RHBA-2021:1459 - Bug Fix Advisory

Topic

Updated nfs-ganesha packages that fixes several bugs, and add various enhancements are now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 7.

Description

Red Hat Gluster Storage is software only scale-out storage solution that
provides flexible and affordable unstructured data storage. It unifies data
storage and infrastructure, increases performance, and improves
availability and manageability to meet enterprise-level storage challenges.

This advisory fixes the following bugs:

• Previously, the local RPCBIND service hung because the connected sockets were not closed properly, causing failures. With this update, the sockets are closed properly when not needed and the system works as expected. (BZ#1889506)
• With this update,`ganesha.nfsd` can be run as a non-root user. Running as a non- root user, ensures less vulnerability to privilege escalation attacks. Additionally container frameworks prefer to run daemons as non-root. (BZ#1934533)
• Previously, NFSV3 UDP client mounts failed due to incorrect source address in the mount reply as controlmsg and pktinfo were truncated in rcvmsg(2). With this update, the handling of controlmsg is revised and the mount reply returns the correct source address. (BZ#1782937)
• Previously, Ganesha crashed because of specific NFSv3 locking operations. With this update, locking works as expected and there are no crashes. (BZ#1902843)
• Previously, running ganesha.nfsd as a non root user resulted in attempts to create files(extracted from the tar file) or delete files that resulted in permission denied errors. NFS wire credentials were not being set in the lookup op FSAL_GLUSTER's lookup(); i.e. the wrong credentials like uid and gid were used to access files.

With this update, ganesha.nfsd can be run as a non root user and NFS clients can create and delete files. (BZ#1934536)

• The `nfs-ganesha` package has been upgraded to upstream version 3.4, which provides a number of bug fixes and enhancements over the previous version,for better performance and greater stability.(BZ#1907588)

Users of nfs-ganesha with Red Hat Gluster Storage are advised to upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64

Fixes

• BZ - 1889506 - [GSS] [rhel-7] rpcinfo -p localhost shows only nlockmgr version 4
• BZ - 1902843 - [nfs-ganesha] [rhel7] nfs-ganesha service goes in to failed state and a crash is noticed while running lock test
• BZ - 1903976 - [nfs-ganesha] [rhel 7] showmount -e command failing with error "rpc mount export: RPC: Timed out"
• BZ - 1907588 - [RFE][REBASE]: [rhel7] nfs-ganesha: rebase to upstream ntirpc-3.x and nfs-ganesha-3.x
• BZ - 1934531 - [ERRATA] [rhel7] Verification test fails for /run/ganesha .....UG.. [tps:B] error
• BZ - 1934533 - [RFE][Future Feature] [rhel7] NFS-Ganesha in RHGS - Run as non-root user
• BZ - 1934536 - [Ganesha] [rhel7] Linux untar on NFS mount point resulting in "Permission Denied" when ganesha is running as non-root user

CVEs

(none)

References

(none)