Hi,
Le 22/09/2022 à 09:47, Simon Josefsson a écrit :
Hi.
I can't reproduce this with 0.8.2-2 nor recent 0.9.1-1, can you show me
your other /etc/gssproxy/*.conf? I suspect they are triggering
something. See my attempt to reproduce your problem below.
I do not try with 0.9.1-1 (that I would need to backport).
But I'm using 0.8.2-2 from stable and the problem is still here:
root@ge132116vm-1:/etc/gssproxy# tail -v -n +1 /etc/gssproxy/*.conf
==> /etc/gssproxy/24-nfs-server.conf <==
[service/nfs-server]
mechs = krb5
socket = /run/gssproxy.sock
cred_store = keytab:/etc/krb5.keytab
trusted = yes
kernel_nfsd = yes
euid = 0
==> /etc/gssproxy/99-nfs-client.conf <==
[service/nfs-client]
mechs = krb5
cred_store = keytab:/etc/krb5.keytab
cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_%U
#cred_store = ccache:FILE:/tmp/krb5cc_%U
cred_store = client_keytab:/var/lib/gssproxy/clients/%U.keytab
cred_usage = initiate
allow_any_uid = yes
trusted = yes
euid = 0
==> /etc/gssproxy/gssproxy.conf <==
[gssproxy]
debug=true
debug_level=2
root@ge132116vm-1:/etc/gssproxy# /etc/init.d/gssproxy restart
Restarting gssproxy (via systemctl): gssproxy.service.
root@ge132116vm-1:/etc/gssproxy# systemctl status gssproxy
● gssproxy.service - GSSAPI Proxy Daemon
Loaded: loaded (/lib/systemd/system/gssproxy.service; enabled; vendor
preset: enabled)
Drop-In: /etc/systemd/system/gssproxy.service.d
└─restart.conf
Active: activating (auto-restart) (Result: protocol) since Thu 2022-09-22
16:09:54 CEST; 3s ago
Process: 3360781 ExecStart=/usr/sbin/gssproxy -D (code=exited,
status=0/SUCCESS)
CPU: 29ms
root@ge132116vm-1:/etc/gssproxy# tail /var/log/syslog
Sep 22 16:10:04 ge132116vm-1 systemd[1]: Failed to start GSSAPI Proxy Daemon.
Sep 22 16:10:09 ge132116vm-1 systemd[1]: gssproxy.service: Scheduled restart
job, restart counter is at 4.
Sep 22 16:10:09 ge132116vm-1 systemd[1]: Stopped GSSAPI Proxy Daemon.
Sep 22 16:10:09 ge132116vm-1 systemd[1]: Starting GSSAPI Proxy Daemon...
Sep 22 16:10:09 ge132116vm-1 gssproxy[3360833]: [2022/09/22 14:10:09]: Debug
Enabled (level: 2)
Sep 22 16:10:09 ge132116vm-1 systemd[1]: gssproxy.service: New main PID 3360834
does not exist or is a zombie.
Sep 22 16:10:09 ge132116vm-1 gssproxy[3360834]: [2022/09/22 14:10:09]: Client
[2022/09/22 14:10:09]: (/usr/sbin/gssproxy) [2022/09/22 14:10:09]: connected
(fd = 10)[2022/09/22 14:10:09]: (pid = 3360834) (uid = 0) (gid = 0)
Sep 22 16:10:09 ge132116vm-1 kernel: [3550475.471227] gssproxy[3360834]:
segfault at 0 ip 00007fe129f9d53a sp 00007fff41a19460 error 4 in
libselinux.so.1[7fe129f97000+19000]
Sep 22 16:10:09 ge132116vm-1 kernel: [3550475.471274] Code: bf 01 00 00 00 31 ed e9
2e ff ff ff 4c 89 ff e8 6c 9b ff ff eb a2 66 2e 0f 1f 84 00 00 00 00 00 41 55 41 54
55 53 48 83 ec 08 <48> 8b 2f 48 8b 7d 00 48 85 ff 74 05 e8 45 9b ff ff 48 c7 45
00 00
Sep 22 16:10:21 ge132116vm-1 icinga2[4156100]: [2022-09-22 16:10:21 +0200]
information/RemoteCheckQueue: items: 0, rate: 0/s (12/min 60/5min 180/15min);
root@ge132116vm-1:/etc/gssproxy# systemctl cat gssproxy
# /lib/systemd/system/gssproxy.service
[Unit]
Description=GSSAPI Proxy Daemon
# GSSPROXY will not be started until syslog is
After=syslog.target
Before=nfs-secure.service nfs-secure-server.service
[Service]
Environment=KRB5RCACHEDIR=/var/lib/gssproxy/rcache
ExecStart=/usr/sbin/gssproxy -D
# These two should be used with traditional UNIX forking daemons
# consult systemd.service(5) for more details
Type=forking
PIDFile=/var/run/gssproxy.pid
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/gssproxy.service.d/restart.conf
[Service]
RemainAfterExit=no
GuessMainPID=yes
Restart=on-failure
RestartSec=5s
Removing the debug* line from /etc/gssproxy/gssproxy.conf allows
gssproxy to start.
Note: the machine is an NFS client, but not an NFS server.
And commenting out the NFS server conf file fix the problem:
root@ge132116vm-1:/etc/gssproxy# tail -v -n +1 /etc/gssproxy/*.conf
==> /etc/gssproxy/24-nfs-server.conf <==
#[service/nfs-server]
# mechs = krb5
# socket = /run/gssproxy.sock
# cred_store = keytab:/etc/krb5.keytab
# trusted = yes
# kernel_nfsd = yes
# euid = 0
==> /etc/gssproxy/99-nfs-client.conf <==
[service/nfs-client]
mechs = krb5
cred_store = keytab:/etc/krb5.keytab
cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_%U
#cred_store = ccache:FILE:/tmp/krb5cc_%U
cred_store = client_keytab:/var/lib/gssproxy/clients/%U.keytab
cred_usage = initiate
allow_any_uid = yes
trusted = yes
euid = 0
==> /etc/gssproxy/gssproxy.conf <==
[gssproxy]
debug=true
debug_level=2
root@ge132116vm-1:/etc/gssproxy# /etc/init.d/gssproxy restart
Restarting gssproxy (via systemctl): gssproxy.service.
root@ge132116vm-1:/etc/gssproxy# systemctl status gssproxy
● gssproxy.service - GSSAPI Proxy Daemon
Loaded: loaded (/lib/systemd/system/gssproxy.service; enabled; vendor
preset: enabled)
Drop-In: /etc/systemd/system/gssproxy.service.d
└─restart.conf
Active: active (running) since Thu 2022-09-22 16:16:59 CEST; 7s ago
Process: 3361785 ExecStart=/usr/sbin/gssproxy -D (code=exited,
status=0/SUCCESS)
Main PID: 3361786 (gssproxy)
Tasks: 6 (limit: 129664)
Memory: 820.0K
CPU: 24ms
CGroup: /system.slice/gssproxy.service
└─3361786 /usr/sbin/gssproxy -D
Sep 22 16:16:59 ge132116vm-1 systemd[1]: Starting GSSAPI Proxy Daemon...
Sep 22 16:16:59 ge132116vm-1 gssproxy[3361785]: Error when reading config
directory: File /etc/gssproxy/gssproxy.conf did not match provided patterns.
Skipping.
Sep 22 16:16:59 ge132116vm-1 gssproxy[3361785]: Error when reading config
directory: No sections found in file /etc/gssproxy/24-nfs-server.conf. Skipping.
Sep 22 16:16:59 ge132116vm-1 gssproxy[3361785]: [2022/09/22 14:16:59]: Debug
Enabled (level: 2)
Sep 22 16:16:59 ge132116vm-1 systemd[1]: Started GSSAPI Proxy Daemon.
/etc/gssproxy/24-nfs-server.conf was coming from a previous version
of gssproxy. If I remember, this file is not provided anymore by the
gssproxy package (but it has not been removed on upgrade, perhaps
because it is provided by another package?)
Regards
Vincent
