Re: [PATCH] auth-rpcgss-module.service: Don't fail inside linux container.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 11/26/22 4:55 AM, Joachim Falk wrote:
Only try to load the auth_rpcgss kernel module if we are not executing
inside a Linux container. Otherwise, the auth-rpcgss-module service will
fail inside a Linux container as the loading of kernel modules is
forbidden for the container. Thus, the "/sbin/modprobe -q auth_rpcgss"
call will fail even if the auth_rpcgss kernel module is already loaded.
This situation occurs when the container host has already loaded the
auth_rpcgss kernel module to enable kerberized NFS service for its
containers. This behavior has been tested with kmod up to version
30+20220630-3 (current in bookworm as of 2022-09-20).

Bug-Debian: http://bugs.debian.org/985000
Discussion-Debian: https://salsa.debian.org/kernel-team/nfs-utils/-/merge_requests/7

Signed-off-by: Joachim Falk <joachim.falk@xxxxxx>
Committed... (tag: nfs-utils-2-6-3-rc5)

steved.
---
  systemd/auth-rpcgss-module.service | 1 +
  1 file changed, 1 insertion(+)

diff --git a/systemd/auth-rpcgss-module.service b/systemd/auth-rpcgss-module.service
index 45482833..25c9de80 100644
--- a/systemd/auth-rpcgss-module.service
+++ b/systemd/auth-rpcgss-module.service
@@ -10,6 +10,7 @@ DefaultDependencies=no
  Before=gssproxy.service rpc-svcgssd.service rpc-gssd.service
  Wants=gssproxy.service rpc-svcgssd.service rpc-gssd.service
  ConditionPathExists=/etc/krb5.keytab
+ConditionVirtualization=!container

  [Service]
  Type=oneshot
--
2.35.1





[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux