[NFS-Ganesha-Devel] Change in ...nfs-ganesha[next]: MainNFSD: disable UDP listeners to eventually allow running as nonroot

kaleb(a)redhat.com has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/441549 Change subject: MainNFSD: disable UDP listeners to eventually allow running as nonroot ...................................................................... MainNFSD: disable UDP listeners to eventually allow running as nonroot Add enable_UDP option to core params, default = true. When enable_UDP = false, don't create UDP listener sockets for various protocols -- i.e. NFS, NLM, RQUOTA -- and don't attempt to register them in the portmapper (rpcbind). Plus: + fix an uninitialized variable error in nfs_libmain() when compiling -DCMAKE_BUILD_TYPE=Debug + better (friendlier) logging in fsal_common_is_referral() + fix misleading/incorrect log msg in fsal_set_credentials By default this change is effectively a no-op when running as root. To run as non-root: + build with -DUSE_9P=OFF + Add "Enable_UDP = false;" to NFS_Core_Param block + add a non-root user, e.g. ganesha. See the nfs-ganesha.spec(.cmake.in) as an example. + run as non-root user, e.g. u/g ganesha:ganesha. E.g. `runuser -u ganesha -g ganesha -- /usr/bin/ganesha.nfsd -L /var/log/ganesha/ganesha.log -p /var/run/ganesha/ganesha.pid ...` Note #0: running as non-root doesn't work with at least FSAL_VFS and FSAL_GLUSTER, and probably the other FSALs as well. Attempts to mount an export fail. The smoking gun seems to be in fsal_common_is_referral(), which is passed 0 (zero) in the attrs->valid_mask and attrs->supported, (these values are non-zero when running as root) and the call to obj_hdl->obj_ops->getattrs() returns an error. Note #1: we should fix the nfs-ganesha.spec.in.cmake to enable/disable 9P. Note #2: can't register with DBUS when running as non-root. Signed-off-by: Kaleb S. KEITHLEY <kkeithle(a)redhat.com&gt; Change-Id: I80468fb179e08cd3b6c28463dcea1a31d05bba68 --- M src/FSAL/access_check.c M src/FSAL/commonlib.c M src/MainNFSD/nfs_init.c M src/MainNFSD/nfs_lib.c M src/MainNFSD/nfs_rpc_dispatcher_thread.c M src/config_samples/config.txt M src/include/gsh_config.h M src/support/nfs_read_conf.c 8 files changed, 205 insertions(+), 160 deletions(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/49/441549/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/441549 To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: I80468fb179e08cd3b6c28463dcea1a31d05bba68 Gerrit-Change-Number: 441549 Gerrit-PatchSet: 1 Gerrit-Owner: kaleb(a)redhat.com Gerrit-MessageType: newchange