These two patches will enable the new id mapper
that uses the key-request up-call mechanism
and uses the keyring to store the ids.
The up-call is made to the user level program
/usr/sbin/nfsidmap which does all the actual
id mapping. Using this mechanism will mean
the rpc.idmapd daemon will no longer be needed
on the NFS client.
Now here is the trick... nfs-utils-1.2.5-7.fc17
has to be installed since it installs the correct
user level files to make all this work. If that
version is not install, the owner of all the files
on NFSv4 mounts will be our friend, Mr. nobody
Note, the key ring patch is a combination of two
patches that are currently swimming their way upstream.
Its needed because, if by chance, our friend Mr. nobody
does end up own some files, the key ring can be
manipulated (by nfsidmap) so a new id mapping can be created.
Steve Dickson (2):
Enabled the in-kernel idmapper.
keyring: allow special keyrings to be cleared
config-generic | 2 +-
kernel.spec | 6 ++
linux-3.1-keys-remove-specal-keyring.patch | 110 ++++++++++++++++++++++++++++
3 files changed, 117 insertions(+), 1 deletions(-)
create mode 100644 linux-3.1-keys-remove-specal-keyring.patch
--
1.7.7.3
Show replies by thread