Hello community,

here is the log from the commit of package nfs-utils for openSUSE:Factory 
checked in at 2016-04-28 16:50:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nfs-utils (Old)
 and      /work/SRC/openSUSE:Factory/.nfs-utils.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "nfs-utils"

Changes:
--------
--- /work/SRC/openSUSE:Factory/nfs-utils/nfs-utils.changes      2016-04-11 
09:12:21.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.nfs-utils.new/nfs-utils.changes 2016-04-28 
16:50:52.000000000 +0200
@@ -1,0 +2,10 @@
+Thu Apr 21 23:40:59 UTC 2016 - ne...@suse.com
+
+- 0001-close-the-syslog-fd-in-daemon_init.patch
+  Without this, tracing doesn't work
+- 0001-mount.nfs-trust-the-exit-status-of-start_statd.patch
+  (bsc#945937)
+- 0001-mount-run-START_STATD-fully-as-root.patch
+  (bsc#969152)
+
+-------------------------------------------------------------------

New:
----
  0001-close-the-syslog-fd-in-daemon_init.patch
  0001-mount-run-START_STATD-fully-as-root.patch
  0001-mount.nfs-trust-the-exit-status-of-start_statd.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ nfs-utils.spec ++++++
--- /var/tmp/diff_new_pack.4s74qo/_old  2016-04-28 16:50:53.000000000 +0200
+++ /var/tmp/diff_new_pack.4s74qo/_new  2016-04-28 16:50:53.000000000 +0200
@@ -63,6 +63,10 @@
 Patch2:         nfs-utils-uninit-mem.patch
 Patch3:         0001-Fix-protocol-minor-version-fall-back.patch
 Patch4:         0001-mount.nfs-hide-EBUSY-errors.patch
+Patch5:         0001-close-the-syslog-fd-in-daemon_init.patch
+Patch6:         0001-mount.nfs-trust-the-exit-status-of-start_statd.patch
+Patch7:         0001-mount-run-START_STATD-fully-as-root.patch
+
 Suggests:       python-base
 
 %description
@@ -117,6 +121,10 @@
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+
 cp %{S:6} .
 
 %build

++++++ 0001-close-the-syslog-fd-in-daemon_init.patch ++++++
>From 273b46473594b8aa4e55f682577d1dd94d44ad50 Mon Sep 17 00:00:00 2001
From: Scott Mayhew <smay...@redhat.com>
Date: Mon, 2 Nov 2015 08:07:11 -0500
Subject: [PATCH] close the syslog fd in daemon_init()

Commit 7addf9d (cleanup daemonization code) added the following line to
mydaemon_init():

        dup2(pipefds[1], 3);

If we've already called vsyslog() before the fork(), then chances are fd
3 was being used for the syslog socket.  In that case the next vsyslog()
call will cause the data to appear on the read end of the pipe, causing
the parent to exit with a nonzero status.  If systemd is running, it
will see the parent's nonzero exit status and will terminate the child
as well.

So just call closelog() to close the fd.  The next call to vsyslog()
will open a new one if need be.

Signed-off-by: Scott Mayhew <smay...@redhat.com>
Signed-off-by: Steve Dickson <ste...@redhat.com>
---
 support/nfs/mydaemon.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/support/nfs/mydaemon.c b/support/nfs/mydaemon.c
index 3391eff39008..701cfd914179 100644
--- a/support/nfs/mydaemon.c
+++ b/support/nfs/mydaemon.c
@@ -122,6 +122,7 @@ daemon_init(bool fg)
        dup2(tempfd, 0);
        dup2(tempfd, 1);
        dup2(tempfd, 2);
+       closelog();
        dup2(pipefds[1], 3);
        pipefds[1] = 3;
        closeall(4);
-- 
2.8.1

++++++ 0001-mount-run-START_STATD-fully-as-root.patch ++++++
>From 8714f14c1966612d073d922d86a394c424eda724 Mon Sep 17 00:00:00 2001
From: NeilBrown <ne...@suse.com>
Date: Fri, 22 Apr 2016 09:13:31 +1000
Subject: [PATCH] mount: run START_STATD fully as root

If a "user" mount is the first NFSv3 mount, mount.nfs will be running
setuid to root (with non-root as the real-uid) when it executes START_STATD.

start-statd is a shell script and many shells refuse to run setuid,
dropping privileges immediately.  This results in start-statd running
as an unprivileged user and so statd fails to start.

To fix this, call "setuid(0)" to set real uid to zero.  Also call "setgid(0)"
for consistency.

The behaviour of a shell can often be affected by the environment,
such as the "shell functions" that bash includes from the environment.
To avoid the user being able to pass such environment to the shell,
explicitly pass an empty environment.  The start-statd script explicitly
sets the PATH which is all it really needs.

Signed-off-by: NeilBrown <ne...@suse.com>
---
 utils/mount/network.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/utils/mount/network.c b/utils/mount/network.c
index 7240ca7bcdc4..0d12613e86a4 100644
--- a/utils/mount/network.c
+++ b/utils/mount/network.c
@@ -795,6 +795,7 @@ int start_statd(void)
                if (S_ISREG(stb.st_mode) && (stb.st_mode & S_IXUSR)) {
                        int cnt = STATD_TIMEOUT * 10;
                        int status = 0;
+                       char * const envp[1] = { NULL };
                        const struct timespec ts = {
                                .tv_sec = 0,
                                .tv_nsec = 100000000,
@@ -802,7 +803,9 @@ int start_statd(void)
                        pid_t pid = fork();
                        switch (pid) {
                        case 0: /* child */
-                               execl(START_STATD, START_STATD, NULL);
+                               setgid(0);
+                               setuid(0);
+                               execle(START_STATD, START_STATD, NULL, envp);
                                exit(1);
                        case -1: /* error */
                                nfs_error(_("%s: fork failed: %s"),
-- 
2.8.1

++++++ 0001-mount.nfs-trust-the-exit-status-of-start_statd.patch ++++++
>From 37cd45cb913403b9f3b0c2aaa705e06cd70cc1d7 Mon Sep 17 00:00:00 2001
From: NeilBrown <ne...@suse.com>
Date: Sat, 16 Jan 2016 12:06:32 -0500
Subject: [PATCH] mount.nfs: trust the exit status of "start_statd".

If DNS service is particularly slow, nfs_probe_statd() can fail even
though rpc.statd is actually running.  This happens because rpc.statd
is single threaded and could be waiting longer for DNS than
nfs_probe_statd() will wait for it.

This causes problems when mount.nfs uses nfs_probe_statd() to see if
statd is running, as is needed for NFSv3.

Currently in these circumstances there are two possible outcomes.
1/ if systemd is in use, it will be told to start rpc-statd, which
   is already running so no change.
   mount.nfs will try pinging rpc.statd a few more times and could
   eventually give up and fail the mount.
   While slow DNS may well result in slow service, it shouldn't cause
   a mount attempt to fail.

2/ if systemd is not in use, a new rpc.statd will be started.  This
   can (and has) lead to a large number of rpc.statd processes running
   on the one machine.

This patch addresses the first scenario.  If START_STATD is run and
exits with a success status, mount.nfs assumes statd is running and
allows the mount to succeed.  A separate patch will address the other
scenario.

Signed-off-by: NeilBrown <ne...@suse.com>
Signed-off-by: Steve Dickson <ste...@redhat.com>
---
 utils/mount/network.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/utils/mount/network.c b/utils/mount/network.c
index 8a9bf1476d51..7240ca7bcdc4 100644
--- a/utils/mount/network.c
+++ b/utils/mount/network.c
@@ -794,6 +794,7 @@ int start_statd(void)
        if (stat(START_STATD, &stb) == 0) {
                if (S_ISREG(stb.st_mode) && (stb.st_mode & S_IXUSR)) {
                        int cnt = STATD_TIMEOUT * 10;
+                       int status = 0;
                        const struct timespec ts = {
                                .tv_sec = 0,
                                .tv_nsec = 100000000,
@@ -808,7 +809,10 @@ int start_statd(void)
                                                progname, strerror(errno));
                                break;
                        default: /* parent */
-                               waitpid(pid, NULL,0);
+                               if (waitpid(pid, &status,0) == pid &&
+                                   status == 0)
+                                       /* assume it worked */
+                                       return 1;
                                break;
                        }
                        while (1) {
-- 
2.8.1



Reply via email to