Package: nfs-common Version: 1:1.3.4-6 Severity: important Tags: upstream X-Debbugs-Cc: deb...@aram.nubmail.ca
Dear Maintainer, The nfs-idmapd.service included in nfs-utils does not wait for the network to start. If DNS resolution is not yet available, and no domain is explicitly set up in the config file, then due to the behavior of libnfsidmap, the NFSv4 domain reverts to the default "localdomain", which breaks id mapping, and thus any export that needs it. nfs-server.service already has Wants= and After=network-online.target, but nfs-idmapd.service starts after it, potentially before the network is up. Given that nfs-idmapd needs the network, DNS specifically, the same should probably be added to its systemd service. It's worth noting that in my case, adding this did not completely resolve the race condition (i.e., DNS still came up after), but it did reduce the amount of delay I needed to add to nfs-idmapd.service startup to have id mapping start correctly. This issue exists in the upstream nfs-utils source. Part of the problem needs to be addressed in libnfsidmap: if the DNS lookup of the hostname fails, it fallsback to "localdomain", but it could instead use the domain part of the hostname, if it exists. I will create a separate bug report for that. I sent an email about this to the nfs mailing list with more info about the race overall as well as the context, but got no responses (see https://marc.info/?l=linux-nfs&m=167834665013860&w=2). I'm hoping someone on the Debian team can point me in the right direction in terms of whether this fix is appropriate and how to submit a patch upstream. Thanks, Aram -- Package-specific info: -- rpcinfo -- -- System Information: Debian Release: 11.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-16-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages nfs-common depends on: ii adduser 3.118 ii keyutils 1.6.1-2 ii libc6 2.31-13+deb11u3 ii libcap2 1:2.44-1 ii libcom-err2 1.46.2-2 ii libdevmapper1.02.1 2:1.02.175-2.1 ii libevent-2.1-7 2.1.12-stable-1 ii libgssapi-krb5-2 1.18.3-6+deb11u1 ii libkeyutils1 1.6.1-2 ii libkrb5-3 1.18.3-6+deb11u1 ii libmount1 2.36.1-8+deb11u1 ii libnfsidmap2 0.25-6 ii libtirpc3 1.3.1-1+deb11u1 ii libwrap0 7.6.q-31 ii lsb-base 11.1.0 ii rpcbind 1.2.5-9 ii ucf 3.0043 Versions of packages nfs-common recommends: ii python3 3.9.2-3 Versions of packages nfs-common suggests: pn open-iscsi <none> pn watchdog <none> Versions of packages nfs-kernel-server depends on: ii keyutils 1.6.1-2 ii libblkid1 2.36.1-8+deb11u1 ii libc6 2.31-13+deb11u3 ii libcap2 1:2.44-1 ii libsqlite3-0 3.34.1-3 ii libtirpc3 1.3.1-1+deb11u1 ii libwrap0 7.6.q-31 ii lsb-base 11.1.0 ii netbase 6.3 ii ucf 3.0043 -- Configuration Files: /etc/default/nfs-common changed [not included] -- no debconf information
