kaleb@redhat.com has uploaded this change for review.

View Change

MainNFSD: disable UDP listeners to eventually allow running as nonroot

Add enable_UDP option to core params, default = true.

When enable_UDP = false, don't create UDP listener sockets for
various protocols -- i.e. NFS, NLM, RQUOTA -- and don't attempt to
register them in the portmapper (rpcbind).

Plus:
 + fix an uninitialized variable error in nfs_libmain() when compiling
   -DCMAKE_BUILD_TYPE=Debug
 + better (friendlier) logging in fsal_common_is_referral()
 + fix misleading/incorrect log msg in fsal_set_credentials

By default this change is effectively a no-op when running as root.

To run as non-root:
 + build with -DUSE_9P=OFF
 + Add "Enable_UDP = false;" to NFS_Core_Param block
 + add a non-root user, e.g. ganesha. See the nfs-ganesha.spec(.cmake.in)
   as an example.
 + run as non-root user, e.g. u/g ganesha:ganesha. E.g.
   `runuser -u ganesha -g ganesha -- /usr/bin/ganesha.nfsd
      -L /var/log/ganesha/ganesha.log -p /var/run/ganesha/ganesha.pid ...`

Note #0: running as non-root doesn't work with at least FSAL_VFS and
FSAL_GLUSTER, and probably the other FSALs as well. Attempts to mount
an export fail. The smoking gun seems to be in fsal_common_is_referral(),
which is passed 0 (zero) in the attrs->valid_mask and attrs->supported,
(these values are non-zero when running as root) and the call to
obj_hdl->obj_ops->getattrs() returns an error.

Note #1: we should fix the nfs-ganesha.spec.in.cmake to enable/disable 9P.

Note #2: can't register with DBUS when running as non-root.

Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Change-Id: I80468fb179e08cd3b6c28463dcea1a31d05bba68
---
M src/FSAL/access_check.c
M src/FSAL/commonlib.c
M src/MainNFSD/nfs_init.c
M src/MainNFSD/nfs_lib.c
M src/MainNFSD/nfs_rpc_dispatcher_thread.c
M src/config_samples/config.txt
M src/include/gsh_config.h
M src/support/nfs_read_conf.c
8 files changed, 205 insertions(+), 160 deletions(-)

git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/49/441549/1

To view, visit change 441549. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: I80468fb179e08cd3b6c28463dcea1a31d05bba68
Gerrit-Change-Number: 441549
Gerrit-PatchSet: 1
Gerrit-Owner: kaleb@redhat.com
Gerrit-MessageType: newchange