Re: Kernel panic when accessing ZFS-Filesystem via NFS

From: Robert Watson <rwatson_at_FreeBSD.org>
Date: Thu, 4 Jun 2009 11:28:33 +0100 (BST)
On Thu, 4 Jun 2009, Doug Rabson wrote:

>> I would start looking at svc_getcred() and blame at least the AUTH_UNIX 
>> case;  end of rpc/svc_auth.c.  This looks like a big NO-NO. I am pretty 
>> sure I'd also want to audit svc_rpc_gss(), just in case.
>
> The NFS server is creating a ucred which describes the privileges to be 
> given to the remote user. What is the correct way to do this and where can I 
> read the documentation?

In practice, all credentials in the system are (often quite indirectly) 
derived from one of two root credentials, those belong to swapper and init. 
Typical practice, on initializing a kernel service, is to take an additional 
reference on the credential that configured the service and derive future 
credentials from it.  I think this is what the old NFS code did, presumably 
either directly borrowing a proc 0 credential, or from the syscall turning on 
the NFS server.

Robert N M Watson
Computer Laboratory
University of Cambridge
Received on Thu Jun 04 2009 - 08:28:33 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:49 UTC