Bug 493519 - mount syscall fails with EINVAL for NFSv4 with sec=krb5 option.
mount syscall fails with EINVAL for NFSv4 with sec=krb5 option.
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
All Linux
low Severity high
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-04-02 00:09 EDT by Steve Alexander
Modified: 2009-12-18 04:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-12-18 04:10:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Result of: strace -vf -s 256 ... (29.93 KB, text/plain)
2009-04-10 21:23 EDT, Steve Alexander
no flags Details

  None (edit)
Description Steve Alexander 2009-04-02 00:09:53 EDT
Description of problem:
Attempting to mount an nfs4 file system with kerberos security flavor always fails with an unusual error "mount.nfs4: an incorrect mount option was specified".

Version-Release number of selected component (if applicable):
Several F10 kernel revs.

How reproducible:

Steps to Reproduce:
1.Config an NFSv4 server, config & start NFS client services
2.Command "mount amanita:/ /tmp/mp -t nfs4 -o sec=krb5"
Actual results:
[root@luchs ~]# mount google.com:/ /tmp/mp -t nfs4 -o sec=krb5p
mount.nfs4: an incorrect mount option was specified

Expected results:
Successful mount.

Additional info:

Same mount command, same config, same client hardware, successfully mounts w/ Fedora8.

The sec=krb5, krbi, krb5 and  lkey security flavors all fail.

The "none" and "sys" flavors succeed (server is reconfigured).

Args to the mount syscall look correct (see strace).

[root@luchs ~]# strace -f -etrace=mount mount amanita:/ /tmp/mp -t nfs4 -o sec=krb5
Process 25897 attached
Process 25896 suspended
[pid 25897] mount("amanita:/", "/tmp/mp", "nfs4", 0, "sec=krb5,clientaddr="...) = -1 EINVAL (Invalid argument)
mount.nfs4: an incorrect mount option was specified
Process 25896 resumed
Process 25897 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
Comment 1 Chuck Ebbert 2009-04-10 19:57:48 EDT
Can you add the -v option to strace so it shows all the mount options?
Comment 2 Steve Alexander 2009-04-10 21:23:13 EDT
Created attachment 339148 [details]
Result of: strace -vf -s 256 ...

The command:
strace -vf -s 256  mount -t nfs4 -o sec=krb5 boletus:/ /tmp/mp 2>/tmp/strace.txt
resulted in the attached file,including:
[pid  6820] mount("boletus:/", "/tmp/mp", "nfs4", 0, "sec=krb5,clientaddr=,addr=") = -1 EINVAL (Invalid argument)

The "mount -v" coomand presents the following:
[root@luchs Desktop]# date
Fri Apr 10 21:07:37 EDT 2009
[root@luchs Desktop]# mount -v -t nfs4 -o sec=krb5 boletus:/ /tmp/mp
mount.nfs4: timeout set for Fri Apr 10 21:09:42 2009
mount.nfs4: text-based options: 'sec=krb5,clientaddr=,addr='
mount.nfs4: mount(2): Invalid argument
mount.nfs4: an incorrect mount option was specified

The relevant system software is represented by:
[root@luchs Desktop]# uname -a
Linux luchs.localdomain #1 SMP Mon Mar 23 23:37:54 EDT 2009 i686 i686 i386 GNU/Linux
[root@luchs Desktop]# yum list nfs*
Loaded plugins: refresh-packagekit
Installed Packages
nfs-utils.i386                                                1:1.1.4-8.fc10                                       installed
nfs-utils-lib.i386                                            1.1.4-1.fc10                                         installed
Available Packages
nfs-utils-lib-devel.i386                                      1.1.4-1.fc10                                         fedora   
nfs4-acl-tools.i386                                           0.3.2-2.fc9                                          fedora   
nfswatch.i386                                                 4.99.9-3.fc9                                         fedora  
Comment 3 Steve Alexander 2009-06-26 06:48:02 EDT
Same problem exists in Fedora 11.   All Kerberos client NFS4 is broken.
Same exact symptoms.  Strace is basically identical.
Comment 4 Bjørn Tore Sund 2009-11-02 10:41:15 EST
Is anyone looking at this problem?
Comment 5 Bjørn Tore Sund 2009-11-02 10:50:24 EST
Steve...  In my case the issue resolved itself by setting SECURE_NFS="yes" in /etc/sysconfig/nfs on the Fedora 10 client and rebooting.

Comment 6 Bug Zapper 2009-11-18 04:58:02 EST
This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
Comment 7 Bug Zapper 2009-12-18 04:10:29 EST
Fedora 10 changed to end-of-life (EOL) status on 2009-12-17. Fedora 10 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.