RHBA-2021:1463 - Bug Fix Advisory

Topic

Updated nfs-ganesha packages that fix several bugs and adds various enhancements are now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 8.

Description

Red Hat Gluster Storage is software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.

This advisory fixes the following bugs:

• Previously, applications based on gfapi such as, gluster-block or samba malfunctioned or crashed in some cases due to a memory corruption bug. With this update, this issue is resolved. (BZ#1725716)
• With this update,`ganesha.nfsd` can be run as a non-root user. Running as a non- root user, ensures less vulnerability to privilege escalation attacks. Additionally, container frameworks prefer to run daemons as non-root. (BZ#1439117)
• Previously, the local RPCBIND service got stuck as the connected sockets were not closed properly and hence caused failures. With this update, the sockets are closing properly when not needed and the system works as expected. (BZ#1898998)
• The `nfs-ganesha` package has been upgraded to upstream version 3.4, which provides a number of bug fixes and enhancements over the previous version, for better performance and greater stability. (BZ#1769357)
• Previously, NFSV3 UDP client mounts failed due to incorrect source address in the mount reply as controlmsg and pktinfo were truncated in rcvmsg(2). With this update, the handling of controlmsg is revised and the correct source address is now returned in the mount reply. (BZ#1843921)
• Previously, ganesha crashed due to certain NFSv3 locking operations. With this update, locking works correctly as the Refcount bug is fixed. (BZ#1901599)
• Previously, running ganesha.nfsd as a non root user resulted in attempts to create files(extracted from the tar file) or delete files that resulted in permission denied errors. NFS wire credentials were not being set in the lookup op ((FSAL_GLUSTER's lookup()); i.e. the wrong credentials like uid and gid were used to access files. With this update, ganesha.nfsd can be run as a non root user, and NFS clients can create and delete files. (BZ#1926133)
• Previously, `ganesha.nfsd` process got terminated because a new SELinux in RHEL8 triggered an AVC denial for the `/var/lib/nfs symlink`. The` /var/lib/nfs` directory was replaced by ganesha HA setup with a symlink to a directory on the gluster-shared-storage volume. With this update, an additional SELinux policy has been added to enable reading the symlink. As a result, `ganesha.nfsd` is now allowed to run. (BZ#1938050)

Users of nfs-ganesha with Red Hat Gluster Storage are advised to upgrade to
these updated packages.

Solution

Before applying this update, make sure all previously released erratas that are relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Gluster Storage Server for On-premise 3 for RHEL 8 x86_64

Fixes

• BZ - 1439117 - [RFE][Future Feature] [rhel8] NFS-Ganesha in RHGS - Run as non-root user
• BZ - 1725716 - [Ganesha] Ganesha crashed in syncop_stat () while running IO's and lookups from multiple clients (vers=v3 and v4.1)
• BZ - 1769357 - [RFE][REBASE]: [rhel8] nfs-ganesha: rebase to upstream ntirpc-3.x and nfs-ganesha-3.x
• BZ - 1843681 - [ERRATA] [rhel8] Verification test fails for /run/ganesha .....UG.. [tps:B] error
• BZ - 1898998 - [GSS] [rhel-8] rpcinfo -p localhost shows only nlockmgr version 4
• BZ - 1901599 - [nfs-ganesha] [rhel8] nfs-ganesha service goes in to failed state and a crash is noticed while running lock test
• BZ - 1903582 - [nfs-ganesha] [rhel 8] showmount -e command failing with error "rpc mount export: RPC: Timed out"
• BZ - 1926133 - [Ganesha] [rhel8] Linux untar on NFS mount point resulting in "Permission Denied" when ganesha is running as non-root user
• BZ - 1938050 - [rhel8][selinux] - NFS Ganesha goes to failed state on restarting the service due to one or more AVCs

CVEs

(none)

References

(none)