[Kimchi-devel] [PATCH] Doc: add work around to handle NFS root squash problem
Christy Perez
christy at linux.vnet.ibm.com
Tue Mar 18 17:16:29 UTC 2014
Was this ever applied? I'm seeing an issue with selinux and am wondering
if we need to also make some additional changes for NFS. I'll send out
an RFC shortly with more info.
Regards,
- Christy
On Wed, 2014-03-12 at 13:50 -0300, Aline Manera wrote:
> On 03/11/2014 07:05 AM, lvroyce at linux.vnet.ibm.com wrote:
> > From: Royce Lv <lvroyce at linux.vnet.ibm.com>
> >
> > Tested:
> > 1. make
> > 2. nfs pool and vm creation
> > Default NFS server export path is configured as root squash,
> > mapping root user to nobody.
> > This results:
> > 1. Root user cannot step into mount point if export path
> > does not allow other to read/execute.
> > So create volume will fail.
> > 2. Even with other permission open,
> > owner/group of volume created by root is still nobody/nogrp,
> > and qemu permission is denied on such img.
> > This work around instruct user to enable squash to given libvirt user
> > to address the above problems.
> >
> > Signed-off-by: Royce Lv <lvroyce at linux.vnet.ibm.com>
> > ---
> > docs/README.md | 9 ++++++++-
> > 1 file changed, 8 insertions(+), 1 deletion(-)
> >
> > diff --git a/docs/README.md b/docs/README.md
> > index 5721878..17abe78 100644
> > --- a/docs/README.md
> > +++ b/docs/README.md
> > @@ -146,8 +146,15 @@ new template using the "+" button in the upper right corner.
> > Known Issues
> > ------------
> >
> > -Kimchi is still experimental and should not be used in a production
> > +1. Kimchi is still experimental and should not be used in a production
> > environment.
> > +2. When you are using NFS as storage pool, check the nfs export path permission
> > +is configured as:
> > + (1) export path need to be squashed as kvm gid and libvirt uid:
> > + /my_export_path *(all_squash,anongid=<kvm-gid>, anonuid=<libvirt-uid>,rw,sync)
> > + So that root user can create volume with right user/group.
> > + (2) Chown of export path user as libvirt user, group as kvm group,
>
> There is an extra "user" word ^
>
> "Chown of export path as libvirt..."
>
> I can update it before applying if anyone has more comments
>
> > + In order to make sure all mapped user can get into the mount point.
> >
> > Participating
> > -------------
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>
More information about the Kimchi-devel
mailing list