[Bug 1788459] Re: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd
Just tested the proposed gssproxy fix, and can confirm that it solved the issue Tested on Ubuntu Focal (20.04) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1788459 Title: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gssproxy/+bug/1788459/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1788459] Re: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd
I can confirm that manual build and install of gssproxy 0.8.4 works on my ubuntu 20.04 server. (that version has the patch mentioned above) gssproxy solves my original issue of rpc-svcgssd hanging on large kerberos tickets https://bugs.launchpad.net/ubuntu/+source/nfs- utils/+bug/1466654 Hopefully this patch find its way fast through the official ubuntu release channel -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1788459 Title: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gssproxy/+bug/1788459/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466654] Re: kernel soft lockup on nfs server when using a kerberos mount
The workaround as suggested it to use gssproxy Unfortunately that also has a bug https://bugs.launchpad.net/ubuntu/+source/gssproxy/+bug/1788459 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466654 Title: kernel soft lockup on nfs server when using a kerberos mount To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1466654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1466654] Re: kernel soft lockup on nfs server when using a kerberos mount
Manually compiling and installing the latest version of gssproxy did solve the issue for me -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1466654 Title: kernel soft lockup on nfs server when using a kerberos mount To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1466654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1788459] Re: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd
gssproxy/focal,now 0.8.2-2 amd64 [installed] libselinux1/focal,now 3.0-1build2 amd64 [installed,automatic] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1788459 Title: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gssproxy/+bug/1788459/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1788459] Re: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd
I couldn't get it to generate a coredump. But I ran it with valgrind Hope this helps valgrind -v /usr/sbin/gssproxy --interactive --debug --debug-level=3 --socket=/run/gssproxy.sock ==29249== Memcheck, a memory error detector ==29249== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==29249== Using Valgrind-3.15.0-608cb11914-20190413 and LibVEX; rerun with -h for copyright info ==29249== Command: /usr/sbin/gssproxy --interactive --debug --debug-level=3 --socket=/run/gssproxy.sock ==29249== --29249-- Valgrind options: --29249---v --29249-- Contents of /proc/version: --29249-- Linux version 5.4.0-74-generic (buildd@lgw01-amd64-038) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021 --29249-- --29249-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-lzcnt-rdtscp-sse3-ssse3-avx-avx2-rdrand --29249-- Page sizes: currently 4096, max supported 4096 --29249-- Valgrind library directory: /usr/lib/x86_64-linux-gnu/valgrind --29249-- Reading syms from /usr/sbin/gssproxy --29249--object doesn't have a symbol table --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/ld-2.31.so --29249-- Considering /usr/lib/x86_64-linux-gnu/ld-2.31.so .. --29249-- .. CRC mismatch (computed 975d0390 wanted 30bd717f) --29249-- Considering /lib/x86_64-linux-gnu/ld-2.31.so .. --29249-- .. CRC mismatch (computed 975d0390 wanted 30bd717f) --29249-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/ld-2.31.so .. --29249-- .. CRC is valid --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/valgrind/memcheck-amd64-linux --29249--object doesn't have a symbol table --29249--object doesn't have a dynamic symbol table --29249-- Scheduler: using generic scheduler lock implementation. --29249-- Reading suppressions file: /usr/lib/x86_64-linux-gnu/valgrind/default.supp ==29249== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-29249-by-root-on-??? ==29249== embedded gdbserver: writing to /tmp/vgdb-pipe-to-vgdb-from-29249-by-root-on-??? ==29249== embedded gdbserver: shared mem /tmp/vgdb-pipe-shared-mem-vgdb-29249-by-root-on-??? ==29249== ==29249== TO CONTROL THIS PROCESS USING vgdb (which you probably ==29249== don't want to do, unless you know exactly what you're doing, ==29249== or are doing some strange experiment): ==29249== /usr/lib/x86_64-linux-gnu/valgrind/../../bin/vgdb --pid=29249 ...command... ==29249== ==29249== TO DEBUG THIS PROCESS USING GDB: start GDB like this ==29249== /path/to/gdb /usr/sbin/gssproxy ==29249== and then give GDB the following command ==29249== target remote | /usr/lib/x86_64-linux-gnu/valgrind/../../bin/vgdb --pid=29249 ==29249== --pid is optional if only one valgrind process is running ==29249== --29249-- REDIR: 0x4022e10 (ld-linux-x86-64.so.2:strlen) redirected to 0x580c9ce2 (???) --29249-- REDIR: 0x4022be0 (ld-linux-x86-64.so.2:index) redirected to 0x580c9cfc (???) --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_core-amd64-linux.so --29249--object doesn't have a symbol table --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so --29249--object doesn't have a symbol table ==29249== WARNING: new redirection conflicts with existing -- ignoring it --29249-- old: 0x04022e10 (strlen ) R-> (.0) 0x580c9ce2 ??? --29249-- new: 0x04022e10 (strlen ) R-> (2007.0) 0x0483f060 strlen --29249-- REDIR: 0x401f5f0 (ld-linux-x86-64.so.2:strcmp) redirected to 0x483ffd0 (strcmp) --29249-- REDIR: 0x4023370 (ld-linux-x86-64.so.2:mempcpy) redirected to 0x4843a20 (mempcpy) --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/libpopt.so.0.0.0 --29249--object doesn't have a symbol table --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3 --29249--object doesn't have a symbol table --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 --29249--object doesn't have a symbol table --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/libverto.so.1.0.0 --29249--object doesn't have a symbol table --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/libini_config.so.5.2.1 --29249--object doesn't have a symbol table --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/libref_array.so.1.2.1 --29249--object doesn't have a symbol table --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/libselinux.so.1 --29249--object doesn't have a symbol table --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/libgssrpc.so.4.2 --29249--object doesn't have a symbol table --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2 --29249--object doesn't have a symbol table --29249-- Reading syms from /usr/lib/x86_64-linux-gnu/libpthread-2.31.so --29249-- Considering /usr/lib/debug/.build-id/e5/4761f7b554d0fcc1562959665d93dffbebdaf0.debug .. --29249-- .. build-id is valid --29249-- Reading syms from
[Bug 1788459] Re: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd
** Attachment added: "/var/crash/_usr_sbin_gssproxy.0.crash" https://bugs.launchpad.net/ubuntu/+source/gssproxy/+bug/1788459/+attachment/5507903/+files/_usr_sbin_gssproxy.0.crash -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1788459 Title: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gssproxy/+bug/1788459/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1788459] Re: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd
The reason we want gssproxy, and not the default rpc-gssd and rpc- svcgssd services is that we are using active directory, and most of our accounts are members of many groups, causing gssd to fail. This is a known issue and is one of the things that gssproxy solves. >>The reason we did this was to allow the kernel NFS server to handle big tickets like those containing a MS-PAC payload that may be received by a Microsoft client. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1788459 Title: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gssproxy/+bug/1788459/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1788459] Re: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd
Trying to get gssproxy working with NFS (rpc-gssd and rpc-svcgssd) on Ubuntu 20.04 Following https://github.com/gssapi/gssproxy/blob/main/docs/NFS.md /etc/gssproxy/gssproxy.conf [gssproxy] debug = true debug_level = 3 /etc/gssproxy/25-nfs-server.conf [service/nfs-server] mechs = krb5 socket = /run/gssproxy.sock cred_store = keytab:/etc/krb5.keytab trusted = yes kernel_nfsd = yes euid = 0 When I start the gssproxy service, either through systemd or manually with: /usr/sbin/gssproxy --interactive --debug --debug-level=3 --socket=/run/gssproxy.sock I get this result: [2021/06/28 14:49:19]: Debug Enabled (level: 3) [2021/06/28 14:49:19]: Service: nfs-client, Keytab: /etc/krb5.keytab, Enctype: 23 [2021/06/28 14:49:19]: Service: nfs-server, Keytab: /etc/krb5.keytab, Enctype: 23 [2021/06/28 14:49:19]: Client [2021/06/28 14:49:19]: (/usr/sbin/gssproxy) [2021/06/28 14:49:19]: connected (fd = 13)[2021/06/28 14:49:19]: (pid = 7821) (uid = 0) (gid = 0)Segmentation fault (core dumped) It is the kernel_nfsd = yes config part that causes the segfault What it does (from the docs linked above) ... The gssproxy client registers to the kernel by performing 2 actions in the following order: * creates a unix socket for kernel communication in /var/run/gssproxy.sock (this path is hardcoded in the kernel and cannot be changed at this time) * writes 1 byte in the proc file /proc/net/rpc/use-gss-proxy (the client must be ready to accept a connection from the kernel when this is done, as the kernel we check that the socket is available) ... It enables the kernel extensions to the protocol (the context is exported as a lucid context for example, and a list of resolved credentials is returned if authentication succeeds) The proc files seems ok (it was -1 before) cat /proc/net/rpc/use-gss-proxy 1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1788459 Title: gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gssproxy/+bug/1788459/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs