On 11/23/2016 07:39 AM, Chuck Anderson wrote: > Is it supposed to be supported to install RPMs onto NFS filesystems? > Apparently NFSv3 doesn't support capabilities, so I'm not sure what to > do with this bug which happens because cap_net_raw is used for the > fping binaries: > > I would expect that isn't supported, although I'm somewhat surprised that it fails instead of just warning. That's a very unusual setup, having the root filesystem on NFS. _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org

On 11/23/2016 04:56 PM, Subhendu Ghosh wrote: > > Not really. A number of environments I know deploy nfsroot and stateless > systems. > Ok, but even in that case, you are unlikely to be installing rpms from the client instead of the server side.

_______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org

On 23 November 2016 at 19:36, Samuel Sieb <samuel(a)sieb.net&gt; wrote: > On 11/23/2016 07:39 AM, Chuck Anderson wrote: >> >> Is it supposed to be supported to install RPMs onto NFS filesystems? >> Apparently NFSv3 doesn't support capabilities, so I'm not sure what to >> do with this bug which happens because cap_net_raw is used for the >> fping binaries: >> > I would expect that isn't supported, although I'm somewhat surprised that it > fails instead of just warning. That's a very unusual setup, having the root > filesystem on NFS. I doubt that installing on NFS was supported after we began using capabilities on files for security. While installing on NFS was in vogue in the 80's and 90's for thin clients and similar environments, I think it has fallen to the wayside for current development. [In the EPEL environment space I do expect it is still in use for root but probably only in EL6 land versus EL7]

On Wed, Nov 23, 2016 at 08:28:12PM -0500, Stephen John Smoogen wrote: > On 23 November 2016 at 19:36, Samuel Sieb <samuel(a)sieb.net&gt; wrote: > > On 11/23/2016 07:39 AM, Chuck Anderson wrote: > >> > >> Is it supposed to be supported to install RPMs onto NFS filesystems? > >> Apparently NFSv3 doesn't support capabilities, so I'm not sure what to > >> do with this bug which happens because cap_net_raw is used for the > >> fping binaries: > >> > > I would expect that isn't supported, although I'm somewhat surprised that it > > fails instead of just warning. That's a very unusual setup, having the root > > filesystem on NFS. > > I doubt that installing on NFS was supported after we began using > capabilities on files for security. While installing on NFS was in > vogue in the 80's and 90's for thin clients and similar environments, > I think it has fallen to the wayside for current development. [In the > EPEL environment space I do expect it is still in use for root but > probably only in EL6 land versus EL7] This isn't the first complaint we've gotten, though admittedly it may have been a while. (And I'm having no luck finding the bugs in bugzilla.) We could add support for capabilities to the NFS protocol, but that could take a while. It'd be nice if rpm installs could fall back on something else instead of failing, but maybe it's complicated to do that safely. --b. _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org

dennis(a)ausil.us writes: > Without filesystem capabilities, many things will not work. Ping as a > user for instance. Lots of setuid binaries switched to using > filesystem capabilities rather than setuid and require it to work. RPM > failing is the right thing to do. I haven't actually noticed problems with that, but having root on a networked filesystem (be it NFS or something else) should be supported, and I thought it explicitly was by Red Hat. I have a few hundred stateless HPC compute nodes with an NFS root, but the image is maintained in a chroot on the file server, i.e. a local file system. I wonder if there's more then one problem with rpm anyway. I've seen problems in the past which I'd put down to rpm's db library not working properly on NFS 3, but I don't remember whether I verified that it was the (whole) problem.