Print this page
NEX-15279 support NFS server in zone
NEX-15520 online NFS shares cause zoneadm halt to hang in nfs_export_zone_fini
Portions contributed by: Dan Kruchinin dan.kruchinin@nexenta.com
Portions contributed by: Stepan Zastupov stepan.zastupov@gmail.com
Reviewed by: Joyce McIntosh <joyce.mcintosh@nexenta.com>
Reviewed by: Rob Gittins <rob.gittins@nexenta.com>
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
NEX-16156 Excessive time spent checking status of NFS services when sharing datasets during import
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
NEX-16156 Excessive time spent checking status of NFS services when sharing datasets during import
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
NEX-4179 segmentation fault when sharing with 'sec=none,root=*' options
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
NEX-2502 4.0.3 RC4 Unable to mount NFS shares
Revert "NEX-2394 mountd() door services are sub-optimal in large scale deployments".
This reverts commit c6e1673e3a4b8ba866c77dee7b8f03f858be07d6.
The fix for NEX-2394 worked fine when putting the mountd binary in 4.0.2,
but needs additional work in a 4.0.3 environment
NEX-2394 mountd() door services are sub-optimal in large scale deployments
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Rob Gittins <rob.gittins@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Ryuji Masuda <ryuji.masuda@nexenta.com>
Reviewed by: Kirill Davydychev <kirill.davydychev@nexenta.com>
NEX-1128 NFS server: Generic uid and gid remapping for AUTH_SYS
Reviewed by: Jan Kryl <jan.kryl@nexenta.com>
OS-141 mountd(1m) needs to be able to set listen backlog
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
4295 libshare sa_get_proto_status sometimes returns unallocated strings
Reviewed by: Marcel Telka <marcel@telka.sk>
Approved by: Garrett D'Amore <garrett@damore.org>
OS-20 share_nfs(1m) charset handling is unreliable
OS-22 Page fault at nfscmd_dropped_entrysize+0x1e()
OS-23 NFSv2/3/4: READDIR responses are inconsistent when charset conversion fails
OS-24 rfs3_readdir(): Issues related to nfscmd_convdirent()
Reviewed by: Jan Kryl <jan.kryl@nexenta.com>
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
re #3541 rb11254 - nfs nohide - "nfssrv: need ability to go to submounts for v3 and v2 protocols"
@@ -19,23 +19,26 @@
* CDDL HEADER END
*/
/*
* Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2016 Nexenta Systems, Inc.
+ */
+
+/*
* Copyright (c) 2014, 2016 by Delphix. All rights reserved.
+ * Copyright 2018 Nexenta Systems, Inc.
*/
/*
* NFS specific functions
*/
+
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <stdlib.h>
#include <unistd.h>
-#include <zone.h>
#include <errno.h>
#include <locale.h>
#include <signal.h>
#include <strings.h>
#include "libshare.h"
@@ -121,12 +124,11 @@
*/
static char *service_list_default[] =
{ STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, REPARSED, NULL };
static char *service_list_logging[] =
- { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NFSLOGD, REPARSED,
- NULL };
+ { NFSLOGD, NULL };
/*
* option definitions. Make sure to keep the #define for the option
* index just before the entry it is the index for. Changing the order
* can cause breakage. E.g OPT_RW is index 1 and must precede the
@@ -172,12 +174,14 @@
{SHOPT_NOACLFAB, OPT_NOACLFAB, OPT_TYPE_BOOLEAN},
#define OPT_UIDMAP 18
{SHOPT_UIDMAP, OPT_UIDMAP, OPT_TYPE_MAPPING},
#define OPT_GIDMAP 19
{SHOPT_GIDMAP, OPT_GIDMAP, OPT_TYPE_MAPPING},
+#define OPT_NOHIDE 20
+ {SHOPT_NOHIDE, OPT_NOHIDE, OPT_TYPE_BOOLEAN},
#ifdef VOLATILE_FH_TEST /* XXX added for testing volatile fh's only */
-#define OPT_VOLFH 20
+#define OPT_VOLFH 21
{SHOPT_VOLFH, OPT_VOLFH},
#endif /* VOLATILE_FH_TEST */
NULL
};
@@ -184,11 +188,11 @@
/*
* Codesets that may need to be converted to UTF-8 for file paths.
* Add new names here to add new property support. If we ever get a
* way to query the kernel for character sets, this should become
* dynamically loaded. Make sure changes here are reflected in
- * cmd/fs.d/nfs/mountd/nfscmd.c
+ * cmd/fs.d/nfs/mountd/nfs_cmd.c
*/
static char *legal_conv[] = {
"euc-cn",
"euc-jp",
@@ -1025,10 +1029,18 @@
strcmp(value, "1") == 0))
export->ex_flags |= EX_NOACLFAB;
else
export->ex_flags &= ~EX_NOACLFAB;
break;
+ case OPT_NOHIDE:
+ if (value != NULL && (strcasecmp(value, "true") == 0 ||
+ strcmp(value, "1") == 0))
+ export->ex_flags |= EX_NOHIDE;
+ else
+ export->ex_flags &= ~EX_NOHIDE;
+
+ break;
default:
/* have a syntactic error */
(void) printf(dgettext(TEXT_DOMAIN,
"NFS: unrecognized option %s=%s\n"),
name != NULL ? name : "",
@@ -1779,10 +1791,12 @@
int err = SA_OK;
int i;
int iszfs;
sa_handle_t handle;
+ static int check_services = B_TRUE;
+
/* Don't drop core if the NFS module isn't loaded. */
(void) signal(SIGSYS, SIG_IGN);
/* get the path since it is important in several places */
path = sa_get_share_attr(share, "path");
@@ -1893,92 +1907,39 @@
sa_free_derived_security(sec);
if (sectype != NULL)
sa_free_attr_string(sectype);
}
}
- /*
- * when we get here, we can do the exportfs system call and
- * initiate things. We probably want to enable the
- * svc:/network/nfs/server service first if it isn't running.
- */
- /* check svc:/network/nfs/server status and start if needed */
+
/* now add the share to the internal tables */
printarg(path, &export);
/*
* call the exportfs system call which is implemented
* via the nfssys() call as the EXPORTFS subfunction.
*/
if (iszfs) {
struct exportfs_args ea;
share_t sh;
- char *str;
- priv_set_t *priv_effective;
- int privileged;
- /*
- * If we aren't a privileged user
- * and NFS server service isn't running
- * then print out an error message
- * and return EPERM
- */
-
- priv_effective = priv_allocset();
- (void) getppriv(PRIV_EFFECTIVE, priv_effective);
-
- privileged = (priv_isfullset(priv_effective) == B_TRUE);
- priv_freeset(priv_effective);
-
- if (!privileged &&
- (str = smf_get_state(NFS_SERVER_SVC)) != NULL) {
- err = 0;
- if (strcmp(str, SCF_STATE_STRING_ONLINE) != 0) {
- (void) printf(dgettext(TEXT_DOMAIN,
- "NFS: Cannot share remote "
- "filesystem: %s\n"), path);
- (void) printf(dgettext(TEXT_DOMAIN,
- "NFS: Service needs to be enabled "
- "by a privileged user\n"));
- err = SA_SYSTEM_ERR;
- errno = EPERM;
- }
- free(str);
- }
-
- if (err == 0) {
ea.dname = path;
ea.uex = &export;
(void) sa_sharetab_fill_zfs(share, &sh, "nfs");
- err = sa_share_zfs(share, NULL, path, &sh,
- &ea, ZFS_SHARE_NFS);
+ err = sa_share_zfs(share, NULL, path, &sh, &ea, ZFS_SHARE_NFS);
if (err != SA_OK) {
errno = err;
err = -1;
}
sa_emptyshare(&sh);
- }
} else {
err = exportfs(path, &export);
}
if (err < 0) {
err = SA_SYSTEM_ERR;
switch (errno) {
- case EREMOTE:
- (void) printf(dgettext(TEXT_DOMAIN,
- "NFS: Cannot share filesystems "
- "in non-global zones: %s\n"), path);
- err = SA_NOT_SUPPORTED;
- break;
case EPERM:
- if (getzoneid() != GLOBAL_ZONEID) {
- (void) printf(dgettext(TEXT_DOMAIN,
- "NFS: Cannot share file systems "
- "in non-global zones: %s\n"), path);
- err = SA_NOT_SUPPORTED;
- break;
- }
err = SA_NO_PERMISSION;
break;
case EEXIST:
err = SA_SHARE_EXISTS;
break;
@@ -1992,22 +1953,23 @@
}
}
if (err == SA_OK) {
/*
- * enable services as needed. This should probably be
- * done elsewhere in order to minimize the calls to
- * check services.
+ * Enable services, if required.
+ * This is only done the first time the function is called,
+ * per instatiation of the library.
*/
+ if (check_services) {
+ _check_services(service_list_default);
+ check_services = B_FALSE;
+ }
+
/*
- * check to see if logging and other services need to
- * be triggered, but only if there wasn't an
- * error. This is probably where sharetab should be
- * updated with the NFS specific entry.
+ * Enable logging.
*/
if (export.ex_flags & EX_LOG) {
- /* enable logging */
if (nfslogtab_add(path, export.ex_log_buffer,
export.ex_tag) != 0) {
(void) fprintf(stderr, dgettext(TEXT_DOMAIN,
"Could not enable logging for %s\n"),
path);
@@ -2017,11 +1979,10 @@
/*
* don't have logging so remove it from file. It might
* not be thre, but that doesn't matter.
*/
(void) nfslogtab_deactivate(path);
- _check_services(service_list_default);
}
}
out:
if (path != NULL)
@@ -2086,13 +2047,10 @@
*/
switch (errno) {
case EPERM:
case EACCES:
ret = SA_NO_PERMISSION;
- if (getzoneid() != GLOBAL_ZONEID) {
- ret = SA_NOT_SUPPORTED;
- }
break;
case EINVAL:
case ENOENT:
ret = SA_NO_SUCH_PATH;
break;