Hello community, here is the log from the commit of package nfs-utils for openSUSE:Factory checked in at 2013-07-30 18:40:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nfs-utils (Old) and /work/SRC/openSUSE:Factory/.nfs-utils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nfs-utils" Changes: -------- --- /work/SRC/openSUSE:Factory/nfs-utils/nfs-utils.changes 2013-05-13 19:57:18.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.nfs-utils.new/nfs-utils.changes 2013-07-30 18:40:44.000000000 +0200 @@ -1,0 +2,19 @@ +Mon Jul 22 06:47:57 UTC 2013 - [email protected] + +- New sysconfig variables + NFS4_SERVER_MINOR_VERSION, GSSD_OPTIONS, + NFS_GSSD_AVOID_DNS + to enable various configurations. +- bug fixes to init scripts to avoid unmounting everything(!) + and to avoid corrupting /run/nfs/bind.mounts + +------------------------------------------------------------------- +Mon Jul 22 06:12:53 UTC 2013 - [email protected] + +- New upstream release 1.2.8 - mostly bugfixes, many to gssd. + No important new functionality +- Changes to ./configure command to remove warnings +- 8 more patches from upstream 'git' to fix non-trivial bugs + including on CVE. + +------------------------------------------------------------------- Old: ---- nfs-utils-1.2.7.tar.bz2 New: ---- 0001-mountd-Fix-is_subdirectory-again.patch 0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch 0003-Fix-handling-of-preferred-realm-command-line-option.patch 0004-nfsiostat-restore-output-format.patch 0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch 0006-gssd-fixed-typo-in-machine-cred-name.patch nfs-utils-1.2.8.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nfs-utils.spec ++++++ --- /var/tmp/diff_new_pack.XAwHKw/_old 2013-07-30 18:40:46.000000000 +0200 +++ /var/tmp/diff_new_pack.XAwHKw/_new 2013-07-30 18:40:46.000000000 +0200 @@ -35,7 +35,7 @@ Summary: Support Utilities for Kernel nfsd License: GPL-2.0+ Group: Productivity/Networking/NFS -Version: 1.2.7 +Version: 1.2.8 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %fillup_prereq %insserv_prereq @@ -57,6 +57,18 @@ Source12: start-statd Source13: nfs-utils.rpmlintrc Patch0: nfs-utils-1.0.7-bind-syntax.patch +# PATCH-FIX-UPSTREAM 0001-mountd-Fix-is_subdirectory-again.patch upstream-bugfix [email protected] +Patch1: 0001-mountd-Fix-is_subdirectory-again.patch +# PATCH-FIX-UPSTREAM 0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch upstream-bugfix [email protected] +Patch2: 0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch +# PATCH-FIX-UPSTREAM 0003-Fix-handling-of-preferred-realm-command-line-option.patch upstream-bugfix [email protected] +Patch3: 0003-Fix-handling-of-preferred-realm-command-line-option.patch +# PATCH-FIX-UPSTREAM 0004-nfsiostat-restore-output-format.patch upstream-bugfix [email protected] +Patch4: 0004-nfsiostat-restore-output-format.patch +# PATCH-FIX-UPSTREAM 0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch upstream-bugfix [email protected] +Patch5: 0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch +# PATCH-FIX-UPSTREAM 0006-gssd-fixed-typo-in-machine-cred-name.patch upstream-bugfix [email protected] +Patch6: 0006-gssd-fixed-typo-in-machine-cred-name.patch Suggests: python-base %description @@ -107,21 +119,25 @@ %prep %setup -q -n nfs-utils-%{version} -a 1 %patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 cp %{S:6} . %build rm -f configure; autoreconf -fi CFLAGS="$RPM_OPT_FLAGS -fPIE -fno-strict-aliasing" LDFLAGS="-pie" ./configure \ --mandir=%{_mandir} \ - --disable-rquotad \ --enable-nfsv4 \ --enable-gss \ --enable-ipv6 \ --enable-nfsdcltrack \ --enable-mount \ --enable-libmount-mount \ - --enable-mountconfig \ - --with-krb5=/usr/lib/mit + --enable-mountconfig make cd nfs for i in *.html ; do ++++++ 0001-mountd-Fix-is_subdirectory-again.patch ++++++ >From 23d3980b6cfea4e9056d9b7b81e48b4fefc645e0 Mon Sep 17 00:00:00 2001 From: NeilBrown <[email protected]> Date: Tue, 7 May 2013 11:46:18 -0400 Subject: [PATCH] mountd: Fix is_subdirectory again The problem was that is_subdirectory() would also succeed if the two directories were the same. This is needed for path_matches() which needs to see if the child is same-or-descendant. So this patch rearranges path_matches() to do the "are they the same" test itself and only bother with is_subdirectory() if it they are not the same. So now is_subdirectory() can be strict, and so can be usable for subexport(), which needs a strong 'in subdirectory - not the same' test. Acked-by: J. Bruce Fields <[email protected]> Signed-off-by: NeilBrown <[email protected]> Signed-off-by: Steve Dickson <[email protected]> --- utils/mountd/cache.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c index 737927c..517aa62 100644 --- a/utils/mountd/cache.c +++ b/utils/mountd/cache.c @@ -347,20 +347,26 @@ static char *next_mnt(void **v, char *p) static int is_subdirectory(char *child, char *parent) { + /* Check is child is strictly a subdirectory of + * parent or a more distant descendant. + */ size_t l = strlen(parent); - if (strcmp(parent, "/") == 0) + if (strcmp(parent, "/") == 0 && child[1] != 0) return 1; - return strcmp(child, parent) == 0 - || (strncmp(child, parent, l) == 0 && child[l] == '/'); + return (strncmp(child, parent, l) == 0 && child[l] == '/'); } static int path_matches(nfs_export *exp, char *path) { - if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT) - return is_subdirectory(path, exp->m_export.e_path); - return strcmp(path, exp->m_export.e_path) == 0; + /* Does the path match the export? I.e. is it an + * exact match, or does the export have CROSSMOUNT, and path + * is a descendant? + */ + return strcmp(path, exp->m_export.e_path) == 0 + || ((exp->m_export.e_flags & NFSEXP_CROSSMOUNT) + && is_subdirectory(path, exp->m_export.e_path)); } static int @@ -369,15 +375,13 @@ export_matches(nfs_export *exp, char *dom, char *path, struct addrinfo *ai) return path_matches(exp, path) && client_matches(exp, dom, ai); } -/* True iff e1 is a child of e2 and e2 has crossmnt set: */ +/* True iff e1 is a child of e2 (or descendant) and e2 has crossmnt set: */ static bool subexport(struct exportent *e1, struct exportent *e2) { char *p1 = e1->e_path, *p2 = e2->e_path; - size_t l2 = strlen(p2); return e2->e_flags & NFSEXP_CROSSMOUNT - && strncmp(p1, p2, l2) == 0 - && p1[l2] == '/'; + && is_subdirectory(p1, p2); } struct parsed_fsid { -- 1.8.3.1.487.g3e7a5b4 ++++++ 0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch ++++++ >From c93e8d8eeafec3e3228e24dfebef113e0a79a788 Mon Sep 17 00:00:00 2001 From: "Signed-off-by: NeilBrown" <[email protected]> Date: Tue, 28 May 2013 12:59:22 -0400 Subject: [PATCH] gssd: Fix recent fix to Avoid DNS reverse resolution in gssd. The final version for this fix that was committed inverted the test so makes no change in the important cases. The documentation didn't really help a naive user know when the new -D flag should be used. And the code (once fixed) avoided DNS resolution on non-qualified names too, which probably isn't a good idea. This patch fixes all three issues. Signed-off-by: NeilBrown <[email protected]> Signed-off-by: Steve Dickson <[email protected]> --- utils/gssd/gssd.man | 27 ++++++++++++++++++++++----- utils/gssd/gssd_proc.c | 18 ++++++++++-------- 2 files changed, 32 insertions(+), 13 deletions(-) diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man index 1df75c5..ac13fd4 100644 --- a/utils/gssd/gssd.man +++ b/utils/gssd/gssd.man @@ -195,11 +195,28 @@ option when starting .BR rpc.gssd . .SH OPTIONS .TP -.B -D -DNS Reverse lookups are not used for determining the -server names pass to GSSAPI. This option will reverses that and forces -the use of DNS Reverse resolution of the server's IP address to -retrieve the server name to use in GSAPI authentication. +.B \-D +The server name passed to GSSAPI for authentication is normally the +name exactly as requested. e.g. for NFS +it is the server name in the "servername:/path" mount request. Only if this +servername appears to be an IP address (IPv4 or IPv6) or an +unqualified name (no dots) will a reverse DNS lookup +will be performed to get the canoncial server name. + +If +.B \-D +is present, a reverse DNS lookup will +.I always +be used, even if the server name looks like a canonical name. So it +is needed if partially qualified, or non canonical names are regularly +used. + +Using +.B \-D +can introduce a security vulnerability, so it is recommended that +.B \-D +not be used, and that canonical names always be used when requesting +services. .TP .B -f Runs diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index 6cd4276..b7e2bbb 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -175,7 +175,6 @@ get_servername(const char *name, const struct sockaddr *sa, const char *addr) char *hostname; char hbuf[NI_MAXHOST]; unsigned char buf[sizeof(struct in6_addr)]; - int servername = 0; if (avoid_dns) { /* @@ -183,15 +182,18 @@ get_servername(const char *name, const struct sockaddr *sa, const char *addr) * If it is an IP address, do the DNS lookup otherwise * skip the DNS lookup. */ - servername = 0; - if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1) - servername = 1; /* IPv4 */ - else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1) - servername = 1; /* or IPv6 */ - - if (servername) { + int is_fqdn = 1; + if (strchr(name, '.') == NULL) + is_fqdn = 0; /* local name */ + else if (inet_pton(AF_INET, name, buf) == 1) + is_fqdn = 0; /* IPv4 address */ + else if (inet_pton(AF_INET6, name, buf) == 1) + is_fqdn = 0; /* IPv6 addrss */ + + if (is_fqdn) { return strdup(name); } + /* Sorry, cannot avoid dns after all */ } switch (sa->sa_family) { -- 1.8.3.1.487.g3e7a5b4 ++++++ 0003-Fix-handling-of-preferred-realm-command-line-option.patch ++++++ >From a402f768db1dc6497cf7f592b33e142936897de2 Mon Sep 17 00:00:00 2001 From: Maximilian Wilhelm <[email protected]> Date: Mon, 1 Jul 2013 11:58:13 -0400 Subject: [PATCH] Fix handling of preferred realm command line option. The current implementation ignores any preferred realm specified on the command line. Fix this behaviour and make sure the preferred realm is used as first realm when trying to acquire a keytab entry Signed-off-by: Maximilian Wilhelm <[email protected]> Signed-off-by: Frederik Moellers <[email protected]> Signed-off-by: Steve Dickson <[email protected]> --- utils/gssd/krb5_util.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 9ef80f0..abebdcd 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -852,11 +852,19 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, } /* - * Try the "appropriate" realm first, and if nothing found for that - * realm, try the default realm (if it hasn't already been tried). + * Make sure the preferred_realm, which may have been explicitly set + * on the command line, is tried first. If nothing is found go on with + * the host and local default realm (if that hasn't already been tried). */ i = 0; realm = realmnames[i]; + + if (strcmp (realm, preferred_realm) != 0) { + realm = preferred_realm; + /* resetting the realmnames index */ + i = -1; + } + while (1) { if (realm == NULL) { tried_all = 1; -- 1.8.3.1.487.g3e7a5b4 ++++++ 0004-nfsiostat-restore-output-format.patch ++++++ >From 94642a397d27ea0cfc6d798bc505482023eb5ec1 Mon Sep 17 00:00:00 2001 From: Weston Andros Adamson <[email protected]> Date: Mon, 1 Jul 2013 12:00:51 -0400 Subject: [PATCH] nfsiostat: restore output format Recent changes to support python 3 changed the output of nfsiostat from: read: ops/s kB/s kB/op retrans avg RTT (ms) avg exe (ms) 48.094 2889.133 60.072 0 (0.0%) 177.160 184.833 ... to: read: ops/s kB/s kB/op retrans avg RTT (ms) avg exe (ms) 0.000 0.000 0.000 0 (0.0%) 0.000 0.000 ... Signed-off-by: Weston Andros Adamson <[email protected]> Signed-off-by: Steve Dickson <[email protected]> --- tools/nfs-iostat/nfs-iostat.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/nfs-iostat/nfs-iostat.py b/tools/nfs-iostat/nfs-iostat.py index dfbef87..c035537 100644 --- a/tools/nfs-iostat/nfs-iostat.py +++ b/tools/nfs-iostat/nfs-iostat.py @@ -353,14 +353,14 @@ class DeviceData: exe_per_op = 0.0 op += ':' - print('%s' % op.lower().ljust(15)) + print('%s' % op.lower().ljust(15), end='') print(' ops/s\t\t kB/s\t\t kB/op\t\tretrans\t\tavg RTT (ms)\tavg exe (ms)') - print('\t\t%7.3f' % (ops / sample_time)) - print('\t%7.3f' % (kilobytes / sample_time)) - print('\t%7.3f' % kb_per_op) - print(' %7d (%3.1f%%)' % (retrans, retrans_percent)) - print('\t%7.3f' % rtt_per_op) + print('\t\t%7.3f' % (ops / sample_time), end='') + print('\t%7.3f' % (kilobytes / sample_time), end='') + print('\t%7.3f' % kb_per_op, end='') + print(' %7d (%3.1f%%)' % (retrans, retrans_percent), end='') + print('\t%7.3f' % rtt_per_op, end='') print('\t%7.3f' % exe_per_op) def ops(self, sample_time): @@ -392,7 +392,7 @@ class DeviceData: print() print(' op/s\t\trpc bklog') - print('%7.2f' % (sends / sample_time)) + print('%7.2f' % (sends / sample_time), end='') print('\t%7.2f' % backlog) if which == 0: -- 1.8.3.1.487.g3e7a5b4 ++++++ 0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch ++++++ >From 05e6d39a988e76d5803f79018a9e40d435f6d2f7 Mon Sep 17 00:00:00 2001 From: NeilBrown <[email protected]> Date: Tue, 2 Jul 2013 08:27:41 -0400 Subject: [PATCH] gssd: don't give up on machine credential if hostname not available. krb5_util tries various different credential names in order to find the machine credential, not all of them use the full host name of the current host. So if getting the full host name fails, don't give up completely, still try the other options. Signed-off-by: NeilBrown <[email protected]> Signed-off-by: Steve Dickson <[email protected]> --- utils/gssd/krb5_util.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index abebdcd..a6c7eb0 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -825,8 +825,10 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, myhostad[i+1] = 0; retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname)); - if (retval) - goto out; + if (retval) { + /* Don't use myhostname */ + myhostname[0] = 0; + } code = krb5_get_default_realm(context, &default_realm); if (code) { @@ -891,6 +893,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, myhostad, NULL); } else { + if (!myhostname[0]) + continue; snprintf(spn, sizeof(spn), "%s/%s@%s", svcnames[j], myhostname, realm); code = krb5_build_principal_ext(context, &princ, -- 1.8.3.1.487.g3e7a5b4 ++++++ 0006-gssd-fixed-typo-in-machine-cred-name.patch ++++++ >From da05b199a60e8a8fa91d4d3734cbbe84b23cff69 Mon Sep 17 00:00:00 2001 From: Doug Nazar <[email protected]> Date: Tue, 2 Jul 2013 08:45:31 -0400 Subject: [PATCH] gssd: fixed typo in machine cred name. Commit 1c787f14 [gssd: scan for DIR: ccaches, too] changed the default prefix for the credential cache files. Update the check to ignore the machine credential file when running with -n (root ignores machine credentials). Signed-off-by: Steve Dickson <[email protected]> --- utils/gssd/krb5_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index a6c7eb0..83b9651 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -231,7 +231,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, continue; } if (uid == 0 && !root_uses_machine_creds && - strstr(namelist[i]->d_name, "_machine_")) { + strstr(namelist[i]->d_name, "machine_")) { printerr(3, "CC '%s' not available to root\n", statname); free(namelist[i]); -- 1.8.3.1.487.g3e7a5b4 ++++++ nfs-utils-1.2.7.tar.bz2 -> nfs-utils-1.2.8.tar.bz2 ++++++ ++++ 23332 lines of diff (skipped) ++++++ nfs.init ++++++ --- /var/tmp/diff_new_pack.XAwHKw/_old 2013-07-30 18:40:47.000000000 +0200 +++ /var/tmp/diff_new_pack.XAwHKw/_new 2013-07-30 18:40:47.000000000 +0200 @@ -17,7 +17,7 @@ # Required-Stop: $network $portmap # Default-Start: 3 5 # Default-Stop: 0 1 2 6 -# Short-Description: NFS client services +# Short-Description: NFS client services # Description: All necessary services for NFS clients ### END INIT INFO @@ -94,6 +94,15 @@ if test -n "$flavors" ; then NEED_GSSD=yes fi +if test -n "$GSSD_OPTIONS"; then + NEED_GSSD=yes +fi + +case $NFS_GSSD_AVOID_DNS in + [Nn]*) ignore_dns=-D ;; + [Yy]*) ignore_dns= ;; + * ) ignore_dns=-D +esac if test "$NFS4_SUPPORT" = yes ; then NEED_IDMAPD=yes @@ -153,7 +162,7 @@ /sbin/modprobe rpcsec_gss_$flavor done mount_rpc_pipefs - startproc $GSSD_BIN + startproc $GSSD_BIN $ignore_dns $GSSD_OPTIONS return $? } @@ -196,7 +205,7 @@ modprobe nfs grep -E '^(sunrpc|fs.nfs)' /etc/sysctl.conf | sysctl -q -e -n -p - - # in case we need /usr and/or /opt via nfs + # in case we need /usr and/or /opt via nfs mount_usr # sm-notify @@ -231,10 +240,10 @@ # It's sometime usefull to mount NFS devices in # background with an ampersand (&) and a sleep time of # two or more seconds, e.g: - # + # # sleep 2 && mount -at nfs,nfs4 & - # sleep 2 - # + # sleep 2 + # if test -n "$mnt" ; then # If network devices are not yet discovered, mounts # might fail, so we might need to 'udevadm settle' to @@ -268,7 +277,7 @@ # kill process to maximise chance that umount succeeds mnt=`awk '$3 ~ /^nfs4*$/ {print $2}' /proc/mounts` runlevel=`runlevel | awk '{print $2}'` - if test "$runlevel" -eq 0 -o "$runlevel" -eq 6; then + if test "$runlevel" -eq 0 -o "$runlevel" -eq 6; then if test -n "$mnt" ; then /sbin/mkill -TERM $mnt fi @@ -293,7 +302,7 @@ killproc $IDMAPD_BIN fi rm -f $IDMAPD_CLIENT_STATE - fi + fi # stop rpc.statd if not needed by server if checkproc $STATD_BIN ; then @@ -334,7 +343,7 @@ echo "gssd not running" rc_failed 3 fi - # + # if test "$NEED_IDMAPD" = yes && ! checkproc $IDMAPD_BIN; then echo "idmapd not running" rc_failed 3 @@ -354,7 +363,7 @@ if checkproc ${GSSD_BIN##*/}; then echo -n " gssd" killproc ${GSSD_BIN##*/} - startproc $GSSD_BIN + startproc $GSSD_BIN $ignore_dns $GSSD_OPTIONS fi if checkproc ${IDMAPD_BIN##*/}; then echo -n " idmapd" ++++++ nfsserver.init ++++++ --- /var/tmp/diff_new_pack.XAwHKw/_old 2013-07-30 18:40:47.000000000 +0200 +++ /var/tmp/diff_new_pack.XAwHKw/_new 2013-07-30 18:40:47.000000000 +0200 @@ -44,7 +44,7 @@ # 5 - program is not installed # 6 - program is not configured # 7 - program is not running -# +# # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signalling is not supported) are @@ -108,7 +108,7 @@ echo "NFS: Is it no longer needed and may cease to work." echo "NFS: Please remove these settings." warned=yes - fi + fi >&2 test -d "$export" || mkdir -p "$export" mount -o bind "$dir" "$export" echo "$dir" "$export" @@ -118,7 +118,7 @@ nfs4_unbind_mounts() { sort -r -k2 $NFSD_BIND_MOUNTS | while read src mountpoint crap; do - umount -l "$mountpoint" + [ -n "$mountpoint" ] && umount -l "$mountpoint" done > $NFSD_BIND_MOUNTS } @@ -188,6 +188,9 @@ if [ "$NFS4_SUPPORT" != "yes" ]; then VERSION_PARAMS="--no-nfs-version 4" fi + if [ "$NFS4_SERVER_MINOR_VERSION" != "0" ]; then + VERSION_PARAMS="$VERSION_PARAMS -nfs-version 4 -nfs-version 4.$NFS4_SERVER_MINOR_VERSION" + fi if [ -n "$NFSV4LEASETIME" -a -f /proc/fs/nfsd/nfsv4leasetime ]; then echo "$NFSV4LEASETIME" > /proc/fs/nfsd/nfsv4leasetime fi @@ -211,7 +214,7 @@ echo $IDMAPD_BIN > $IDMAPD_SERVER_STATE fi # exportfs - /usr/sbin/exportfs -r + /usr/sbin/exportfs -r # rpc.mountd echo -n " mountd" if [ -n "$MOUNTD_PORT" ] ; then @@ -295,7 +298,7 @@ rc_status -v ;; try-restart) - ## Stop the service and if this succeeds (i.e. the + ## Stop the service and if this succeeds (i.e. the ## service was running before), start it again. $0 status >/dev/null && $0 restart @@ -339,7 +342,7 @@ echo -n " idmapd" checkproc $IDMAPD_BIN rc_status -v - fi + fi echo -n " mountd" checkproc /usr/sbin/rpc.mountd rc_status -v ++++++ sysconfig.nfs ++++++ --- /var/tmp/diff_new_pack.XAwHKw/_old 2013-07-30 18:40:47.000000000 +0200 +++ /var/tmp/diff_new_pack.XAwHKw/_new 2013-07-30 18:40:47.000000000 +0200 @@ -49,15 +49,28 @@ ## Default: yes ## ServiceRestart: nfs nfsserver # -# Enable NFSv4 support (yes/no) +# Enable NFSv4 support (server and/or client) (yes/no) # NFS4_SUPPORT="yes" ## Path: Network/File systems/NFS server +## Description: NFSv4 server minor version +## Type: integer +## Default: 0 +## ServiceRestart: nfsserver +# +# Select NFSv4 minor version for server to support (0, 1). +# If '1' is selected, NFSv4.0 will also be supported. +NFS4_SERVER_MINOR_VERSION="0" + +## Path: Network/File systems/NFS server ## Description: Network Status Monitor options ## Type: string ## Default: "" # +# If a fixed port should be used to send reboot notification +# messages to other systems, that port should be given +# here as "-p portnumber". # SM_NOTIFY_OPTIONS="" @@ -134,6 +147,16 @@ NFSD_OPTIONS="" ## Path: Network/File systems/NFS server +## Description: Extra options for gssd +## Type: string +## Default: "" +# +# Normally gssd does not require any options. In some circumstances, +# -n, -l or other options might be useful. See "man 8 rpc.gssd" for +# details. Those options can be set here. +GSSD_OPTIONS="" + +## Path: Network/File systems/NFS server ## Description: Extra options for mountd ## Type: string ## Default: "" @@ -142,3 +165,16 @@ # such as --manage-gids. MOUNTD_OPTIONS="" +## Path: Network/File systems/NFS server +## Description: Avoid DNS lookups for kerberos principal +## Type: yesno +## Default: no +## ServiceRestart: gssd +# +# Avoid DNS lookups when determining kerberos identity +# of NFS server (yes/no) +# "yes" is safest, but "no" might be needed to preserve +# correct behaviour at sites that don't use +# Fully Qualified Domain Names when mounting NFS Shares. +# +NFS_GSSD_AVOID_DNS="no" -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
