Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

need privport patch for RHEL 7 #2

Open
garlick opened this issue Mar 31, 2015 · 2 comments
Open

need privport patch for RHEL 7 #2

garlick opened this issue Mar 31, 2015 · 2 comments

Comments

@garlick
Copy link
Member

garlick commented Mar 31, 2015

The 9p transport privport patch was commited for kernel 3.11

Then Dominique Martinent recently fixed a bug

Need to backport these changes to the RHEL 7 kernel, e.g. 3.10.0-123.20.1.el7 in order to get this minimal security protection for 9nbd.
@garlick
Copy link
Member Author

garlick commented Apr 2, 2015

This patch applied to test centos kernel 3.10.0-229.el7.centos.x86_6

@garlick
Copy link
Member Author

garlick commented Apr 2, 2015

A test: diod.conf like this:

listen = { "0.0.0.0:564" }
auth_required = 0
exports = {
    { path="ctl" },
    { path="/tftpboot/images", opts="ro,privport" },
}

This works:

mount.diod -oprivport --9nbd-attach 127.0.0.1:/tftpboot/images/image /dev/9nbd0
mount -o ro /dev/9nbd0 /mnt

While this fails:

mount.diod  --9nbd-attach 127.0.0.1:/tftpboot/images/image /dev/9nbd0

The failure is not reported very well as noted in issue #1. The diod server reports

diod: attach(0@localhost:/tftpboot/images/image): access denied for export: Operation not permitted

but the mount.diod command hangs and the console says

[  540.872260] 9nbd0/ses17: 9P session restart due to protocol failure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@garlick