On Fri, Jan 30, 2009 at 03:34:19PM -0800, Tom Haynes wrote:
> http://bugs.opensolaris.org/view_bug.do?bug_id=6775211
>
> For more than you want to know about this bug, see
> http://blogs.sun.com/tdh/entry/be_careful_of_assumptions
>
> The basic issue is if a NFSv4 client has user credentials, but no
> machine credentials, then it will not be able to access kerberized
> shares via mirrormounts.
>
> The reason is that we used the zcred to force the mounts to work for
> users. The correct solution is to add privileges to the user
> credential.
>
> I'd like some code reviews, say by the middle of next week.
>
> http://cr.opensolaris.org/~tdh/krbonly/
782 + crset_zone_privall(mcred);
783 + if (crsetpriv(mcred, PRIV_FILE_DAC_WRITE, PRIV_FILE_DAC_READ,
784 + PRIV_FILE_DAC_SEARCH, PRIV_FILE_DAC_EXECUTE,
PRIV_SYS_MOUNT,
785 + PRIV_FILE_OWNER, NULL)) {
Why crsetpriv() when the crset_zone_privall() at 782 should be getting
you all those privs anyways?
(And if the zone doesn't have some of those, then maybe the user should
get what they deserver :)
Also, why not include the fix for the spurious EBUSYs that I saw
earlier?
Thanks,
Nico
--
