts.eng.nay.redhat.com:/tmp/TEST/krb5 /mnt/TEST nfs4 rw,relatime,vers=4,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5,clientaddr=10.66.86.85,minorversion=0,local_lock=none,addr=10.66.86.85 0 0 # do some op # mount with mount -o vers=4 hp-xw4600-01.rhts.eng.nay.redhat.com:/tmp/TEST/krb5i /mnt/TEST # check from /mnt/mounts hp-xw4600-01.rhts.eng.nay.redhat.com:/tmp/TEST/krb5i/ /mnt/TEST nfs4 rw,relatime,vers=4,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5i,clientaddr=10.66.86.85,minorversion=0,local_lock=none,addr=10.66.86.85 0 0 # do some op # mount with mount -o vers=4 hp-xw4600-01.rhts.eng.nay.redhat.com:/tmp/TEST/krb5p /mnt/TEST # check from /mnt/mounts hp-xw4600-01.rhts.eng.nay.redhat.com:/tmp/TEST/krb5p/ /mnt/TEST nfs4 rw,relatime,vers=4,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5p,clientaddr=10.66.86.85,minorversion=0,local_lock=none,addr=10.66.86.85 0 0 # do some op Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0496.html Created attachment 772932 [details] Includes sosreport and other bug and error log files This is in relation to earlier case: 00577585 [RFE] NFS v4 Security Flavor Negotiation The bug associated with the case https://bugzilla.redhat.com/show_bug.cgi?id=784174 has been implemented and shipped with RHEL 6.4: http://rhn.redhat.com/errata/RHSA-2013-0496.html Customer has been testing the implementation and unfortunately NFS v4 security negotiation is not yet working against NetApp filers as NFS server. ONTAP also had a Security Negotiation bug http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=558782 but the fix is now available. Customer has been able to verify that the fix is working with a Solaris client. (all relevant info attached) |