You can subscribe to this list here.
2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(3) |
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2009 |
Jan
|
Feb
|
Mar
(15) |
Apr
(7) |
May
(14) |
Jun
(21) |
Jul
|
Aug
|
Sep
|
Oct
(13) |
Nov
(10) |
Dec
|
2010 |
Jan
|
Feb
(13) |
Mar
(39) |
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
(6) |
Dec
(56) |
2011 |
Jan
(4) |
Feb
(15) |
Mar
(24) |
Apr
(1) |
May
(1) |
Jun
(45) |
Jul
(22) |
Aug
(1) |
Sep
(1) |
Oct
(1) |
Nov
(3) |
Dec
(1) |
2012 |
Jan
|
Feb
(23) |
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
(9) |
Aug
(4) |
Sep
|
Oct
|
Nov
(77) |
Dec
|
2013 |
Jan
(1) |
Feb
(6) |
Mar
(10) |
Apr
(10) |
May
(14) |
Jun
(1) |
Jul
(8) |
Aug
(3) |
Sep
(9) |
Oct
(4) |
Nov
(43) |
Dec
(26) |
2014 |
Jan
(8) |
Feb
(2) |
Mar
(13) |
Apr
(3) |
May
(11) |
Jun
(2) |
Jul
(16) |
Aug
(12) |
Sep
(1) |
Oct
(1) |
Nov
(9) |
Dec
(66) |
2015 |
Jan
(6) |
Feb
(16) |
Mar
(11) |
Apr
(58) |
May
(84) |
Jun
(96) |
Jul
(62) |
Aug
(48) |
Sep
(76) |
Oct
(35) |
Nov
(19) |
Dec
|
2016 |
Jan
(10) |
Feb
(12) |
Mar
(16) |
Apr
(16) |
May
(17) |
Jun
(16) |
Jul
|
Aug
(14) |
Sep
(2) |
Oct
(1) |
Nov
(34) |
Dec
(2) |
2017 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(3) |
Jun
(3) |
Jul
(9) |
Aug
(2) |
Sep
|
Oct
|
Nov
(10) |
Dec
(2) |
2018 |
Jan
(23) |
Feb
(16) |
Mar
(17) |
Apr
(26) |
May
(16) |
Jun
(43) |
Jul
(32) |
Aug
(13) |
Sep
(17) |
Oct
(10) |
Nov
(3) |
Dec
(7) |
2019 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(1) |
Jun
(9) |
Jul
(2) |
Aug
|
Sep
(12) |
Oct
(21) |
Nov
(8) |
Dec
(12) |
2020 |
Jan
(24) |
Feb
(8) |
Mar
(1) |
Apr
(18) |
May
(14) |
Jun
(24) |
Jul
(9) |
Aug
|
Sep
|
Oct
(5) |
Nov
(3) |
Dec
(3) |
2021 |
Jan
|
Feb
(5) |
Mar
(4) |
Apr
|
May
(6) |
Jun
(5) |
Jul
(1) |
Aug
(15) |
Sep
(1) |
Oct
|
Nov
|
Dec
(4) |
2022 |
Jan
(5) |
Feb
(7) |
Mar
(2) |
Apr
(2) |
May
(1) |
Jun
(1) |
Jul
(15) |
Aug
(4) |
Sep
|
Oct
(3) |
Nov
|
Dec
|
2023 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(6) |
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
(4) |
Nov
(2) |
Dec
|
2024 |
Jan
(2) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(19) |
Sep
(2) |
Oct
|
Nov
|
Dec
|
From: Steve D. <st...@re...> - 2024-09-09 10:28:48
|
On 9/1/24 8:06 AM, Petr Vorel wrote: > 2f9ce0c updated rpcb_prot.h, but rpcb_prot.x must be updated as well. > > Fixes: 2f9ce0c ("Move rpcbind.sock to /run") > Signed-off-by: Petr Vorel<pv...@su...> Committed... (tag: libtirpc-1-3-6-rc2) steved. > --- > Actually, tirpc/rpc/rpcb_prot.h should be generated by rpcgen, but I > just updated the header. > > tirpc/rpc/rpcb_prot.x | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tirpc/rpc/rpcb_prot.x b/tirpc/rpc/rpcb_prot.x > index 472c11f..e0e6031 100644 > --- a/tirpc/rpc/rpcb_prot.x > +++ b/tirpc/rpc/rpcb_prot.x > @@ -410,8 +410,8 @@ program RPCBPROG { > %#define RPCBVERS_3 RPCBVERS > %#define RPCBVERS_4 RPCBVERS4 > % > -%#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock" > -%#define _PATH_RPCBINDSOCK_ABSTRACT "\0/run/rpcbind.sock" > +%#define _PATH_RPCBINDSOCK "/run/rpcbind.sock" > +%#define _PATH_RPCBINDSOCK_ABSTRACT "\0" _PATH_RPCBINDSOCK > % > %#else /* ndef _KERNEL */ > %#ifdef __cplusplus > -- 2.45.2 > |
From: Petr V. <pv...@su...> - 2024-09-01 12:06:34
|
2f9ce0c updated rpcb_prot.h, but rpcb_prot.x must be updated as well. Fixes: 2f9ce0c ("Move rpcbind.sock to /run") Signed-off-by: Petr Vorel <pv...@su...> --- Actually, tirpc/rpc/rpcb_prot.h should be generated by rpcgen, but I just updated the header. tirpc/rpc/rpcb_prot.x | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tirpc/rpc/rpcb_prot.x b/tirpc/rpc/rpcb_prot.x index 472c11f..e0e6031 100644 --- a/tirpc/rpc/rpcb_prot.x +++ b/tirpc/rpc/rpcb_prot.x @@ -410,8 +410,8 @@ program RPCBPROG { %#define RPCBVERS_3 RPCBVERS %#define RPCBVERS_4 RPCBVERS4 % -%#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock" -%#define _PATH_RPCBINDSOCK_ABSTRACT "\0/run/rpcbind.sock" +%#define _PATH_RPCBINDSOCK "/run/rpcbind.sock" +%#define _PATH_RPCBINDSOCK_ABSTRACT "\0" _PATH_RPCBINDSOCK % %#else /* ndef _KERNEL */ %#ifdef __cplusplus -- 2.45.2 |
From: Steve D. <st...@re...> - 2024-08-31 17:56:43
|
On 8/22/24 8:23 PM, Petr Vorel wrote: > Hi, > > NOTE I'm not systemd expert, others may understand more. > > But trying to upstream various hardenings options which we have been > using since 2021. Adding EnvironmentFile I tested locally today. > systemd-tmpfiles-setup.service should be also safe. > > Kind regards, > Petr > > Josue Ortega (1): > man/rpcbind: Add Files section to manpage > > Petr Vorel (3): > systemd/rpcbind.service.in: Add few default EnvironmentFile > systemd/rpcbind.service.in: Add various hardenings options > systemd/rpcbind.service.in: Want/After systemd-tmpfiles-setup > > man/rpcbind.8 | 8 ++++++++ > systemd/rpcbind.service.in | 16 +++++++++++++++- > 2 files changed, 23 insertions(+), 1 deletion(-) > Committed... (tag: rpcbind-1_2_8-rc1) steved. |
From: Steve D. <st...@re...> - 2024-08-31 17:56:14
|
On 8/31/24 11:44 AM, Steve Dickson wrote: > Signed-off-by: Steve Dickson <st...@re...> Committed... (tag: rpcbind-1_2_8-rc1) steved. > --- > configure.ac | 4 ++-- > man/rpcbind-fr.8 | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/configure.ac b/configure.ac > index 8f4cef3..cbbc172 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -32,8 +32,8 @@ AC_ARG_ENABLE([rmtcalls], > AM_CONDITIONAL(RMTCALLS, test x$enable_rmtcalls = xyes) > > AC_ARG_WITH([statedir], > - AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/var/run/rpcbind@:>@]) > - ,, [with_statedir=/var/run/rpcbind]) > + AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/run/rpcbind@:>@]) > + ,, [with_statedir=/run/rpcbind]) > AC_SUBST([statedir], [$with_statedir]) > > AC_ARG_WITH([rpcuser], > diff --git a/man/rpcbind-fr.8 b/man/rpcbind-fr.8 > index 7db39e7..711acdd 100644 > --- a/man/rpcbind-fr.8 > +++ b/man/rpcbind-fr.8 > @@ -138,8 +138,8 @@ est red > .Xr rpcbind 3 , > .Xr rpcinfo 8 > .Sh FILES > -.Bl -tag -width /var/run/rpcbind.sock -compact > -.It Pa /var/run/rpcbind.sock > +.Bl -tag -width /run/rpcbind.sock -compact > +.It Pa /run/rpcbind.sock > .Sh TRADUCTION > Aurelien CHARBON (Sept 2003) > .El |
From: Steve D. <st...@re...> - 2024-08-31 17:55:43
|
On 8/30/24 1:39 PM, Petr Vorel wrote: > From: Thomas Blume <tho...@su...> > > Most of the distros have /var/run as symlink to /run. > > Because /var may be a separate partition, and could even be mounted via > NFS, having to look directly to /run help to avoid issues rpcbind > startup early in boot when /var might not be available. > > Reviewed-by: Petr Vorel <pv...@su...> > Signed-off-by: Thomas Blume <tho...@su...> > Signed-off-by: Petr Vorel <pv...@su...> Committed... (tag: rpcbind-1_2_8-rc1) steved. > --- > NOTE: I chose opensuse patch for the simplicity, instead of Debian > patch, which unsets _PATH_RPCBINDSOCK (libtirpc). > > I'll send a separate patch for libtirpc. > > Kind regards, > Petr > > src/rpcbind.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/rpcbind.c b/src/rpcbind.c > index ecebe97..9887b82 100644 > --- a/src/rpcbind.c > +++ b/src/rpcbind.c > @@ -105,7 +105,7 @@ char *nss_modules = "files"; > /* who to suid to if -s is given */ > #define RUN_AS "daemon" > > -#define RPCBINDDLOCK "/var/run/rpcbind.lock" > +#define RPCBINDDLOCK "/run/rpcbind.lock" > > int runasdaemon = 0; > int insecure = 0; |
From: Steve D. <st...@re...> - 2024-08-31 17:53:19
|
On 8/30/24 1:43 PM, Petr Vorel wrote: > Most of the distros have /var/run as symlink to /run. > > Because /var may be a separate partition, and could even be mounted via > NFS, having to look directly to /run help to avoid issues rpcbind > startup early in boot when /var might not be available. > > Signed-off-by: Petr Vorel <pv...@su...> Committed... (tag: libtirpc-1-3-6-rc1) steved. > --- > Follow up for rpcbind patch which touches rpcbind.lock location. > > Kind regards, > Petr > > tirpc/rpc/rpcb_prot.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tirpc/rpc/rpcb_prot.h b/tirpc/rpc/rpcb_prot.h > index eb3a0c4..06138bc 100644 > --- a/tirpc/rpc/rpcb_prot.h > +++ b/tirpc/rpc/rpcb_prot.h > @@ -476,8 +476,8 @@ extern bool_t xdr_netbuf(XDR *, struct netbuf *); > #define RPCBVERS_3 RPCBVERS > #define RPCBVERS_4 RPCBVERS4 > > -#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock" > -#define _PATH_RPCBINDSOCK_ABSTRACT "\0/run/rpcbind.sock" > +#define _PATH_RPCBINDSOCK "/run/rpcbind.sock" > +#define _PATH_RPCBINDSOCK_ABSTRACT "\0" _PATH_RPCBINDSOCK > > #else /* ndef _KERNEL */ > #ifdef __cplusplus |
From: Steve D. <st...@re...> - 2024-08-31 15:44:44
|
Signed-off-by: Steve Dickson <st...@re...> --- configure.ac | 4 ++-- man/rpcbind-fr.8 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 8f4cef3..cbbc172 100644 --- a/configure.ac +++ b/configure.ac @@ -32,8 +32,8 @@ AC_ARG_ENABLE([rmtcalls], AM_CONDITIONAL(RMTCALLS, test x$enable_rmtcalls = xyes) AC_ARG_WITH([statedir], - AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/var/run/rpcbind@:>@]) - ,, [with_statedir=/var/run/rpcbind]) + AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/run/rpcbind@:>@]) + ,, [with_statedir=/run/rpcbind]) AC_SUBST([statedir], [$with_statedir]) AC_ARG_WITH([rpcuser], diff --git a/man/rpcbind-fr.8 b/man/rpcbind-fr.8 index 7db39e7..711acdd 100644 --- a/man/rpcbind-fr.8 +++ b/man/rpcbind-fr.8 @@ -138,8 +138,8 @@ est red .Xr rpcbind 3 , .Xr rpcinfo 8 .Sh FILES -.Bl -tag -width /var/run/rpcbind.sock -compact -.It Pa /var/run/rpcbind.sock +.Bl -tag -width /run/rpcbind.sock -compact +.It Pa /run/rpcbind.sock .Sh TRADUCTION Aurelien CHARBON (Sept 2003) .El -- 2.46.0 |
From: Petr V. <pv...@su...> - 2024-08-30 17:44:06
|
Most of the distros have /var/run as symlink to /run. Because /var may be a separate partition, and could even be mounted via NFS, having to look directly to /run help to avoid issues rpcbind startup early in boot when /var might not be available. Signed-off-by: Petr Vorel <pv...@su...> --- Follow up for rpcbind patch which touches rpcbind.lock location. Kind regards, Petr tirpc/rpc/rpcb_prot.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tirpc/rpc/rpcb_prot.h b/tirpc/rpc/rpcb_prot.h index eb3a0c4..06138bc 100644 --- a/tirpc/rpc/rpcb_prot.h +++ b/tirpc/rpc/rpcb_prot.h @@ -476,8 +476,8 @@ extern bool_t xdr_netbuf(XDR *, struct netbuf *); #define RPCBVERS_3 RPCBVERS #define RPCBVERS_4 RPCBVERS4 -#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock" -#define _PATH_RPCBINDSOCK_ABSTRACT "\0/run/rpcbind.sock" +#define _PATH_RPCBINDSOCK "/run/rpcbind.sock" +#define _PATH_RPCBINDSOCK_ABSTRACT "\0" _PATH_RPCBINDSOCK #else /* ndef _KERNEL */ #ifdef __cplusplus -- 2.45.2 |
From: Petr V. <pv...@su...> - 2024-08-30 17:39:40
|
From: Thomas Blume <tho...@su...> Most of the distros have /var/run as symlink to /run. Because /var may be a separate partition, and could even be mounted via NFS, having to look directly to /run help to avoid issues rpcbind startup early in boot when /var might not be available. Reviewed-by: Petr Vorel <pv...@su...> Signed-off-by: Thomas Blume <tho...@su...> Signed-off-by: Petr Vorel <pv...@su...> --- NOTE: I chose opensuse patch for the simplicity, instead of Debian patch, which unsets _PATH_RPCBINDSOCK (libtirpc). I'll send a separate patch for libtirpc. Kind regards, Petr src/rpcbind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rpcbind.c b/src/rpcbind.c index ecebe97..9887b82 100644 --- a/src/rpcbind.c +++ b/src/rpcbind.c @@ -105,7 +105,7 @@ char *nss_modules = "files"; /* who to suid to if -s is given */ #define RUN_AS "daemon" -#define RPCBINDDLOCK "/var/run/rpcbind.lock" +#define RPCBINDDLOCK "/run/rpcbind.lock" int runasdaemon = 0; int insecure = 0; -- 2.45.2 |
From: Petr V. <pv...@su...> - 2024-08-30 16:51:32
|
Hi Steve, > Hey! > My apologies for taking so long to address these patches. No problem, understand you're busy. > On 8/22/24 9:01 PM, Petr Vorel wrote: > > Hi Steve, > > > Add Want/After systemd-tmpfiles-setup.service. This is taken from Fedora > > > rpcbind-0.2.4-5.fc25 patch [1] which tried to handle bug #1401561 [2] > > > where /var/run/rpcbind.lock cannot be created due missing /var/run/ > > > directory. But the suggestion to add RequiresMountFor=... was > > > implemented in ee569be ("Fix boot dependency in systemd service file"). > > > But even with RequiresMountsFor=/run/rpcbind in rpcbind.service and > > > /run/rpcbind.lock there is error on openSUSE Tumbleweed with rpcbind > > > 1.2.6: > > > rpcbind.service: Failed at step NAMESPACE spawning /usr/sbin/rpcbind: Read-only file system > > > Adding systemd-tmpfiles-setup.service fixes it. > > > NOTE: Debian uses for this purpose remote-fs-pre.target (also works, but > > > systemd-tmpfiles-setup.service looks to me more specific). > > > openSUSE uses only After=sysinit.target as a result of #1117217 [3] > > > (also works). > > Reading RH #1117217 once more I wonder if old Fedora patch [4], which places > > rpcbind.lock into /var/run/rpcbind/ would be a better solution: > > configure.ac > > - --with-statedir=ARG use ARG as state dir [default=/var/run/rpcbind] > > + --with-statedir=ARG use ARG as state dir [default=/run/rpcbind] > > ... > > - with_statedir=/var/run/rpcbind > > + with_statedir=/run/rpcbind > > src/rpcbind.c > > -#define RPCBINDDLOCK "/var/run/rpcbind.lock" > > +#define RPCBINDDLOCK RPCBIND_STATEDIR "/rpcbind.lock" > > But I suppose other out-of-tree patch [5] is not a dependency for it, right? > I don't like out-of-tree patch but sometimes they are necessary > since I didn't what to force other distros to adapt what > I made Fedora use. Sure, let's drop this. I was also thinking to add this as a configuration issue, but I suppose most of the distro maintainers are perfectly ok with this directory patch. > > Debian [6] and openSUSE [7] use more simpler version to move to /run. Maybe time > > to upstream Fedora patch and distros will adopt it? > It is time! :-) I'm all for distros to consolidate into one code > base... it is much easier to find bugs and support. IMHO. > Please send patches [6] and [7] in the correct patch form and > I will commit them and mostly like create another release. I'll do, thanks! Kind regards, Petr > Thank you.. for point these differences out!! > steved. > > Kind regards, > > Petr > > > [1] https://src.fedoraproject.org/rpms/rpcbind/blob/rawhide/f/rpcbind-0.2.4-systemd-service.patch > > > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1401561 > > > [3] https://bugzilla.suse.com/show_bug.cgi?id=1117217 > > [4] https://src.fedoraproject.org/rpms/rpcbind/blob/f41/f/rpcbind-0.2.4-runstatdir.patch > > [5] https://src.fedoraproject.org/rpms/rpcbind/blob/rawhide/f/rpcbind-0.2.4-systemd-rundir.patch > > [6] https://salsa.debian.org/debian/rpcbind/-/blob/master/debian/patches/run-migration?ref_type=heads > > [7] https://build.opensuse.org/projects/openSUSE:Factory/packages/rpcbind/files/0001-change-lockingdir-to-run.patch?expand=1 > > > Signed-off-by: Petr Vorel <pv...@su...> > > > --- > > > systemd/rpcbind.service.in | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > diff --git a/systemd/rpcbind.service.in b/systemd/rpcbind.service.in > > > index 272e55a..771b944 100644 > > > --- a/systemd/rpcbind.service.in > > > +++ b/systemd/rpcbind.service.in > > > @@ -7,7 +7,8 @@ RequiresMountsFor=@statedir@ > > > # Make sure we use the IP addresses listed for > > > # rpcbind.socket, no matter how this unit is started. > > > Requires=rpcbind.socket > > > -Wants=rpcbind.target > > > +Wants=rpcbind.target systemd-tmpfiles-setup.service > > > +After=systemd-tmpfiles-setup.service > > > [Service] > > > ProtectSystem=full |
From: Steve D. <st...@re...> - 2024-08-30 15:40:38
|
Hey! My apologies for taking so long to address these patches. On 8/22/24 9:01 PM, Petr Vorel wrote: > Hi Steve, > >> Add Want/After systemd-tmpfiles-setup.service. This is taken from Fedora >> rpcbind-0.2.4-5.fc25 patch [1] which tried to handle bug #1401561 [2] >> where /var/run/rpcbind.lock cannot be created due missing /var/run/ >> directory. But the suggestion to add RequiresMountFor=... was >> implemented in ee569be ("Fix boot dependency in systemd service file"). > >> But even with RequiresMountsFor=/run/rpcbind in rpcbind.service and >> /run/rpcbind.lock there is error on openSUSE Tumbleweed with rpcbind >> 1.2.6: > >> rpcbind.service: Failed at step NAMESPACE spawning /usr/sbin/rpcbind: Read-only file system > >> Adding systemd-tmpfiles-setup.service fixes it. > >> NOTE: Debian uses for this purpose remote-fs-pre.target (also works, but >> systemd-tmpfiles-setup.service looks to me more specific). >> openSUSE uses only After=sysinit.target as a result of #1117217 [3] >> (also works). > > Reading RH #1117217 once more I wonder if old Fedora patch [4], which places > rpcbind.lock into /var/run/rpcbind/ would be a better solution: > > configure.ac > - --with-statedir=ARG use ARG as state dir [default=/var/run/rpcbind] > + --with-statedir=ARG use ARG as state dir [default=/run/rpcbind] > ... > - with_statedir=/var/run/rpcbind > + with_statedir=/run/rpcbind > > src/rpcbind.c > -#define RPCBINDDLOCK "/var/run/rpcbind.lock" > +#define RPCBINDDLOCK RPCBIND_STATEDIR "/rpcbind.lock" > > But I suppose other out-of-tree patch [5] is not a dependency for it, right? I don't like out-of-tree patch but sometimes they are necessary since I didn't what to force other distros to adapt what I made Fedora use. > > Debian [6] and openSUSE [7] use more simpler version to move to /run. Maybe time > to upstream Fedora patch and distros will adopt it? It is time! :-) I'm all for distros to consolidate into one code base... it is much easier to find bugs and support. IMHO. Please send patches [6] and [7] in the correct patch form and I will commit them and mostly like create another release. Thank you.. for point these differences out!! steved. > > Kind regards, > Petr > >> [1] https://src.fedoraproject.org/rpms/rpcbind/blob/rawhide/f/rpcbind-0.2.4-systemd-service.patch >> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1401561 >> [3] https://bugzilla.suse.com/show_bug.cgi?id=1117217 > > [4] https://src.fedoraproject.org/rpms/rpcbind/blob/f41/f/rpcbind-0.2.4-runstatdir.patch > [5] https://src.fedoraproject.org/rpms/rpcbind/blob/rawhide/f/rpcbind-0.2.4-systemd-rundir.patch > [6] https://salsa.debian.org/debian/rpcbind/-/blob/master/debian/patches/run-migration?ref_type=heads > [7] https://build.opensuse.org/projects/openSUSE:Factory/packages/rpcbind/files/0001-change-lockingdir-to-run.patch?expand=1 > >> Signed-off-by: Petr Vorel <pv...@su...> >> --- >> systemd/rpcbind.service.in | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) > >> diff --git a/systemd/rpcbind.service.in b/systemd/rpcbind.service.in >> index 272e55a..771b944 100644 >> --- a/systemd/rpcbind.service.in >> +++ b/systemd/rpcbind.service.in >> @@ -7,7 +7,8 @@ RequiresMountsFor=@statedir@ >> # Make sure we use the IP addresses listed for >> # rpcbind.socket, no matter how this unit is started. >> Requires=rpcbind.socket >> -Wants=rpcbind.target >> +Wants=rpcbind.target systemd-tmpfiles-setup.service >> +After=systemd-tmpfiles-setup.service > >> [Service] >> ProtectSystem=full > |
From: Petr V. <pv...@su...> - 2024-08-23 01:01:52
|
Hi Steve, > Add Want/After systemd-tmpfiles-setup.service. This is taken from Fedora > rpcbind-0.2.4-5.fc25 patch [1] which tried to handle bug #1401561 [2] > where /var/run/rpcbind.lock cannot be created due missing /var/run/ > directory. But the suggestion to add RequiresMountFor=... was > implemented in ee569be ("Fix boot dependency in systemd service file"). > But even with RequiresMountsFor=/run/rpcbind in rpcbind.service and > /run/rpcbind.lock there is error on openSUSE Tumbleweed with rpcbind > 1.2.6: > rpcbind.service: Failed at step NAMESPACE spawning /usr/sbin/rpcbind: Read-only file system > Adding systemd-tmpfiles-setup.service fixes it. > NOTE: Debian uses for this purpose remote-fs-pre.target (also works, but > systemd-tmpfiles-setup.service looks to me more specific). > openSUSE uses only After=sysinit.target as a result of #1117217 [3] > (also works). Reading RH #1117217 once more I wonder if old Fedora patch [4], which places rpcbind.lock into /var/run/rpcbind/ would be a better solution: configure.ac - --with-statedir=ARG use ARG as state dir [default=/var/run/rpcbind] + --with-statedir=ARG use ARG as state dir [default=/run/rpcbind] ... - with_statedir=/var/run/rpcbind + with_statedir=/run/rpcbind src/rpcbind.c -#define RPCBINDDLOCK "/var/run/rpcbind.lock" +#define RPCBINDDLOCK RPCBIND_STATEDIR "/rpcbind.lock" But I suppose other out-of-tree patch [5] is not a dependency for it, right? Debian [6] and openSUSE [7] use more simpler version to move to /run. Maybe time to upstream Fedora patch and distros will adopt it? Kind regards, Petr > [1] https://src.fedoraproject.org/rpms/rpcbind/blob/rawhide/f/rpcbind-0.2.4-systemd-service.patch > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1401561 > [3] https://bugzilla.suse.com/show_bug.cgi?id=1117217 [4] https://src.fedoraproject.org/rpms/rpcbind/blob/f41/f/rpcbind-0.2.4-runstatdir.patch [5] https://src.fedoraproject.org/rpms/rpcbind/blob/rawhide/f/rpcbind-0.2.4-systemd-rundir.patch [6] https://salsa.debian.org/debian/rpcbind/-/blob/master/debian/patches/run-migration?ref_type=heads [7] https://build.opensuse.org/projects/openSUSE:Factory/packages/rpcbind/files/0001-change-lockingdir-to-run.patch?expand=1 > Signed-off-by: Petr Vorel <pv...@su...> > --- > systemd/rpcbind.service.in | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > diff --git a/systemd/rpcbind.service.in b/systemd/rpcbind.service.in > index 272e55a..771b944 100644 > --- a/systemd/rpcbind.service.in > +++ b/systemd/rpcbind.service.in > @@ -7,7 +7,8 @@ RequiresMountsFor=@statedir@ > # Make sure we use the IP addresses listed for > # rpcbind.socket, no matter how this unit is started. > Requires=rpcbind.socket > -Wants=rpcbind.target > +Wants=rpcbind.target systemd-tmpfiles-setup.service > +After=systemd-tmpfiles-setup.service > [Service] > ProtectSystem=full |
From: Petr V. <pv...@su...> - 2024-08-23 00:23:47
|
We've been running rpcbind 1.2.6 with it in openSUSE since 2021. NOTE: In systemd < 244 (released Nov 2019) some of these options are unknown and will produce warnings, see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort Cc: Johannes Segitz <js...@su...> Signed-off-by: Petr Vorel <pv...@su...> --- systemd/rpcbind.service.in | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/systemd/rpcbind.service.in b/systemd/rpcbind.service.in index c5bbd5e..272e55a 100644 --- a/systemd/rpcbind.service.in +++ b/systemd/rpcbind.service.in @@ -10,6 +10,16 @@ Requires=rpcbind.socket Wants=rpcbind.target [Service] +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true Type=notify # distro can provide a drop-in adding EnvironmentFile=-/??? if needed. EnvironmentFile=-/etc/rpcbind.conf -- 2.45.2 |
From: Petr V. <pv...@su...> - 2024-08-23 00:23:46
|
Hi, NOTE I'm not systemd expert, others may understand more. But trying to upstream various hardenings options which we have been using since 2021. Adding EnvironmentFile I tested locally today. systemd-tmpfiles-setup.service should be also safe. Kind regards, Petr Josue Ortega (1): man/rpcbind: Add Files section to manpage Petr Vorel (3): systemd/rpcbind.service.in: Add few default EnvironmentFile systemd/rpcbind.service.in: Add various hardenings options systemd/rpcbind.service.in: Want/After systemd-tmpfiles-setup man/rpcbind.8 | 8 ++++++++ systemd/rpcbind.service.in | 16 +++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) -- 2.45.2 |
From: Petr V. <pv...@su...> - 2024-08-23 00:23:46
|
Add some defaults so that distros can drop patches to configure it. * openSUSE and Fedora use /etc/sysconfig/rpcbind https://build.opensuse.org/projects/network/packages/rpcbind/files/0001-systemd-unit-files.patch?expand=1 https://src.fedoraproject.org/rpms/rpcbind/blob/f41/f/rpcbind-0.2.3-systemd-envfile.patch * Debian uses /etc/rpcbind.conf and /etc/default/rpcbind https://salsa.debian.org/debian/rpcbind/-/blob/buster/debian/rpcbind.service?ref_type=heads Add all these 3 in order: * /etc/rpcbind.conf * /etc/default/rpcbind * /etc/sysconfig/rpcbind Signed-off-by: Petr Vorel <pv...@su...> --- systemd/rpcbind.service.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd/rpcbind.service.in b/systemd/rpcbind.service.in index c892ca8..c5bbd5e 100644 --- a/systemd/rpcbind.service.in +++ b/systemd/rpcbind.service.in @@ -12,6 +12,9 @@ Wants=rpcbind.target [Service] Type=notify # distro can provide a drop-in adding EnvironmentFile=-/??? if needed. +EnvironmentFile=-/etc/rpcbind.conf +EnvironmentFile=-/etc/default/rpcbind +EnvironmentFile=-/etc/sysconfig/rpcbind ExecStart=@_sbindir@/rpcbind $RPCBIND_OPTIONS @warmstarts_opt@ -f [Install] -- 2.45.2 |
From: Petr V. <pv...@su...> - 2024-08-23 00:23:42
|
From: Josue Ortega <jo...@de...> Previous commit added 3 non-default files, mention them in man page. Signed-off-by: Petr Vorel <pv...@su...> --- man/rpcbind.8 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/man/rpcbind.8 b/man/rpcbind.8 index fbf0ace..cdcdcfd 100644 --- a/man/rpcbind.8 +++ b/man/rpcbind.8 @@ -150,6 +150,14 @@ starts up. The state file is created when .Nm terminates. .El +.Sh FILES +The +.Nm +utility tries to load configuration file in following order: +.Bd -literal +.Pa /etc/rpcbind.conf +.Pa /etc/default/rpcbind +.Pa /etc/sysconfig/rpcbind .Sh NOTES All RPC servers must be restarted if .Nm -- 2.45.2 |
From: Petr V. <pv...@su...> - 2024-08-23 00:23:42
|
Add Want/After systemd-tmpfiles-setup.service. This is taken from Fedora rpcbind-0.2.4-5.fc25 patch [1] which tried to handle bug #1401561 [2] where /var/run/rpcbind.lock cannot be created due missing /var/run/ directory. But the suggestion to add RequiresMountFor=... was implemented in ee569be ("Fix boot dependency in systemd service file"). But even with RequiresMountsFor=/run/rpcbind in rpcbind.service and /run/rpcbind.lock there is error on openSUSE Tumbleweed with rpcbind 1.2.6: rpcbind.service: Failed at step NAMESPACE spawning /usr/sbin/rpcbind: Read-only file system Adding systemd-tmpfiles-setup.service fixes it. NOTE: Debian uses for this purpose remote-fs-pre.target (also works, but systemd-tmpfiles-setup.service looks to me more specific). openSUSE uses only After=sysinit.target as a result of #1117217 [3] (also works). [1] https://src.fedoraproject.org/rpms/rpcbind/blob/rawhide/f/rpcbind-0.2.4-systemd-service.patch [2] https://bugzilla.redhat.com/show_bug.cgi?id=1401561 [3] https://bugzilla.suse.com/show_bug.cgi?id=1117217 Signed-off-by: Petr Vorel <pv...@su...> --- systemd/rpcbind.service.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systemd/rpcbind.service.in b/systemd/rpcbind.service.in index 272e55a..771b944 100644 --- a/systemd/rpcbind.service.in +++ b/systemd/rpcbind.service.in @@ -7,7 +7,8 @@ RequiresMountsFor=@statedir@ # Make sure we use the IP addresses listed for # rpcbind.socket, no matter how this unit is started. Requires=rpcbind.socket -Wants=rpcbind.target +Wants=rpcbind.target systemd-tmpfiles-setup.service +After=systemd-tmpfiles-setup.service [Service] ProtectSystem=full -- 2.45.2 |
From: Frank S. <fst...@bi...> - 2024-08-12 10:11:00
|
One interesting finding: When I was looking into the nfs-client code to compare how they do the fixed-port stuff for mountd etc., I realized that nfs-utils-2.6.4/support/nfs/svc_create.c has two code blocks using #ifdef HAVE_LIBTIRPC ... #else /* !HAVE_LIBTIRPC */ ... #endig The else-block is basically just using a call "rpc_init" from rpcmisc.c which uses almost the same code for creating a socked with a fixed port in its "makesock" function. I even copied most of this code to my function, but it didn't create a tcp socket either. The HAVE_LIBTIRPC is way longer and uses a "SVCXPRT *xprt" structure in all functions. Thus, the NFS guys are intentionally not using the code that is also created by rpcgen for compiling with the libtirc library. Maybe they also figured out that it doesn't work with libtirc for some reason and created new code for libtirc. So maybe a newer version of rpcgen is neccessary to work with libtirc and recent rpcbind... cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. * |
From: Frank S. <fst...@bi...> - 2024-08-08 14:02:46
|
Hi Steve, thanks a lot for caring! Steve Dickson wrote: > Why not just set the static port through something like /etc/nfs.conf? The code for the remote uptime server isn't aware of /etc/nfs.conf, so I can't use that, unfortunately. >> /* transp = svctcp_create(RPC_ANYSOCK, 0, 0); */ >> /* my code added: */ >> int sd; >> struct sockaddr_in sin; >> sd = socket(AF_INET, SOCK_STREAM, 0); >> bzero(&sin, sizeof(sin)); >> sin.sin_family = AF_INET; >> sin.sin_addr.s_addr = INADDR_ANY; >> sin.sin_port = htons(62222); >> bind(sd, &sin, sizeof(sin)); >> transp = svctcp_create(sd, 0, 0); >> /* end of my code added */ > > Looks reasonable... but where did you come up with 62222? > Are you sure it is not already being used? That was just an arbitrary one. I started with 852 which was used in the past, then thought it might be a problem with ports < 1024 and used different values above 60000. But it's always the same problem no matter which port number I try. > Just curious... is systemd involved with anything? Yes, the systems are running systemd, and rpcbind is started via rpcbind.service and rpcbind.socket. Is it possible that the rpcbind daemon expects sth. different from the uptime server for opening a fixed port, and refuses to open the tcp port because my patched code is talking some "too old" standard? However, there is no indication in the journal, i.e. no message at all from rpcbind, though, even not when starting it in debug mode. > Yeah it is not obvious as to why this is happening... Again I would > look at systemd "helping out" and make sure the port is not already > be used. I'm not sure I understand the comment about systemd: Do you mean it might somehow prevent opening the port by some security restrictions or similar? I stopped the rpcbind daemon (including rpcbind.socket) and started it manually, but still the same error... -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. * |
From: Steve D. <st...@re...> - 2024-08-08 12:46:53
|
Sorry for the delay... On 8/5/24 2:00 PM, Frank Steiner wrote: > Hi, > > I'm using a very old distributed uptime server https://ru1.sourceforge.net/ > which generates the code part for rpc communication by calling rpcgen. > We compile and run it on SLES 15 SP6 (= opensuse leap 15.6) with > libtirpc-1.3.4. > > Due to firewall issues I've changed the resulting code such that a fixed > tcp port is used instead of a random one created by using RPC_ANYSOCK. > This worked fine as long as the sun rpc code was in glibc, but after it > was moved to libtirpc it fails silently without any error message, i.e. > it doesn't listen on any tcp port anymore. Why not just set the static port through something like /etc/nfs.conf? > > The server part code generated by rpgcen is this (only the main > function). I've replaced the "transp = svctcp_create(RPC_ANYSOCK, 0, 0);" > by some code using a socket with a fixed port: > > nt main (int argc, char **argv) { > > int c; // used by getopt > long server_port = -1; > > > register SVCXPRT *transp; > > pmap_unset (RWPROG, RWVERS); > > transp = svcudp_create(RPC_ANYSOCK); > if (transp == NULL) { > fprintf (stderr, "%s", "cannot create udp service."); > exit(1); > } > if (!svc_register(transp, RWPROG, RWVERS, rwprog_1, > IPPROTO_UDP)) { > fprintf (stderr, "%s", "unable to register (RWPROG, > RWVERS, udp)."); > exit(1); > } > > /* transp = svctcp_create(RPC_ANYSOCK, 0, 0); */ > /* my code added: */ > int sd; > struct sockaddr_in sin; > sd = socket(AF_INET, SOCK_STREAM, 0); > bzero(&sin, sizeof(sin)); > sin.sin_family = AF_INET; > sin.sin_addr.s_addr = INADDR_ANY; > sin.sin_port = htons(62222); > bind(sd, &sin, sizeof(sin)); > transp = svctcp_create(sd, 0, 0); > /* end of my code added */ Looks reasonable... but where did you come up with 62222? Are you sure it is not already being used? > > if (transp == NULL) { > fprintf (stderr, "%s", "cannot create tcp service."); > exit(1); > } > if (!svc_register(transp, RWPROG, RWVERS, rwprog_1, > IPPROTO_TCP)) { > fprintf (stderr, "%s", "unable to register (RWPROG, > RWVERS, tcp)."); > exit(1); > } > > svc_run (); > fprintf (stderr, "%s", "svc_run returned"); > exit (1); > /* NOTREACHED */ > } > > This compiles and starts fine, but when calling "netstat -tulpn" > afterwards I see only the udp port is used (random port number). > When reverting to "svctcp_create(RPC_ANYSOCK, 0, 0);" the server > is also listening on a (random) tcp port. > > Comparing both servers startups with strace I don't see why using the > fixed port fails. That's the relevant part from using RPC_ANYSOCK: Just curious... is systemd involved with anything? > > > getsockname(4, {sa_family=AF_INET, sin_port=htons(0), > sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 > getsockopt(4, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 > getsockname(4, {sa_family=AF_INET, sin_port=htons(0), > sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 > getsockname(4, {sa_family=AF_INET, sin_port=htons(0), > sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 > getsockname(4, {sa_family=AF_INET, sin_port=htons(0), > sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 > openat(AT_FDCWD, "/proc/sys/net/ipv4/ip_local_reserved_ports", O_RDONLY) > = 5 > fstat(5, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 > read(5, "\n", 1024) = 1 > read(5, "", 1024) = 0 > close(5) = 0 > bind(4, {sa_family=AF_INET, sin_port=htons(63242), > sin_addr=inet_addr("0.0.0.0")}, 16) = 0 > listen(4, 4096) = 0 > getpeername(4, 0x7ffe8af2fa10, [128]) = -1 ENOTCONN (Transport > endpoint is not connected) > getsockname(4, {sa_family=AF_INET, sin_port=htons(63242), > sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 > getsockopt(4, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 > getsockname(4, {sa_family=AF_INET, sin_port=htons(63242), > sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 > openat(AT_FDCWD, "/etc/netconfig", O_RDONLY) = 5 > fstat(5, {st_mode=S_IFREG|0644, st_size=767, ...}) = 0 > read(5, "#\n# The network configuration fi"..., 4096) = 767 > close(5) = 0 > socket(AF_UNIX, SOCK_STREAM, 0) = 5 > rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 > getpeername(5, 0x7ffe8af2f730, [128]) = -1 ENOTCONN (Transport > endpoint is not connected) > connect(5, {sa_family=AF_UNIX, sun_path="/var/run/rpcbind.sock"}, 23) = 0 > getsockname(5, {sa_family=AF_UNIX}, [128 => 2]) = 0 > getsockopt(5, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 > <polling for data> > > > > And that's the from the code with the fixed port number: > > openat(AT_FDCWD, "/etc/netconfig", O_RDONLY) = 4 > fstat(4, {st_mode=S_IFREG|0644, st_size=767, ...}) = 0 > read(4, "#\n# The network configuration fi"..., 4096) = 767 > close(4) = 0 > socket(AF_UNIX, SOCK_STREAM, 0) = 4 > rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 > getpeername(4, 0x7fff5be340b0, [128]) = -1 ENOTCONN (Transport > endpoint is not connected) > connect(4, {sa_family=AF_UNIX, sun_path="/var/run/rpcbind.sock"}, 23) = 0 > getsockname(4, {sa_family=AF_UNIX}, [128 => 2]) = 0 > getsockopt(4, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > getpid() = 1701 > rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > geteuid() = 0 > rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 > write(4, > "\200\0\0T<B\222\0\0\0\0\0\0\0\0\2\0\1\206\240\0\0\0\3\0\0\0\1\0\0\0\0"..., 88) = 88 > read(4, > "\200\0\0\34<B\222\0\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1", > 9000) = 32 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 > close(4) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 4 > bind(4, {sa_family=AF_INET, sin_port=htons(62222), > sin_addr=inet_addr("0.0.0.0")}, 16) = 0 > openat(AT_FDCWD, "/etc/netconfig", O_RDONLY) = 5 > fstat(5, {st_mode=S_IFREG|0644, st_size=767, ...}) = 0 > read(5, "#\n# The network configuration fi"..., 4096) = 767 > close(5) = 0 > getsockname(4, {sa_family=AF_INET, sin_port=htons(62222), > sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 > getsockopt(4, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 > getsockname(4, {sa_family=AF_INET, sin_port=htons(62222), > sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 > getpeername(4, 0x7fff5be34390, [128]) = -1 ENOTCONN (Transport > endpoint is not connected) > getsockname(4, {sa_family=AF_INET, sin_port=htons(62222), > sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 > getsockopt(4, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 > getsockname(4, {sa_family=AF_INET, sin_port=htons(62222), > sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 > openat(AT_FDCWD, "/etc/netconfig", O_RDONLY) = 5 > fstat(5, {st_mode=S_IFREG|0644, st_size=767, ...}) = 0 > read(5, "#\n# The network configuration fi"..., 4096) = 767 > close(5) = 0 > socket(AF_UNIX, SOCK_STREAM, 0) = 5 > rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 > getpeername(5, 0x7fff5be340b0, [128]) = -1 ENOTCONN (Transport > endpoint is not connected) > connect(5, {sa_family=AF_UNIX, sun_path="/var/run/rpcbind.sock"}, 23) = 0 > getsockname(5, {sa_family=AF_UNIX}, [128 => 2]) = 0 > getsockopt(5, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 > <polling ...> > > Do you have any ideas what's wrong with the above code when compiling > it using the libtirpc library instead of the old sunrpc code from glibc? Yeah it is not obvious as to why this is happening... Again I would look at systemd "helping out" and make sure the port is not already be used. steved. > > Many thanks! > > cu, > Frank > > > _______________________________________________ > Libtirpc-devel mailing list > Lib...@li... > https://lists.sourceforge.net/lists/listinfo/libtirpc-devel > |
From: Frank S. <fst...@bi...> - 2024-08-05 18:20:05
|
Hi, I'm using a very old distributed uptime server https://ru1.sourceforge.net/ which generates the code part for rpc communication by calling rpcgen. We compile and run it on SLES 15 SP6 (= opensuse leap 15.6) with libtirpc-1.3.4. Due to firewall issues I've changed the resulting code such that a fixed tcp port is used instead of a random one created by using RPC_ANYSOCK. This worked fine as long as the sun rpc code was in glibc, but after it was moved to libtirpc it fails silently without any error message, i.e. it doesn't listen on any tcp port anymore. The server part code generated by rpgcen is this (only the main function). I've replaced the "transp = svctcp_create(RPC_ANYSOCK, 0, 0);" by some code using a socket with a fixed port: nt main (int argc, char **argv) { int c; // used by getopt long server_port = -1; register SVCXPRT *transp; pmap_unset (RWPROG, RWVERS); transp = svcudp_create(RPC_ANYSOCK); if (transp == NULL) { fprintf (stderr, "%s", "cannot create udp service."); exit(1); } if (!svc_register(transp, RWPROG, RWVERS, rwprog_1, IPPROTO_UDP)) { fprintf (stderr, "%s", "unable to register (RWPROG, RWVERS, udp)."); exit(1); } /* transp = svctcp_create(RPC_ANYSOCK, 0, 0); */ /* my code added: */ int sd; struct sockaddr_in sin; sd = socket(AF_INET, SOCK_STREAM, 0); bzero(&sin, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_addr.s_addr = INADDR_ANY; sin.sin_port = htons(62222); bind(sd, &sin, sizeof(sin)); transp = svctcp_create(sd, 0, 0); /* end of my code added */ if (transp == NULL) { fprintf (stderr, "%s", "cannot create tcp service."); exit(1); } if (!svc_register(transp, RWPROG, RWVERS, rwprog_1, IPPROTO_TCP)) { fprintf (stderr, "%s", "unable to register (RWPROG, RWVERS, tcp)."); exit(1); } svc_run (); fprintf (stderr, "%s", "svc_run returned"); exit (1); /* NOTREACHED */ } This compiles and starts fine, but when calling "netstat -tulpn" afterwards I see only the udp port is used (random port number). When reverting to "svctcp_create(RPC_ANYSOCK, 0, 0);" the server is also listening on a (random) tcp port. Comparing both servers startups with strace I don't see why using the fixed port fails. That's the relevant part from using RPC_ANYSOCK: getsockname(4, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 getsockopt(4, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 getsockname(4, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 getsockname(4, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 getsockname(4, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 openat(AT_FDCWD, "/proc/sys/net/ipv4/ip_local_reserved_ports", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 read(5, "\n", 1024) = 1 read(5, "", 1024) = 0 close(5) = 0 bind(4, {sa_family=AF_INET, sin_port=htons(63242), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 listen(4, 4096) = 0 getpeername(4, 0x7ffe8af2fa10, [128]) = -1 ENOTCONN (Transport endpoint is not connected) getsockname(4, {sa_family=AF_INET, sin_port=htons(63242), sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 getsockopt(4, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 getsockname(4, {sa_family=AF_INET, sin_port=htons(63242), sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 openat(AT_FDCWD, "/etc/netconfig", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=767, ...}) = 0 read(5, "#\n# The network configuration fi"..., 4096) = 767 close(5) = 0 socket(AF_UNIX, SOCK_STREAM, 0) = 5 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 getpeername(5, 0x7ffe8af2f730, [128]) = -1 ENOTCONN (Transport endpoint is not connected) connect(5, {sa_family=AF_UNIX, sun_path="/var/run/rpcbind.sock"}, 23) = 0 getsockname(5, {sa_family=AF_UNIX}, [128 => 2]) = 0 getsockopt(5, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 <polling for data> And that's the from the code with the fixed port number: openat(AT_FDCWD, "/etc/netconfig", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=767, ...}) = 0 read(4, "#\n# The network configuration fi"..., 4096) = 767 close(4) = 0 socket(AF_UNIX, SOCK_STREAM, 0) = 4 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 getpeername(4, 0x7fff5be340b0, [128]) = -1 ENOTCONN (Transport endpoint is not connected) connect(4, {sa_family=AF_UNIX, sun_path="/var/run/rpcbind.sock"}, 23) = 0 getsockname(4, {sa_family=AF_UNIX}, [128 => 2]) = 0 getsockopt(4, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 getpid() = 1701 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 geteuid() = 0 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 write(4, "\200\0\0T<B\222\0\0\0\0\0\0\0\0\2\0\1\206\240\0\0\0\3\0\0\0\1\0\0\0\0"..., 88) = 88 read(4, "\200\0\0\34<B\222\0\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1", 9000) = 32 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 close(4) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 4 bind(4, {sa_family=AF_INET, sin_port=htons(62222), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 openat(AT_FDCWD, "/etc/netconfig", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=767, ...}) = 0 read(5, "#\n# The network configuration fi"..., 4096) = 767 close(5) = 0 getsockname(4, {sa_family=AF_INET, sin_port=htons(62222), sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 getsockopt(4, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 getsockname(4, {sa_family=AF_INET, sin_port=htons(62222), sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 getpeername(4, 0x7fff5be34390, [128]) = -1 ENOTCONN (Transport endpoint is not connected) getsockname(4, {sa_family=AF_INET, sin_port=htons(62222), sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 getsockopt(4, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 getsockname(4, {sa_family=AF_INET, sin_port=htons(62222), sin_addr=inet_addr("0.0.0.0")}, [128 => 16]) = 0 openat(AT_FDCWD, "/etc/netconfig", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=767, ...}) = 0 read(5, "#\n# The network configuration fi"..., 4096) = 767 close(5) = 0 socket(AF_UNIX, SOCK_STREAM, 0) = 5 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 getpeername(5, 0x7fff5be340b0, [128]) = -1 ENOTCONN (Transport endpoint is not connected) connect(5, {sa_family=AF_UNIX, sun_path="/var/run/rpcbind.sock"}, 23) = 0 getsockname(5, {sa_family=AF_UNIX}, [128 => 2]) = 0 getsockopt(5, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 <polling ...> Do you have any ideas what's wrong with the above code when compiling it using the libtirpc library instead of the old sunrpc code from glibc? Many thanks! cu, Frank |
From: Steve D. <st...@re...> - 2024-07-26 12:23:03
|
This release contains: - rpcinfo: try connecting using abstract address. - Listen on an AF_UNIX abstract address if supported. - autotools/systemd: call rpcbind with -w only on enabled warm starts - rpcbind: fix double free in init_transport Both the tarball and change log can be found at http://sourceforge.net/projects/rpcbind The git tree was moved to: git://linux-nfs.org/~steved/rpcbind.git Please send comments/bugs to lin...@vg... and/or lib...@li... steved. |
From: Steve D. <st...@re...> - 2024-07-24 10:45:05
|
Hello, A couple of rpcbind enhancements and a memory leak fix... as well as a few other bug fixes. The tarball: https://sourceforge.net/projects/libtirpc/files/libtirpc/1.3.5/libtirpc-1.3.5.tar.bz2 Release notes: https://sourceforge.net/projects/libtirpc/files/libtirpc/1.3.5/Release-1-3-5.txt The git tree is at: git://linux-nfs.org/~steved/libtirpc steved. |
From: Cedric B. <ced...@gm...> - 2024-02-08 19:07:52
|
On Thu, 1 Feb 2024 at 06:23, Cedric Blancher <ced...@gm...> wrote: > > Good morning! > > Linux mount.nfs4 has the nconnect= option to use more than one TCP > connection for traffic to or from the server. > > Could the same be done with a libtirpc-based RPC client? How? ? Ced -- Cedric Blancher <ced...@gm...> [https://plus.google.com/u/0/+CedricBlancher/] Institute Pasteur |
From: David H. <dh...@op...> - 2024-02-01 15:55:27
|
My reading of the code indicates that the libtirpc server code is single threaded, so it can't process multiple connections simultaneously, if that's what you're asking for. FWIW, our projects have a strong need to make the server multi-threaded, so I hope to work on that code sometime in the next year or so. Dave -----Original Message----- From: Cedric Blancher <ced...@gm...> Sent: Thursday, February 1, 2024 12:23 AM To: lib...@li... Subject: [EXTERNAL] - [Libtirpc-devel] RPC traffic over more than one TCP connection to the same server (Linux mount.nfs nconnect=)? CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you feel that the email is suspicious, please report it using PhishAlarm. Good morning! Linux mount.nfs4 has the nconnect= option to use more than one TCP connection for traffic to or from the server. Could the same be done with a libtirpc-based RPC client? How? Ced -- Cedric Blancher <ced...@gm...> [https://urldefense.com/v3/__https://plus.google.com/u/0/*CedricBlancher/__;Kw!!Obbck6kTJA!fEYpvIYUUc9Gm8WFaSEx_I-nSAYP58DhkEFGUS3MAX-E5OP-uPZhendfyuOjwCCtod8y6S2-oY_QGlOjza7PhpNcfFI$ ] Institute Pasteur _______________________________________________ Libtirpc-devel mailing list Lib...@li... https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/libtirpc-devel__;!!Obbck6kTJA!fEYpvIYUUc9Gm8WFaSEx_I-nSAYP58DhkEFGUS3MAX-E5OP-uPZhendfyuOjwCCtod8y6S2-oY_QGlOjza7PXly6EBA$ |