Bug#1041147: nfs-kernel-server: fsidd creates /fsid.sock
On 2023-07-15 08:23 +0200, Sven Joachim wrote:
> Package: nfs-kernel-server
> Version: 1:2.6.3-1
>
> On my system I found a top level socket /fsid.sock which is created by
> /lib/systemd/system/fsidd.service. This is obviously not the right
> place for the socket, it should be put under /run.
>
> In the upstream git repository I have found a patch[1] which I will try
> and report back, if nobody beats me to it.
>
> 1. http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=e00ab3c0616fe6d83ab0710d9e7d989c299088f7
Adding that patch to the series file worked well for me, I am attaching
it for your convenience. However, the now unused socket /fsid.sock
remained on the system, so it should be cleaned up by the postinst
script.
From e00ab3c0616fe6d83ab0710d9e7d989c299088f7 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Thu, 11 May 2023 14:26:47 -0400
Subject: [PATCH] fsidd: provide better default socket name.
Having the default socket name be in the current directory is a poor
choice for a daemon that is expected to run as root.
It is also likely better to use an "abstract" socket name. abstract
names do not exist in the filesystem namespace and are local to a
network namespace. Using an abstract name ensures that the nfsd,
mountd, and fsidd are all in the same network namespace.
This patch:
- uses a single #define for the default socket name, rather than 2;
- allows the socket name to start with '@' which is interpreted to
be a request to use the abstract name space (systemd uses the same
convention).
- changes the default to "@/run/fsid.sock". I don't know of a formal
standard for choosing names in the abstract name space, the defacto
standard (seen in "ss -xa|grep @") is to use a name similar to what
might be used in the filesystem.
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
support/reexport/fsidd.c | 10 ++++++----
support/reexport/reexport.c | 3 +++
support/reexport/reexport.h | 2 +-
3 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/support/reexport/fsidd.c b/support/reexport/fsidd.c
index 3fef1ef3..37649d06 100644
--- a/support/reexport/fsidd.c
+++ b/support/reexport/fsidd.c
@@ -18,11 +18,10 @@
#include "conffile.h"
#include "reexport_backend.h"
+#include "reexport.h"
#include "xcommon.h"
#include "xlog.h"
-#define FSID_SOCKET_NAME "fsid.sock"
-
static struct event_base *evbase;
static struct reexpdb_backend_plugin *dbbackend = &sqlite_plug_ops;
@@ -167,11 +166,14 @@ int main(void)
sock_file = conf_get_str_with_def("reexport", "fsidd_socket", FSID_SOCKET_NAME);
- unlink(sock_file);
-
memset(&addr, 0, sizeof(struct sockaddr_un));
addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, sock_file, sizeof(addr.sun_path) - 1);
+ if (addr.sun_path[0] == '@')
+ /* "abstract" socket namespace */
+ addr.sun_path[0] = 0;
+ else
+ unlink(sock_file);
srv = socket(AF_UNIX, SOCK_SEQPACKET | SOCK_NONBLOCK, 0);
if (srv == -1) {
diff --git a/support/reexport/reexport.c b/support/reexport/reexport.c
index eddc9bf4..d597a2f7 100644
--- a/support/reexport/reexport.c
+++ b/support/reexport/reexport.c
@@ -38,6 +38,9 @@ static bool connect_fsid_service(void)
memset(&addr, 0, sizeof(struct sockaddr_un));
addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, sock_file, sizeof(addr.sun_path) - 1);
+ if (addr.sun_path[0] == '@')
+ /* "abstract" socket namespace */
+ addr.sun_path[0] = 0;
s = socket(AF_UNIX, SOCK_SEQPACKET, 0);
if (s == -1) {
diff --git a/support/reexport/reexport.h b/support/reexport/reexport.h
index 3bed03a9..856c3085 100644
--- a/support/reexport/reexport.h
+++ b/support/reexport/reexport.h
@@ -13,6 +13,6 @@ int reexpdb_fsidnum_by_path(char *path, uint32_t *fsidnum, int may_create);
int reexpdb_apply_reexport_settings(struct exportent *ep, char *flname, int flline);
void reexpdb_uncover_subvolume(uint32_t fsidnum);
-#define FSID_SOCKET_NAME "fsid.sock"
+#define FSID_SOCKET_NAME "@/run/fsid.sock"
#endif /* REEXPORT_H */
--
2.40.1
Reply to: