Your message dated Thu, 28 Nov 2013 23:46:26 +0400
with message-id <[email protected]>
and subject line Re: Bug#636607: Fixed
has caused the Debian Bug report #636607,
regarding qemu-kvm iteracts badly with samba when using smb qemu shares
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
636607: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636607
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: qemu-kvm
Version: 0.14.1+dfsg-3
Severity: normal
When using user-mode (slirp) networking with samba share redirection,
it works in unexpected ways. Qemu tells smbd to bind to 127.0.0.1,
but this address may be already in use by system smbd, in which case
the share will either not work at all (reportedly kvm process crashing),
or system smbd will be used instead of locally-run one (I wasn't able
to reproduce the crash - qemu merely forwards 10.0.2.4 address to
127.0.0.1, it does not depend on smbd spawned by it).
Also, smb shares can't be used by non-root user, since smbd always
tries to access /var/lib/samba/secrets.tdb (and other files in there)
which is accessible only for root.
And even if it gets started finally, it does not work reliable - I
see numerous reconnects from the guest, timeouts, operations takes
ages to complete.
The fact that it binds smbd to 127.0.0.1 thus making all connections
visible for everyone on the same machine is also troubling, from the
security perspective, because there's no authentification whatsoever,
and anyone on the same host can connect to this smbd running on
127.0.0.1 and access files as owner of qemu process.
I think it is a wontfix at the end, unfortunately, or at least parts
of this. Samba isn't tested to be runnable as user, "locally", there
are more and more options which refer to global configuration. It
does not provide a way to communicate using mechanisms other than
tcp - eg, a pipe or unix socket - to secure communications. But
the reliability of the connection is something to think about.
The same problem applies to many versions of qemu-kvm, -- 0.12
(in squeeze) and 0.15 (in experimental) are also affected.
/mjt
--- End Message ---
--- Begin Message ---
Version: 1.3.0+dfsg-1~exp1
29.04.2012 03:33, Nikolaus Rath wrote:
> Hello,
>
> With a recent qemu-kvm, kvm talks to smbd using stdin. Samba detects
> this and does not bind to any socket. I just submitted a patch for Samba
> that allows specification of the "private dir" (Bug #249873), so that
> non-root operation is in principle supported as well. So the issues in
> the original report are effectively solved.
>
> At the moment, there are three other issues that prevent qemu+smbd from
> working in Debian:
>
> - qemu-kvm writes a bogus "smb ports = 0" into the generated smbd
> configuration. This causes smbd to crash. I have submitted a patch in
> http://article.gmane.org/gmane.comp.emulators.qemu/148378.
>
> - qemu-kvm needs to specify a state directory as well. Patch at
> http://article.gmane.org/gmane.comp.emulators.qemu/148286/
This has been done at least in 1.1 version.
> - Samba 3.6.0 has a bug when running in "share" mode:
> https://bugzilla.samba.org/show_bug.cgi?id=8414
> As far as qemu-kvm is concerned, we can work around this problem with no
> side effects if we add a "force user" directive to the generated smb
> conf. I'll be happy to provide a patch for the Debian qemu-kvm package
> if that would be integrated (I don't think working around samba bugs
> would stand a good chance upstream).
And "force user" has been added before 1.2 version.
So I'm marking this as fixed in 1.3.0+dfsg-1~exp1 version.
Thank you for the information!
/mjt
--- End Message ---
