In case ACLs are not supported in the underlying filesystem, the NFSv4 server should return NFS4ERR_ATTRNOTSUPP when ACL attributes are specified when creating a file. The following commit is required for this check. commit 3c8e03166ae234d16e7871f8009638e0946d303c Author: Yu Zhiguo <yuzg.com> Date: Sat May 16 16:22:31 2009 +0800 NFSv4: do exact check about attribute specified Server should return NFS4ERR_ATTRNOTSUPP if an attribute specified is not supported in current environment. Operations CREATE, NVERIFY, OPEN, SETATTR and VERIFY should do this check. This bug is found when do newpynfs tests. The names of the tests that failed are following: CR12 NVF7a NVF7b NVF7c NVF7d NVF7f NVF7r NVF7s OPEN15 VF7a VF7b VF7c VF7d VF7f VF7r VF7s Add function do_check_fattr() to do exact check: 1, Check attribute specified is supported by the NFSv4 server or not. 2, Check FATTR4_WORD0_ACL & FATTR4_WORD0_FS_LOCATIONS are supported in current environment or not. 3, Check attribute specified is writable or not. step 1 and 3 are done in function nfsd4_decode_fattr() but removed to this function now. Signed-off-by: Yu Zhiguo <yuzg.com> Signed-off-by: J. Bruce Fields <bfields.edu>
Created attachment 354154 [details] Reproducer Customer provided reproducer. Server: step1: # mount -o noacl /dev/hda5 /mnt # mkdir /mnt/nfsdir step2: # vi /etc/exports (add the following line) /mnt/nfsdir *(rw,insecure,no_root_squash,fsid=0) step3: # service nfs restart Client: step1: # gcc -o attr_nosupp attr_nosupp.c step2: # ./attr_nosupp $ServerAddr Actual Results: Kernel return NFS4_OK(0) Reproduce program log: # ./attr_nosupp $ServerAddr Server should return NFS4ERR_ATTRNOTSUPP rather than NFS_OK when attribute 'ACL' is not supported. Expected Results: Kernel return NFS4ERR_ATTRNOTSUPP(10032) Reproduce program log: # ./attr_nosupp $ServerAddr All right, Server can return NFS4ERR_ATTRNOTSUPP.
Created attachment 354156 [details] tcpdump demonstrating the problem A tcpdump demonstrating the problem. the underlying filesystem used for the nfs export was mounted with -o noacl to disable ACL support. Frame 14: Create request with an ACL attribute. Frame 16: A NFS_OK request being returned.
Created attachment 369742 [details] patch -- backported patch from upstream The upstream patch had a lot of dependencies on patches that were not in RHEL. A lot of those patches (though not all) were changes to accomodate NFSv4.1. Rather than apply all of those to RHEL, I decided it would be better to just backport the needed patch to the existing code. This patch is a first attempt at that backport. It builds cleanly and with it the provided test passes. I've not done much other testing with it yet.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
in kernel-2.6.18-176.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5 Please do NOT transition this bugzilla state to VERIFIED until our QE team has sent specific instructions indicating when to do so. However feel free to provide a comment indicating that this fix has been verified.
~~ Attention Customers and Partners - RHEL 5.5 Beta is now available on RHN ~~ RHEL 5.5 Beta has been released! There should be a fix present in this release that addresses your request. Please test and report back results here, by March 3rd 2010 (2010-03-03) or sooner. Upon successful verification of this request, post your results and update the Verified field in Bugzilla with the appropriate value. If you encounter any issues while testing, please describe them and set this bug into NEED_INFO. If you encounter new defects or have additional patch(es) to request for inclusion, please clone this bug per each request and escalate through your support representative.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2010-0178.html