| Message ID | 20221126095550.174062-1-joachim.falk@gmx.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | auth-rpcgss-module.service: Don't fail inside linux container. | expand |
On 11/26/22 4:55 AM, Joachim Falk wrote: > Only try to load the auth_rpcgss kernel module if we are not executing > inside a Linux container. Otherwise, the auth-rpcgss-module service will > fail inside a Linux container as the loading of kernel modules is > forbidden for the container. Thus, the "/sbin/modprobe -q auth_rpcgss" > call will fail even if the auth_rpcgss kernel module is already loaded. > This situation occurs when the container host has already loaded the > auth_rpcgss kernel module to enable kerberized NFS service for its > containers. This behavior has been tested with kmod up to version > 30+20220630-3 (current in bookworm as of 2022-09-20). > > Bug-Debian: http://bugs.debian.org/985000 > Discussion-Debian: https://salsa.debian.org/kernel-team/nfs-utils/-/merge_requests/7 > > Signed-off-by: Joachim Falk <joachim.falk@gmx.de> Committed... (tag: nfs-utils-2-6-3-rc5) steved. > --- > systemd/auth-rpcgss-module.service | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/systemd/auth-rpcgss-module.service b/systemd/auth-rpcgss-module.service > index 45482833..25c9de80 100644 > --- a/systemd/auth-rpcgss-module.service > +++ b/systemd/auth-rpcgss-module.service > @@ -10,6 +10,7 @@ DefaultDependencies=no > Before=gssproxy.service rpc-svcgssd.service rpc-gssd.service > Wants=gssproxy.service rpc-svcgssd.service rpc-gssd.service > ConditionPathExists=/etc/krb5.keytab > +ConditionVirtualization=!container > > [Service] > Type=oneshot > -- > 2.35.1 >
diff --git a/systemd/auth-rpcgss-module.service b/systemd/auth-rpcgss-module.service index 45482833..25c9de80 100644 --- a/systemd/auth-rpcgss-module.service +++ b/systemd/auth-rpcgss-module.service @@ -10,6 +10,7 @@ DefaultDependencies=no Before=gssproxy.service rpc-svcgssd.service rpc-gssd.service Wants=gssproxy.service rpc-svcgssd.service rpc-gssd.service ConditionPathExists=/etc/krb5.keytab +ConditionVirtualization=!container [Service] Type=oneshot
Only try to load the auth_rpcgss kernel module if we are not executing inside a Linux container. Otherwise, the auth-rpcgss-module service will fail inside a Linux container as the loading of kernel modules is forbidden for the container. Thus, the "/sbin/modprobe -q auth_rpcgss" call will fail even if the auth_rpcgss kernel module is already loaded. This situation occurs when the container host has already loaded the auth_rpcgss kernel module to enable kerberized NFS service for its containers. This behavior has been tested with kmod up to version 30+20220630-3 (current in bookworm as of 2022-09-20). Bug-Debian: http://bugs.debian.org/985000 Discussion-Debian: https://salsa.debian.org/kernel-team/nfs-utils/-/merge_requests/7 Signed-off-by: Joachim Falk <joachim.falk@gmx.de> --- systemd/auth-rpcgss-module.service | 1 + 1 file changed, 1 insertion(+) -- 2.35.1